New cyber attack 'ten times' worse than WannaCry

A cyber attack currently wreaking havoc with businesses including the world’s largest advertising agency and container shipping company could prove ten times as costly as the WannaCry attack last month, experts have said. 

The latest attack, known as Petya, struck first in Ukraine and has since spread to countries including Britain, France, Spain and the US. It demands payment of $300 (£230) in bitcoin.

It is understood to be similar to the ransomware attack that recently hit the NHS, affecting 200,000 machines across 150 countries. 

Graeme Newman, chief innovation officer at CFC Underwriting warned that the impact of the latest incident would be much more severe.

“In actual terms, [WannaCry] inflicted relatively little damage. Petya, however, seems to be different.

“This new breed of ransomware looks much more dangerous.  Early indications suggest that this could cost organisations ten times more than WannaCry.”

“In terms of its global impact, we’re already seeing claims coming in from the US and are bracing ourselves for claims from other countries in the next few hours.”

Companies affected include US drug giant Merck, law firm DLA Piper as well as WPP and Maersk.

Ransomware accounted for 20.5% of CFC claims in the first quarter of 2017 – up from 12.9% year on year. 

Newman said last month that only 10% of UK companies were covered against a WannaCry or ransomware attack, including from internal sources.

“Fighting ransomware becomes a much more complex battle… considering that the cost of the ransom can actually be minimal compared to the cost of the ‘clean up’ operation,” he said.

Early indications suggest that this could cost organisations ten times more than WannaCry.

Sources said some insurers cover ransoms for their clients, raising concerns that criminals were effectively being incentivised to orchestrate cyber attacks. 

“Several insurers have been paying ransoms when insured are hit by ransomware as a quick way of resolving the issue,’ said Mark Hawksworth, Global Technology Specialist Practice Group Leader at Cunningham Lindsey.

“This only funds the cyber criminals and the short term gain can quickly turn painful if a firm is added to a ‘sucker-list’ by cyber criminals, indicating that you are susceptible to ransom.” 

Small brokers are the most vulnerable businesses in the insurance market. 

“Claims for this type of attack can quickly spiral out of control when the costs of system damage and business interruption are tallied. It’s easy to see how this new wave of attacks could end up costing businesses millions,” said Newman.

Security expert Chris Wysopal told the BBC that Petya was exploiting some of the same Windows operating system vulnerabilities as WannaCry. He said that because WannaCry was tackled so quickly these loopholes had not been addressed. He added the risk was most challenging for systems that could not experience down time, such as airports, and said that only two vendors polled had detected the virus. 

WannaCry was eventually contained when it was discovered that the virus was attached to a root domain, which was subsequently shut down. Experts warned that more sophisticated capabilities already exist which would make containing the spread more difficult.

Matthieu Suiche, a security researcher who helped created the “kill switch” that stopped WannaCry from spreading, told the New York Times the latest attack was an improved and more lethal version of the malware. He added that WannaCry had attempted to hit another 80,000 organizations in the past week.

Data protection and security is already high on the agenda for insurers ahead of sweeping regulatory changes, known as the GDPR, due to come into effect in May next year.

To learn more about cyber, you can register your interest to join our Cyber Insight 2017 event.