The computer virus that massively affected dozens of companies and institutions in the world since June 27, first in Russia and Ukraine, then spreading to Asia and Australia on Wednesday, is a new variant of ransomware called Nyetya, Cisco technology said.
Cisco's Talos cyber security division reported that its research shows that this strain of computer virus "uses the same Eternal Blue exploit - a vulnerability used by the US National Security Agency (NSA) - and other weaknesses of Microsoft's operating system to spread."
Thalos cybersecurity executive Craig Williams told EFE that Nyetya is also very similar to WannaCry, the ransomware that affected 200,000 people in 150 countries in May, encrypting data on infected computers and asking for a ransom to recover them.
However, in the case of the virus emerging on Tuesday, which is quite "different" from the Petya virus, its infection "will spread very quickly if the 'bad guys' behind it decide to do so," Williams said.
On Wednesday several companies in the Asia Pacific region, like the Mondelez owned Cadbury chocolate factory in Hobart, Tasmania, and the global law firm DLA Piper were affected.
The Hong Kong website of DLA Piper published an important note to clients saying "We are currently dealing with a serious global cyber incident." adding that "We have taken down our systems as a precautionary measure which will mean you are currently unable to contact us by email or landline."
According to Cisco, Nyetya is "WannaCry's bad cousin" and "initial vector identification has shown that the virus is more defiant."
Williams ruled out that "an e-mail vector" was the initial propagation factor. Some of the affected companies and institutions have claimed that the virus has disabled their e-mails and, therefore, prevented them from contacting the cybercriminals to recover their information after their computers were disconnected.
The Cisco executive explained that the threat does not have "a known, viable external spreading mechanism - such as the Internet," so "it is possible that some infections may be associated with software update systems for a Ukrainian tax accounting package called MeDoc."
Ukraine has been the country initially most damaged by this cyber attack, and its authorities have been quick to blame Moscow for everything, despite the fact that there are several Russian state-owned companies and banks among the victims as well.
Among those affected in Ukraine are the computer networks of the government, the Kiev City Council, dozens of state and private banking entities, public transport systems, media, and telecommunications companies.
The computer crime department of the National Police of Ukraine has received more than 200 complaints from public institutions, companies and private users.
In Russia, among the victims of the attack is the oil giant Rosneft, one of the first to report that their servers were hacked.
Williams, currently attending Cisco Live!, the annual technology conference in Las Vegas, USA, did not rule out the idea that the virus would spread to other parts of the world, and noted that several countries, especially Europeans, have already found traces of cyber attack in their systems.
Williams said that since Tuesday morning the Cisco Cybersecurity unit is also analyzing another cyber threat, but declined to reveal details, saying that it is still under investigation.