Skip to main content

What to know about this global cyber attack

Researchers think it could be a malware that's been sold on the dark web's black market.

There's another global cyber attack happening, and so far it's hit airports, power companies, banks, a hospital, a Russian oil giant and others.

This is once again a ransomware – so when the malware gets into a computer it encrypts the files, takes over, and tells the user they need to pay up to get their files back. So it's like the WannaCry ransomware that hit more than 200,000 computers last month.

But this one also overwrites a key portion of your main hard drive, Symantec explains – meaning it's more complicated.

This newly unleashed malware then forces the computer to restart, ByteDefener says, and when it boots back up you get this:

It's a demand to send $300 in Bitcoin (that's about .12 Bitcoins) to a digital wallet. And then the hackers will let you unlock all your files ... allegedly. Though people have doubts.

You can actually track Bitcoin wallets to see activity. Blockchain says that particular address has received more than 2.786 Bitcoins – which is over $6,500.

Where it's hit so far

Most of the infections recorded so far have been in the Ukraine and Russian Federation, with Poland, Germany and Italy behind it, according to Kaspersky analyst Costin Raiu. It's showed up on ATMs, at grocery stores, and a hospital system in Pittsburgh.

Maybe the biggest U.S. company hit is Merck: a pharma business based in New Jersey.

But there are rumblings about more infections, like this leading law firm based in Washington, D.C.

Kaspersky Lab said at 12:12 p.m. that it had detected more than 2,000 users attacked with this ransomware so far Tuesday, and called it a "complex attack."

Update: It's worth noting, as Malware Tech points out, this attack only spreads to computers on the same local network – it doesn't appear to get sent over the internet to random users.

"I.e. you are extremely unlikely to be infected if you’re not on the same network as someone who was already infected," the site writes.

Nobody's quite sure what it is yet

A lot of researchers and cybersecurity groups, such as Symantec, think it's some variant of Petya, aka PetrWrap – a malware that first popped up in 2016 and has been sold on the dark web's black market. ByteDefender also refers to it as Goldeneye.

But there are still questions about what it is, and Kaspersky is one of the firms tweeting #NotPetya to try to make that point.

Researchers (such as Talos Intelligence), though, seem pretty sure that it manages to infect computers using an exploit called EternalBlue (the same security hole that WannaCry used). EternalBlue is said to have been developed by the NSA, then leaked publicly by a group of hackers.

Then there's the question of how it got to a user's computer in the first place. Email might have been involved, well-known researcher MalwareTechBlog tweeted. But there were likely other ways in, possibly including a financial software known as MeDOC.

So ... what should I do?

If you're using a Windows computer, make sure you've downloaded all the security updates. Microsoft patched that EternalBlue issue months ago.

But there's some worry about how far this might spread.

WannaCry was only slowed down when a researcher – the above-mentioned MalwareTechBlog – accidentally found the kill switch.

But as WIRED notes, this Petya/PetrWrap/Goldeneye ransomware doesn't appear to have any type of kill switch built in.

"After a host is infected, there is no communication from the malware back to the attacker," PaloAlto Networks writes.

Next Up


80 mph winds, large hail possible with severe storms in MN

A severe thunderstorm watch is in effect for much of the state until 3 a.m. Saturday.


30 people evacuated as flooding hammers small town

It's assumed that at least eight inches of rain fell in Randall, with more heavy rain expected Friday night into Saturday morning.

Intersection in Rochester.

Boy dies in motorcycle crash in Rochester

Police are investigating as of Friday afternoon.

Tab2FileL (13)

Numerous severe storms likely in Minnesota Friday night

Watch the video for the full details with meteorologist Sven Sundgaard.

court room

Teen pleads guilty in shooting death of 15-year-old girl in Columbia Heights

Damico Jamal-Tokyo High will receive a sentence in juvenile court, along with an adult prison sentence.

Screen Shot 2022-04-25 at 11.00.01 AM

Walz wants to use surplus money to send direct payments to Minnesotans

It's a renewed effort from a previous proposal from Walz and Lt. Gov. Peggy Flanagan's supplemental budget in January.

Ron Johnson

Jan. 6 committee says aide for WI senator tried to give fake elector info to Pence

The attempt was discovered through text messages in the ongoing public hearing held by the Jan. 6 select committee.

Stock U of M sign

Minnesota state colleges boosting tuition again by 3.5%

The Minnesota State system's Board of Trustee's approved the increase Wednesday.


Minnesota's COVID-19 update for Friday, June 24

The next daily update will be provided Monday, June 27.

Pro choice rally

Walz, Jensen react to historic Supreme Court reversal of Roe v. Wade

After voting to overturn Roe, conservative Justice Clarence Thomas has hinted contraception and same-sex marriage protections should follow.

16362 County Rd 81, Maple Grove, Minnesota - October 2021 (4)

2-year-old killed in crash on County Road 81 in Maple Grove

The crash occurred Thursday evening on County Road 81.

police tape

BCA issues new details about St. Michael standoff, shooting

New details say a St. Cloud police officer struck the suspect with gunfire.


'Accidental hero' slowed the global ransomware attack – but it might not be over

The malware locks up your computer and threatens to wipe your files, unless you pay $300 in bitcoin.

A cyber attack is holding computers around the world for ransom

One malware site says this WannaCry attack has been detected in 99 countries.

How safe from a ransomware attack are Minnesota's government computers?

WannaCry ransomware has been detected across more than 200,000 computers in 100-plus countries. So how protected is Minnesota?

Video: What you need to know about ransomware and protecting your stuff

WannaCry isn't the only one out there, so it's best to be prepared.

Russian hacker admits to helping infect thousands of servers – including in MN

Get ready to learn about Ebury malware, and how it was used to get millions of dollars.

Minnesota internet provider says it will never sell your browsing history

"We have never sold member web browsing history and have no plans to do so in the future," said the ISP's CEO.

Do you know when Uber is tracking your location?

We know apps collect data about us. But how much, and how is it being used?

How big a deal is this hack of Minnesota government and MSU Moorhead servers?

Email addresses, encrypted passwords, user IDS – what someone could do with the information.