UPDATED: Global ransomware attack hits Merck, health system after thrashing Europe

The virulent Petya strain spread by infected email attachments that can reboot and shutdown computers, is wreaking havoc across the globe -- with Ukraine hit the hardest.
By Jessica Davis
12:17 PM

A massive, data-scrambling ransomware attack is sweeping across Europe and causing mass disruption, the AP reports.

Global pharma giant Merck confirmed via Twitter that its computer network was compromised as part of the massive ransomware campaign. Company officials said the incident is under investigation.

Pennsylvania-based Heritage Valley Health System's network was also hit with the attack, officials told CBS Pittsburgh. The incident is spread throughout the $480 network, including satellite and community locations. The health system is running on downtime procedures to ensure there's no disruption to care.

Ukraine is being hit the hardest, with both company and government officials reporting serious intrusions at the Ukraine power grid, banks and government offices. The darkened computer screens read: “The whole network is down.”

Russia-based Rosneft Oil Company, Denmark-based shipping giant A.P Moller Maersk also fell victim to the hacking. Container shop terminals in Rotterdam run by Maersk were affected, which officials said could have led to serious consequences. However, the company was able to switch to a reserve control system.

“We are talking about a cyberattack,” said Anders Rosendahl, a spokesman Maersk told AP. “It has affected all branches of our business, at home and abroad.”

The number of victims is rapidly increasing, and it’s quickly turning into a crisis -- much like May’s WannaCry attack that shut down networks across 150 countries. Security experts at Bleeping Computer say the virus is already running rampant in the U.K., India, the Netherlands and Spain, among others.

The security researchers said it’s currently not as big as WannaCry, but the volume is considerable.

At the moment, there is little information to who might be responsible for the attack, but security experts are certain it’s ransomware. The strain is most likely Petya, which encrypts Master File Tree (MTF) tables and overwrite the Master Boot Record.

The virus is known to be much more intrusive than other ransomware strains, as it reboots systems and prevents computers from working. It’s spread by email through infected Microsoft Office documents. These documents execute the SMB worm and spreads to other computers (much like WannaCry).

As for why the strain has suddenly become more virulent, Bleeping Computer said it’s likely the Petya author was inspired by the WannaCry attacks. So far the attackers have already pocketed $2,000 -- the amount it took WannaCry actors to make in a day.

Most of Europe is still attempting to recover from WannaCry. The U.K. National Health Service was one of the hardest organizations hit, with over 20 percent of its trusts shut down by the virus. Security experts recently told Congress that WannaCry is still attempting to hack into unpatched systems and that these types of attacks were inevitable.

We will update the story as more information becomes available.

Healthcare IT year in review

This was one of our most popular stories of the year.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.