Security major Cisco labels new virus variant 'Nyetya', says its initial identification shows it is more defiant
A laptop displays a message after being infected by a ransomware as part of the cyberattack. PIC/AFP
The computer virus that is affecting companies and institutions around the world is a new variant of ransomware called Nyetya – WannaCry's bad cousin – according to networking and security major Cisco. The new cyber attack was spreading to Asia and Australia on Wednesday.
Cisco's Talos cyber security division reported that its research shows that this strain of computer virus "uses the same Eternal Blue exploit – a vulnerability used by the US National Security Agency (NSA) – and other weaknesses of Microsoft's operating system to spread," Efe news reported.
Nyetya is also very similar to WannaCry, the ransomware that affected 150 countries in May, encrypting data on infected computers and asking for a ransom to recover them, said Talos cybersecurity executive Craig Williams. However, in the case of the virus emerging on Tuesday, which is quite "different" from the Petya virus, its infection "will spread very quickly if the 'bad guys' behind it decide to do so," Williams said. According to Cisco, Nyetya is "WannaCry's bad cousin" and "initial vector identification has shown that the virus is more defiant." The threat does not have "a known, viable external spreading mechanism," so, "it is possible that some infections may be associated with software update systems for Ukrainian tax accounting package called MeDoc," according to Williams.
Attack halted in Ukraine
The massive global cyberattack, which began in Ukraine against its institutions and corporate networks has been halted, authorities said. According to a government statement, all enterprises, including state-owned ones, were now operating normally. The situation was "under the full control" of cybersecurity specialists who were working to recover lost data, the government said.
US prepared to help
The US government is preparing to help any institution affected by the new cyber attack, officials said. Department of Homeland Security spokesman Scott McConnell refused to explain if US firms or infrastructure have been affected, but said that the government is in communication with its international partners and is ready to provide help.