Massive International Ransomware Attack Hits Merck, Pennsylvania Hospital

A massive ongoing ransomware attack has hit conglomerates worldwide, including Merck, as the pharmaceutical giant confirmed earlier today.

The sprawling infection was first noticed wreaking havoc on Ukrainian infrastructure. The networks of Ukraine’s national bank, largest airport, and state power company all came down, paralyzing ATMs and delaying flights. It has spread rapidly over the last 24 hours. Rosneft, Russia’s largest oil company, also reported suffering the attack, as did Danish shipping colossus Maersk. Food company Mondelēz International also reported “experiencing a global IT outage” without confirming a ransomware attack.

Merck facilities in Pennsylvania and New Jersey experienced the effects of the attack around 8AM today. Reports indicate that the attack is impacting Merck’s international subsidiaries as well, with Forbes reporting that Merck Sharp & Dohme (MSD) in Ireland was impacted. An hour after Merck’s main Twitter page confirmed their network had been compromised, the MSD Twitter page posted a nearly-identical statement.

The ransomware reportedly demands a payment of $300 in bitcoin to release the infected computer and restore its data.

The attack was dubbed “Petya” in many early media reports based on perceived similarity to other malware, but researchers from Kaspersky Lab determined that “preliminary findings suggest it is not a variant of Petya…but a new ransomware that has not been seen before.” As such, they termed it “NotPetya” on Twitter. As with WannaCry before it, it seems to be using an exploit method derived from leaked NSA hacks.

Microsoft did, in fact, release a series of patches addressing that EternalBlue exploit. The headaches the attack is causing may not clear up even after the computers are unlocked, if it is found that multibillion dollar companies fell victim to a preventable attack.

So far in the United States, one hospital system has been hit. Heritage Valley Health System, a Pittsburgh-area health group that serves parts of Pennsylvania, Ohio, and West Virginia, has reportedly been suffering the effects of the ransomware attack. "Heritage Valley Health System has been affected by a cybersecurity incident. The incident is widespread and is affecting the entire health system including satellite and community locations," a spokesperson said.

Medical machines running unpatched versions of Windows in kiosk mode may be at risk: during WannaCry, Bayer-made cardiology equipment was compromised in at least one American hospital. Pictures circulating on Twitter today show ATMs and grocery store registers in Ukraine with the NotPetya ransom message locking their screens.

IT researchers quickly warmed to the collaborative task of fighting back against the attack, believing themselves to have found a "vaccine, not killswitch," to keep computers safe from infection.

This story will be updated as more information becomes available. For more on the threat ransomware poses in healthcare, read our recent feature For Hospitals, the Ransomware Threat is Here to Stay.