As a global cyberattack quickly spread across the world, infecting a slew of computers across Russia, the UK, Spain, Israel and more, one image reportedly showing a Ukrainian submarket in chaos has gone viral, reinforcing the real-world impact a major cyberattack can have.
Tweeted on 27 June by Maxim Eristavi, a fellow at Atlantic Council – and sourced from Twitter user Mikhail Golub – the picture shows bewildered shoppers looking on in confusion as every single computer terminal clearly displayed the ransomware demand.
"A supermarket in Ukraine. The country is under cyberattack," Eristavi wrote. The photo was purportedly taken in a shop in Kharkov, the second-largest city in Ukraine.
The cyberattack, initially blamed on a strain known as "Petya", infected machines across the globe on 27 June using a known US National Security Agency (NSA) exploit dubbed EternalBlue. Yet according to Kaspersky Lab, the malware may be a strain never seen before.
"If you see this text then your files are no longer accessible because they have been encrypted," the ransom note read to victims. "Perhaps you are busy looking to recover your files but don't waste your time," it added, before asking for $300 worth of Bitcoin, a digital currency.
The latest outbreak hit major banks, businesses and even some Ukrainian airports. In May, another worldwide cybercrime pandemic was blamed on a ransomware called "WannaCry", which eventually impacted more than 250,000 machines in 150 countries.
The group behind the latest attack remains unknown.
A spokesperson from the UK National Cyber Security Centre (NCSC), an off-shoot of signals intelligence agency GCHQ who are responsible for probing attacks and breaches, said: "We are aware of a global ransomware incident and are monitoring the situation closely."
ESET researcher Robert Lipovsky noted: "The outbreak appears to have started in Ukraine, where reports indicate that the financial sector, energy sector and numerous other industries have been hit. The scope of the damage caused is not yet confirmed."
One Malwarebytes analyst, who uses the name Hasherezade, added: "We are researching the attack. What we have uncovered is that the ransomware seems to be distributed by Server Message Block (SMB), which is the same as the WannaCry incident that came before it."
The image was used with permission from Mikhail Golub