The virus even downed systems at the site of the former Chernobyl nuclear power plant , forcing scientists to monitor radiation levels manually . Cyberattacks also spread as far as India and the United States , where the pharmaceutical giant Merck reported on Twitter that “ our company ’ s computer network was compromised today as part of global hack. ” The New Jersey-based company said it was investigating the attack . Cyber researchers say that the virus , which was linked to malware called Petrwrap or Petya , used an “ exploit ” developed by the National Security Agency that was later l eaked Attack.Databreachonto the Internet by hackers . It is the second massive attack in the past two months to turn powerful U.S. exploits against the IT infrastructure that supports national governments and corporations . The onslaught of r ansomware attacks Attack.Ransommay be the “ new normal , ” said Mark Graff , the chief executive of Tellagraff , a cybersecurity company . “ The emergence of Petya and WannaCry really points out the need for a response plan and a policy on what companies are going to do about ransomware , ” he said . T he attack Attack.Ransommainly targeted Eastern Europe but also h it Attack.Ransomcompanies in Spain , Denmark , Norway and Britain . Victims included the British advertising and marketing multinational WPP and a shipping company , APM Terminals , based at the port of Rotterdam . But the damage was worst in Ukraine . Researchers at Kaspersky Lab ’ s Global Research and Analysis Team , in Russia , estimated that 60 percent of infected computers were in Ukraine and 30 percent in Russia . The hacks targeted government ministries , banks , utilities and other important infrastructure and companies nationwide , d emanding ransoms Attack.Ransomfrom government employees in the cryptocurrency bitcoin . The hacks ’ scale and the use of ransomware recalled the massive cyberattack in May in which hackers possibly linked to North Korea disabled computers in more than 150 nations using a flaw that was once incorporated into the National Security Agency ’ s surveillance tool kit . Cyber researchers have tied the vulnerability exploited by Petya to the one used by WannaCry — a weakness d iscovered Vulnerability-related.DiscoverVulnerabilityby the NSA years ago that the agency turned into a hacking tool dubbed EternalBlue . Petya , like WannaCry , is a worm that spreads quickly to vulnerable systems , said Bill Wright , senior policy counsel for Symantec , the world ’ s largest cybersecurity firm . But that makes it difficult to control — or to aim at anyone in particular , he said . “ Once you unleash something that propagates in this manner , it ’ s impossible to control , ” he said . Although Microsoft in March m ade available Vulnerability-related.PatchVulnerabilitya patch for the Windows flaw that EternalBlue exploited , Petya uses other techniques to infect systems , said Jeff Greene , Symantec government affairs director .
The exploit , which h as now been patched,Vulnerability-related.PatchVulnerabilityaffected customers banking with hundreds of financial institutions US-based financial services firm Fiserv h as just fixed Vulnerability-related.PatchVulnerabilitya flaw in its web platform that exposed the personal and financial details of a vast number of banking customers . With more than 12,000 clients across the world using the company 's services , it is hard to establish how many customers ' details w ere exposed Attack.Databreachin the 'information disclosure vulnerability ' f ound Vulnerability-related.DiscoverVulnerabilityby security researcher Kristian Erik Hermansen . When logging into his local bank , which uses Fiserv 's platform , Hermansen learned email alerts for financial transactions were assigned an 'event number ' , which he successfully predicted were distributed in sequence , according to KrebsOnSecurity . Using this knowledge , the researcher was able to directly view alerts set up by another customer by rewriting the site 's code in his browser and sending a request for an altered event number . He was able to view the customer 's email address , phone number and bank account number - as well as view and edit alerts they had previously set up . `` I should n't be able to see this data , '' he said . `` Anytime you spend money that should be a private transaction between you and your bank , not available for everyone else to see . '' He added a criminal could have exploited the flaw to s teal Attack.Databreachinformation from customers . Together with KrebsOnSeceurity author Brian Krebs , Hermansen worked to v erify Vulnerability-related.DiscoverVulnerabilitywhether or not the flaw was exclusive to his own bank 's installation of the platform . They soon d iscovered Vulnerability-related.DiscoverVulnerabilityhundreds of other Fiserv-affiliated banks may h ave been just as vulnerable Vulnerability-related.DiscoverVulnerabilityas those they had tested . IT Pro approached Fiserv for comment , and to establish how many institutions in the UK may have been affected , if any , but the company did not respond at the time of writing . A spokesperson told Krebs that Fiserv had responded accordingly , and c orrected Vulnerability-related.PatchVulnerabilitythe issue . `` After receiving your email , we promptly engaged appropriate resources and worked around the clock to research and remediate the situation , '' the spokesperson said . `` We d eveloped Vulnerability-related.PatchVulnerabilitya security patch within 24 hours of receiving notification and d eployed Vulnerability-related.PatchVulnerabilitythe patch to clients that utilise a hosted version of the solution . We w ill be deploying Vulnerability-related.PatchVulnerabilitythe patch this evening to clients that utilise an in-house version of the solution . '' While information disclosure vulnerabilities are among the most common types of website security issues , according to Krebs , they are also the most preventable and easy to f ix.Vulnerability-related.PatchVulnerabilityBut they can also cause just as much damage to a company 's brand as more severe security risks .