Latest Ransomware Attack Spans Globe from Ukraine to Europe, U.S.

The second major global cyberattack in two months swept across the globe on Tuesday in what the Journal described as a “confidence-shaking” episode. Dubbed Petya, it bore similarities to the WannaCry ransomware attack in May, yet in some ways was more insidious, exposing fresh weaknesses in systems from the Ukraine to Russia, Europe and the U.S. Researchers were still investigating the source of the attack on late Tuesday, as victims confronted messages that said digital files were locked and being held for ransom. One theory suggested that the attack was meant to target an entire class of companies in an economic assault on Ukraine.

“But companies investigating the outbreak say that a software update from Kiev-based [tax software maker] Intellekt Servis was a principal—and inadvertent—source. The company described itself as a victim of Tuesday’s attack, saying the virus had disrupted its own operations. It said that when it released its latest software on June 22 it didn’t contain any virus,” the Journal reports. “Some experts disagreed with that assessment. The software was pushed out to customers five days ago and then quietly spread within corporate networks before being triggered on Tuesday, said Craig Williams, security outreach manager with Cisco Systems Inc. … Kaspersky Lab ZAO … also cited Intellekt Servis as a main source of the outbreak but saw no evidence of triggering mechanism.”

The motivation behind the attack may have been political and economic, and tied to the turmoil in Ukraine, according to one theory. “I think not only is it out there trying to make a profit, but it’s also making a very clear political statement: it’s intentionally trying to damage businesses that interact with the Ukrainian tax system, “ Mr. Williams said.

More From The Wall Street Journal (subscription required):