Last week's globe-spanning ransomware outbreak may have started with a remarkably simple attack. This morning, independent security analyst Jonathan Nichols discovered an alarming vulnerability in the update servers for Ukrainian software company MeDoc, one of the companies at the center of the attack.

Researchers believe that many of the initial Petya infections were the result of a poisoned update from MeDoc, which sent out malware disguised as a software update. But according to Nichols' research, sending out that poisoned update may have been a relatively simple task, thanks to underlying weaknesses in the company's security.

Read the full story at The Verge.

In the wake of last week's massive Petya ransomware attack in Eastern Europe, researchers are reaching consensus that the incident was a politically-motivated cyberattack. According to CNBC, the NATO Cooperative Cyber Defence Centre of Excellence (CCD COE) recently put out a statement claiming that the attack was like done by a state actor or a group with state approval. The development means that the cyberattack could be viewed as an act of war, triggering Article 5 of the Washington Treaty and compelling NATO allies to respond.

"As important government systems have been targeted, then in case the operation is attributed to a state this co …

Read the full story at The Verge.

The global Petya virus has "significantly affected" the worldwide operations of TNT Express, a subsidiary of FedEx that's based in the Netherlands. Both the domestic and international shipping services remain operational, but they are experiencing delays, the companies say. FedEx halted trading of its shares shortly after the announcement, but all other FedEx-owned companies are so far unaffected.

"We cannot measure the financial impact of this service disruption at this time, but it could be material," FedEx writes in a statement about the service disruption. The company adds that "remediation steps and contingency plans are being implemen …

Read the full story at The Verge.

The virus that began spreading through European computers yesterday informed users that they could unlock their machines by paying a $300 ransom. But it looks like the program's creators had no intention of restoring the machines at all. In fact, a new analysis reveals they couldn't; the virus was designed to wipe computers outright.

Matt Suiche, founder of the cybersecurity firm Comae, writes in a blog post today that after analyzing the virus, known as Petya, his team determined that it was a "wiper," not ransomware. "We can see the current version of Petya clearly got rewritten to be a wiper and not a actual ransomware," Suiche writes.

Read the full story at The Verge.

After thousands of infections, the new Petya ransomware has run into its first major problem, as a German email provider has blocked the email account the virus was using to manage ransom demands. Victims should be advised not to pay into the wallet, since it's unlikely the attackers can successfully decrypt systems at this point.

The problem is caused in part by Petya's unorthodox method for collecting ransom payments. Most ransomware programs create a unique wallet for each infection, making it easy to know which victim is responsible for each payment. But Petya broke with that practice, asking every victim to send their $300 payment to t …

Read the full story at The Verge.