Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa Bay news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Charlotte news in your inbox

Catch up on the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

AP

A massive cyberattack appears to have hit Europe, touching a number of countries, companies and public domains.

  • WPP, one of the world's largest advertising agencies confirmed on Twitter that its IT system has been affected from a possible cyberattack. Employees at Ogilvy and other WPP agencies were sent home.
  • AP reports that Ukraine's prime minister Volodymyr Groysman said the cyberattack is 'unprecedented' but that 'vital systems' haven't been affected, but Ukrainian banks and an electricity firm have been attacked. A Ukrainian official wrote on his official Facebook page that a Ukrainan airport's IT systems had also been compromised.
  • Russia's state-controlled oil company (and the world's largest publicly listed oil company by production), PAO Rosneft, said it was under a "massive hacker attack" but said its oil production hadn't been affected, per WSJ,
  • The WSJ also reports that an attack brought down computer systems across Denmark's shipping giant Maersk, which runs the world's largest container operator.
  • A large percentage of infected machines appear to be Windows 7 and 10 with a majority running 64-bit OS, according to David Kennerley at Webroot.

Daniel Smith, security researcher at Radware, tells Axios the attack is a global ransomware campaign, meaning the attackers are asking victims to forward money to be relieved. "This outbreak is leveraging the ransomware variant PETRWRAP/PETYA and spreading via the EternalBlue exploit, similar to how WannaCry spread," said Smith. "The ransom requested is $300 BTC upon infection. There is only one BTC address associated with this campaign."

What is "Petya"? A strain of attack first reported in March that reboots victims' computers, encrypts their hard drive's master file (instead of individual files) and renders their entire master hard drive inoperable. The Petya component includes many features that enable to malware to remain viable on infected systems, and the EternalBlue component enables it to proliferate through organizations that don't have the correct patches or antivirus software.

"This is a great example of two malware components coming together to generate more pernicious and resilient malware," said Phil Richards, chief information officer at Ivanti.

Timing: The attack comes just over a month after the massive WannaCry ransomware attack, conducted by a North Korean hacking group, that spread to 300,000 breaches across 150 countries. Last October, a DDOS (distributed denial of service) cyberattack shut down a huge portion of the internet. Many organizations spent countless hours trying to patch the vulnerability to the WannaCry attack and were not necessarily paying attention to other vulnerabilities in their devices, Kennerley said.

Who is responsible? Monzy Merza, head of cyber research for Splunk — a San Francisco software company that detects cyber-attacks and insider threats — speculates it might be Ukraine's neighboring countries or hackers nearby since geospatial proximity makes attacking easier. He also notes that the attackers were likely using Ukraine as a "testing ground" for future attacks.

Why it matters: Merza says people are becoming increasingly aware of these types of cyber attacks because they are starting to directly affect people outside of the cyber realm.

This story is being updated.

Go deeper

45 mins ago - Politics & Policy

Stalemate over filibuster freezes Congress

Illustration: Sarah Grillo/Axios

Senate Majority Leader Chuck Schumer and Mitch McConnell's inability to quickly strike a deal on a power-sharing agreement in the new 50-50 Congress is slowing down everything from the confirmation of President Biden's nominees to Donald Trump's impeachment trial.

Why it matters: Whatever final stance Schumer takes on the stalemate, which largely comes down to Democrats wanting to use the legislative filibuster as leverage over Republicans, will be a signal of the level of hardball we should expect Democrats to play with Republicans in the new Senate.

Dave Lawler, author of World
1 hour ago - World

Biden opts for five-year extension of New START nuclear treaty with Russia

Putin at a military parade. Photo: Valya Egorshin/NurPhoto via Getty

President Biden will seek a five-year extension of the New START nuclear arms control pact with Russia before it expires on Feb. 5, senior officials told the Washington Post.

Why it matters: The 2010 treaty is the last remaining constraint on the arsenals of the world's two nuclear superpowers, limiting the number of deployed nuclear warheads and the bombers, missiles and submarines which can deliver them.

Updated 2 hours ago - Technology

Facebook refers Trump ban to independent Oversight Board for review

Photo: Alex Edelman/AFP via Getty Images

Facebook's independent Oversight Board has accepted a referral from the platform to review its decision to indefinitely suspend former President Trump.

Why it matters: While Trump critics largely praised the company's decision to remove the then-president's account for potential incitement of violence, many world leaders and free speech advocates pushed back on the decision, arguing it sets a dangerous precedent for free speech moving forward.