A ransomware variant reportedly called "Petya" hit computer systems across the globe June 27, compromising government systems in Ukraine and operations at a Pennsylvania health system, among other targets.
Here are five things to know about the ransomware attack.
1. Petya, which charges its targets $300 to unencrypt their files, appears to leverage the same Windows vulnerability used in the WannaCry ransomware attack that spread worldwide in May, according to The Hill. The ransomware variants both exploit a vulnerability developed by the U.S. National Security Agency, which was released online by the hacker group Shadow Brokers in April.
2. The ransomware began by targeting government and business computer systems in Ukraine, according to The New York Times. Petya reportedly hit Ukraine's infrastructure ministry, postal service and national railway company. The ransomware went on to attack computer systems across the globe, including Danish shipping conglomerate Maersk and a Cadbury chocolate factory in Australia.
3. The U.S. was reportedly hit by Petya later than other countries because the ransomware attack began before the U.S. workday started on Tuesday, according to The Hill. Nuance Communications, a voice and language solutions provider, confirmed on June 28 portions of its network were likewise affected by the global malware incident.
Merck was the first major U.S. company to acknowledge Petya had compromised its systems. "We confirm our company's computer network was compromised today as part of [a] global hack. Other organizations have also been affected," company officials wrote on Twitter June 27. "We are investigating the matter and will provide additional information as we learn more."
4. Beaver, Pa.-based Heritage Valley Health System was also a U.S. target of the attack. The cyberattack caused health system officials to cancel operations at its facilities in Beaver; Sewickley, Pa.; and at its various satellite locations, according to The New York Times. Surgeons continued the cancelation of some operations for a second day June 28, The Wall Street Journal reports.
Heritage Valley Health System officials confirmed the ransomware attack on its systems "[had] been identified as the same ransomware attack that affected a number of organizations globally," TribLive.com reports.
5. Security experts say it is unclear who deployed the ransomware, however, 30 targets had paid the ransom as of June 27 afternoon, The New York Times reports. A Department of Homeland Security spokesperson told The New York Times in a statement: "The Department of Homeland Security is monitoring reports of cyberattacks affecting multiple global entities and is coordinating with our international and domestic cyber partners."