A massive cyberattack that freezes computers and demands a ransom to open them has hit companies in the U.S. and elsewhere around the world today, U.S. officials and private cybersecurity analysts said.
Among the American targets are the giant Merck pharmaceutical company in New Jersey; the Mondelez food company, which produces Oreo cookies; and a major multinational law firm, DLA Piper.
The ransomware attack used a global spam campaign to trick computer users into downloading malicious software that locks them out of their devices until they pay $300 in Bitcoin. According to the cybersecurity firm Kaspersky Lab, the attack has affected about 2,000 users in at least 11 different countries so far, with organizations in Russia and the Ukraine the most affected.
While several researchers identified the virus as a derivative of the “Petya” ransomware, Kaspersky Lab, which congressional sources told ABC News is itself under FBI scrutiny, disputed that assessment, concluding that the virus was “a new ransomware that has not been seen before” and dubbing it “NotPetya.”
Unlike the WannaCry virus attack in May, which seized control of hundreds of thousands of computers and spread disruption around the world, researchers told ABC News that today’s ransomware has no known kill switch, which was used to limit the WannaCry attack.
The virus does, however, appear to be using the leaked hacking tools EternalBlue or DoublePulsar developed by the U.S. National Security Agency to exploit a vulnerability in Microsoft Windows to spread quickly throughout corporate networks with outdated security software.
“Many researchers are seeing evidence that the NSA exploits are being used to propagate this,” John Bambenek of Fidelis Cybersecurity told ABC News. “But in this case it’s a whack-a-mole defense. There’s nothing that would shut it down.”
Early reports indicated the virus affected major companies in Russia and Ukraine as well as the world’s…