A major global cyber attack dubbed “GoldenEye” or “Petya” on Tuesday disrupted computers at Russia’s biggest oil company, Ukrainian banks and multinational firms with a virus similar to the ransomware virus that last month infected more than 300,000 computers.
The attack underscores growing concerns that businesses have failed to secure their networks from increasingly aggressive hackers, who have shown they are capable of shutting down critical infrastructure and crippling corporate and government networks.
“Cyber attacks can simply destroy us,” said Kevin Johnson, chief executive of cyber security firm Secure Ideas. “Companies are just not doing what they are supposed to do to fix the problem.
The ransomware virus crippled computers running Microsoft Corp’s (MSFT.O) Windows by encrypting hard drives and overwriting files, then demanded $300 in bitcoin payments to restore access.
It included code known as “Eternal Blue,” which cyber security experts widely believe was stolen from the U.S. National Security Agency and was also used in last month’s ransomware attack, named “WannaCry.”
Victims could have protected themselves from attack by updating computers with security patches from Microsoft and configuring their networks to stop viruses targeting a widely used Windows networking protocol, said Symantec Corp (SYMC.O) researcher Eric Chien.
“This shouldn’t be that big a deal because people should have already patched,” he said.
Some 2,000 attacks were observed as of midday in New York on Tuesday, according to Kaspersky Lab. Russia and Ukraine were most affected, with other victims spread across countries including Britain, France, Germany, Italy, Poland and the United States, the security software maker said.
Security experts said they expected the impact to be smaller than WannaCry since many computers had been patched with Windows updates in the wake of WannaCry last month to protect them against attacks using Eternal Blue code.
Following last month’s attack, governments, security firms and industrial groups aggressively advised businesses and consumers to make sure all their computers were updated with Microsoft patches to defend against the threat.
A Microsoft spokesman said the company was investigating the attacks.
The U.S. Department of Homeland Security said it was monitoring the attacks and coordinating with other countries. It advised victims not to pay the extortion, saying that doing so does not guarantee access will be restored.
The NSA did not respond to a request for comment. The spy agency has not publicly said whether it built Eternal Blue and other hacking tools leaked online by an entity known as Shadow Brokers.
Several private security experts have said they believe Shadow Brokers is tied to the Russian government, and that the North Korean government was behind WannaCry. Both countries’ governments deny charges they are involved in hacking.