Manu Sharma, cyber security expert at Grant Thornton UK LLP, commented:
“Today’s global cyber attack (27 June 2017) has seen a number of businesses, public institutions and some major infrastructure facilities, such as airports and metro systems, badly affected, causing disruption across the world – for the second time in as many months.
“This malware is believed to be a strain of 'Petya' or 'Petyawrap' ransomware which was reported over a year ago but it is now being known as 'Notpetya' by Kaspersky Labs and has been seen to spread through phishing emails to its victims. The ransomware is similar to the ‘WannaCry’ virus which last month struck the NHS, amongst other international institutions, but does not appear to have the same features, including the internal kill switch designed to stop the ransomware if needed.
“Our advice for those affected by 'Notpetya' is to not pay the ransom. The ransomware attempts to connect back to a server hosted by the hosting company 'posteo'. The hosting provider noticed the unusual activity on the account and the account was shut down immediately.
“Organisations need to also ensure their antivirus and endpoint security solutions are configured to automatically update so that when the antivirus providers release definition updates for 'NotPetya' it is quarantined safely. Organisations that have not been attacked should also make sure that Microsoft Windows Security updates are fully updated and applied to their environment to help prevent further copycat ransomware attacks that could be seen in the near future.
“Organisations that have been affected, or are unsure if they have been infected, should seek immediate assistance from cyber security experts.”