Ransomware attack causes disruptions across globe

Cyberattacks in Ukraine, Denmark and Russia, among others, target companies, banks and government offices.

cyberattack
There is very little information yet about who might be behind the disruption [Reuters]

A massive new international cyberattack via a ransomware virus dubbed Petya has paralysed businesses across Europe and is spreading elsewhere.

Several major corporations on Tuesday said they had been targeted in the cyberattack which started in Ukraine and Russia before hitting other European countries. 

Danish shipping giant Maersk, Russia’s Rosneft oil firm, British advertising agency WPP and the French industrial group Saint-Gobain all said they came under attack and put protection protocols in place to avoid data loss.

One of the countries particularly hit was Ukraine, where serious intrusions at the power grid, banks and government offices were experienced. Boryspil Airport in the capital, Kiev, was also affected.

TARGETS HIT IN CYBERATTACK:

UKRAINE: A number of Ukrainian banks and companies, including the state power distributor, were hit by a cyber attack that disrupted some operations, the Ukrainian central bank said. Kiev’s Boryspil Airport was also hit.

Rosneft: Russia’s top oil producer said its servers had been hit by a large-scale cyberattack but its oil production was unaffected.

A.P. MOLLER-MAERSK: The Danish shipping giant said a cyberattack had caused outages at its computer systems across the world. Maersk’s port operator APM Terminals was also hit.

WPP: The world’s biggest advertising company said computer systems within several of its agencies had been hit by a suspected cyberattack.

MERCK & Co: The pharmaceutical company MERCK & Co. said on Twitter its computer network was compromised as part of a global hack.

RUSSIAN BANKS: Russia’s central bank said there had been “computer attacks” on Russian banks and that in isolated cases their IT systems had been infected.

SAINT Gobain: The French construction materials company Saint Gobain said it had been a victim of a cyberattack.

DEUTSCHE POST: The German postal and logistics company said systems of its Express division in the Ukraine have in part been affected by a cyberattack.

METRO: The German retailer said its wholesale stores in the Ukraine had been hit by a cyberattack.

EVRAZ: The Russian steelmaker said its information systems had been hit by a cyberattack but its output was not affected.

NORWAY: A ransomware cyberattack is affecting an unnamed international company, the country’s national security authority said.

 

Artem Shevchenko, head of the communications department at the Ukrainian ministry of internal affairs, told Al Jazeera that authorities had launched a criminal investigation after the “unprecedented cyberattack”.

“Ukraine has never faced [such a cyberattack] before,” he said from Kiev, adding that “all state authorities are involved in the fighting” of the virus.

“The cyber police has received more than 200 reports about interferences in computers with damaging software. Under attack are the state and corporate sector: post offices, banks, transport infrastructure, the main office of the railway station, and other facilities.”

Pavlo Rozenko, the country’s deputy prime minister, posted a picture of a darkened computer screen to Twitter, saying that the computer system at the government’s headquarters has been shut down.

The National Bank of Ukraine said in a statement it had warned banks “about an external hacker attack on the websites of some Ukrainian banks”.

Banks were experiencing “difficulty in servicing customers and performing banking operations” due to the attacks, it added.

A cyberattack was also reported by the Kyivenergopower company in the capital. “We were forced to turn off all of our computers,” a company representative told Interfax-Ukraine agency.

Some radiation checks at the Chernobyl nuclear disaster site in Ukraine were being carried out manually as a result of the attacks, state media said.

Ransomware suspected

Researchers with multiple technology companies identified the ransomware as Petya, malware that makes computers inoperable by encrypting their hard drives and demands ransoms in exchange for a digital key to restore access.

The cyberattack comes as the world is still recovering from a previous outbreak of ransomware, called WannaCry or WannaCrypt, which spread rapidly since mid-May using digital break-in tools originally created by the US National Security Agency and recently leaked to the web.

The spread of the WannaCry ransomware, which locked up hundreds of thousands of computers in more than 150 countries, has slowed in June, but security experts have warned that new versions of the worm may strike.

Commenting on Tuesday’s cyberattack, Gavin Millard, a cyber security analyst, told Al Jazeera from London: “It looks like a derivative of a quite well-known ransomware called Petya, but the code has been modified to act somewhat like WannaCry.”

He added: “Looking through some of the forensic data, it is actually leveraging the same vulnerability as WannaCry to spread the violence. With virus infections of this nature, it is quite often not a targeted attack. It is mostly a patient zero that spreads it to whoever they connect to.”

The US Department of Homeland Security said it was monitoring the attacks and coordinating with other countries. It advised victims not to pay the extortion, saying that doing so does not guarantee access will be restored.

WannaCry: A new era of cyber security – Counting the Cost

Major impact

In Denmark, Maersk said a cyberattack had caused outages at its computer systems across the world.

“We are talking about a cyberattack,” said Anders Rosendahl, a spokesman for the Copenhagen-based shipping giant. “It has affected all branches of our business, at home and abroad.”

Rosneft, Russia’s leading oil producer, also said on Twitter that a powerful hacking attack has been carried out against the company’s servers.

Cyber crime and security: A Russian perspective – Counting the Cost (feature)

It said the attack “could have had serious consequences” but said that thanks to a back-up system “the production and extraction of oil were not stopped.”

Russian steelmaker EVRAZ said it was also affected by cyber attacks, adding that production was not affected.

Britain’s WPP, the world’s biggest advertising agency, said on Tuesday that it had been hit by a cyberattack, one of many major companies to face major disruption.

A spokesman confirmed it had been affected without giving any further details. The company’s website was not available.

US pharmaceutical giant MERCK said it had been hit, posting on Twitter that its “computer network was compromised today as part of global hack. Other organisations have also been affected”.

In Germany, the country’s federal cyber agency said German companies were also affected and urging firms to report any issues to authorities.

The BSI agency did not name the companies affected, although German postal and logistics company Deutsche Post earlier said its systems in Ukraine had been affected.

The cyberattack had also affected an unnamed “international company” in Norway, the country’s national security authority said.

“We see there is a ransomware attack that is actually ongoing. Only one international company has been affected in Norway,” said a spokeswoman for the authority, who declined to name the company.

Who is to blame for the massive ransomware attack?

Source: Al Jazeera, News Agencies