A ransomware attack hit computers across the world on Tuesday, taking out servers at Russia’s biggest oil company, disrupting operations at Ukrainian banks, and shutting down computers at multinational shipping and advertising firms.
Cyber security experts said those behind the attack appeared to have exploited the same type of hacking tool used in the WannaCry ransomware attack that infected hundreds of thousands of computers in May before a British researcher created a kill-switch.
“It’s like WannaCry all over again,” said Mikko Hypponen, chief research officer with Helsinki-based cyber security firm F-Secure.
He said he expected the outbreak to spread in the Americas as workers turned on vulnerable machines, allowing the virus to attack. “This could hit the USA. pretty bad,” he said.
The US Department of Homeland Security said it was monitoring reports of cyber attacks around the world and coordinating with other countries.
The first reports of organisations being hit emerged from Russia and Ukraine, but the impact quickly spread westwards to computers in Romania, the Netherlands, Norway, and Britain.
Within hours, the attack had gone global.
More than 80 companies in Russia and Ukraine were initially affected by the Petya virus that disabled computers and told users to pay US$300 in cryptocurrency to unlock them, according to the Moscow-based cybersecurity company Group-IB. Telecommunications operators and retailers were also affected and the virus is spreading in a similar way to the WannaCry attack in May, it said.
Rob Wainwright, executive director at Europol, said the agency is “urgently responding” to reports of the new cyber attack. In a separate statement, Europol said it’s in talks with “member states and key industry partners to establish the full nature of this attack at this time.”
Danish sea transport company Maersk, British advertising giant WPP and the French industrial group Saint-Gobain were among those who said they came under attack and put protection protocols in place to avoid data loss.
The first reports of trouble came from Ukrainian banks, Kiev’s main airport and Russia’s Rosneft, in a major incident reminiscent of the recent WannaCry virus.
IT experts identified the virus as “Petrwrap”, a modified version of the Petya ransomware which hit last year and demanded money from victims in exchange for the return of their data.
It also recalled a ransomware outbreak last month which hit more than 150 countries and a total of more than 200,000 victims with the WannaCry ransomware.
The virus is “spreading around the world, a large number of countries are affected,” Costin Raiu, a researcher at the Moscow-based computer security firm Kaspersky Lab said via Twitter.
Ukrainian Prime Minister Volodymyr Groysman wrote on Facebook that the attacks in his country were “unprecedented” but insisted that “important systems were not affected.”
Ukraine’s central bank said several lenders had been hit in the country, hindering operations and leading the regulator to warn other financial institutions to tighten security measures.
Banks were experiencing “difficulty in servicing customers and performing banking operations” due to the attacks, the bank said in a statement.
Among those hit was Oschadbank, one of Ukraine’s largest banks.
Russian state oil giant Rosneft said earlier that its servers suffered a “powerful” cyberattack but thanks to its backup system “the production and extraction of oil were not stopped.”
The attacks on Russian and Ukrainian companies involved a type of ransomware that locks users out of the computer and demands purchase of a key to reinstate access, said cybersecurity company Group IB.
Beyond Ukraine and Russia, the wave of cyberattacks also impacted Maersk, a global cargo shipping company and Saint-Gobain, a French company producing construction materials and British-based WPP.
“To protect our data we have isolated our systems,” Saint-Gobain said.
A Maersk representative said that company systems are “down across all business units due to a virus.”
The attacks started around 2 pm Moscow time (7 pm Hong Kong time), the group said, and quickly spread to 80 companies in Ukraine and Russia.
The cryptolocker demands US$300 in bitcoins and does not name the encrypting programme, which makes finding a solution difficult, said Group IB spokesman Evgeny Gukov in an emailed comment.
Attacks were also reported by the power company in Kiev, Kyivenergo. “We were forced to turn off all of our computers,” a company representative told Interfax Ukraine agency.
The attack also affected some Ukraine government computers and the website of Ukraine’s biggest airport Boryspil.
“The official airport website and the flight schedule are not working!” wrote airport director Pavlo Ryabykin on Facebook, though without confirming the website was hit by a virus.
The government press service said Petya hit “personal computers” of some individuals but not government servers.
Ukraine’s delivery service company Nova Poshta confirmed the virus that hit its computers was Petya.A.
The fight against cyberattacks has sparked exponential growth in global protection spending, with the cyber security market estimated at $120 billion this year, more than 30 times its size just over a decade ago.
But even that massive figure looks set to be dwarfed within a few years, experts said, after ransomware attacks crippled computers worldwide in the past week.
Ransomware attacks have been soaring and the number of such incidents increased by 50 per cent in 2016, according to Verizon Communications.
Analysts at Symantec Corp, have said the new virus, called Petya, uses an exploit called EternalBlue to spread, much like WannaCry. EternalBlue works on vulnerabilities in Microsoft’s Windows operating system.
Companies hit by the new global ransomware attack
Russia’s top oil producer Rosneft said its servers had been hit been a large-scale cyber attack but its oil production was unaffected.
Danish shipping giant A.P. Moller-Maersk, which handles one out of seven containers shipped globally, said a cyber attack had caused outages at its computer systems across the world.
Maersk’s port operator APM Terminals was also hit. Dutch broadcaster RTV Rijnmond reported that 17 shipping container terminals run by APM Terminals had been hacked, including two in Rotterdam and 15 in other parts of the world.
Britain’s WPP, the world’s biggest advertising company, said computer systems within several of its agencies had been hit by a suspected cyber attack.
MERCK & Co.
Pharmaceutical company Merck & Co. said in a tweet its computer network was compromised as part of a global hack.
Russia’s central bank said there had been “computer attacks” on Russian banks and that in isolated cases their IT systems had been infected.
All Russian branches of Home Credit consumer lender are closed because of a cyber attack, an employee of a Home Credit call centre in Russia said.
UKRAINIAN BANKS, POWER GRID
A number of Ukrainian banks and companies, including the state power distributor, were hit by a cyber attack that disrupted some operations, the Ukrainian central bank said.
UKRAINIAN INTERNATIONAL AIRPORT
Yevhen Dykhne, director of the capital’s Boryspil Airport, said it had been hit. “In connection with the irregular situation, some flight delays are possible,” Dykhne said in a post on Facebook.
French construction materials company Saint Gobain said it had been a victim of a cyber attack, and it had isolated its computer systems to protect data.
German postal and logistics company Deutsche Post said systems of its Express division in the Ukraine have in part been affected by a cyber attack.
Germany’s Metro said its wholesale stores in the Ukraine had been hit by a cyber attack and the retailer was assessing the impact.
Food company Mondelez International said employees in different regions were experiencing technical problems but it was unclear whether this was due to a cyber attack.
Russian steelmaker Evraz said its information systems had been hit by a cyber attack but its output was not affected.
A ransomware cyber attack is taking place in Norway and is affecting an unnamed international company, the Nordic country’s national security authority. – Additional reporting by Reuters
You can follow BangkokJack on Facebook & Twitter. Email tips and suggestions to firstname.lastname@example.org – Feel free to comment on story below