A month after the WannaCry ransomware attack paralyzed connected systems worldwide, a new threat appears to be spreading quickly.
As reports emerge, today’s attack paints a picture of businesses and governments around the world held hostage by a second major wave of ransomware, a kind of software that hijacks computerized systems and demands payment, often in bitcoin, to unlock them.
Initially it appeared that the ransomware might center on Ukraine, though reports since then have confirmed that it also is affecting systems in Spain, France, Russia and India. Anecdotally, many more countries may be affected as governments and businesses around the world find themselves locked out of their own machines.
Unpatched PC's were hit again by #Petya #ransomeware.
POS, Banks, ATMs, Airport, GOV, Media companies, Metro, Cargo, Post…#Eternalblue pic.twitter.com/4n0VosQDuz— Lukas Stefanko (@LukasStefanko) June 27, 2017
Some of our gov agencies, private firms were hit by a virus. No need to panic, we’re putting utmost efforts to tackle the issue 👌 pic.twitter.com/RsDnwZD5Oj
Techcrunch eventJoin 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss the 20th anniversary of TechCrunch, and a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
San Francisco | October 27-29, 2025— Ukraine / Україна (@Ukraine) June 27, 2017
According to a researcher at Kaspersky Lab, the ransomware appears to employ a forged Microsoft digital signature that exploits a Microsoft Office vulnerability that security firm FireEye discovered in April. So far, the ransomware appears to have targeted a number of global banks, including Russia’s Rosneft and Ukraine’s state-owned Oschadbank.
Update: Some reports suggest that confusion about a simultaneous incident in Ukraine means that the global attack may not actually be using Microsoft’s CVE-2017-0199 vulnerability.
https://twitter.com/craiu/status/879690795946827776
Symantec analysts have confirmed #Petya #ransomware, like #WannaCry, is using #EternalBlue exploit to spread
— Threat Intelligence (@threatintel) June 27, 2017
Early reports suggest that like WannaCry, Petya is using the leaked NSA exploit known as EternalBlue to spread. The ransomware known as Petya (also called Petrwrap) is well known to security researchers and may have been commercially available on dark web software exchanges for some time.
Petya was known to be RaaS (Ransomware-as-a-Service), selling on Tor hidden services. Looks like WannaCry copycat. Attribution will be hard. pic.twitter.com/W5voMeNx9I
— x0rz (@x0rz) June 27, 2017
Everything about this situation indicates that plenty of governments and companies around the world didn’t take WannaCry seriously, failed to patch their systems and are now paying the price.
