A new wave of powerful cyberattacks hit Europe on Tuesday in a possible reprise of a widespread ransomware assault in May that affected 150 countries, as Ukraine reported ransom demands targeting the government and key infrastructure, and the Danish Maersk conglomerate said many of its systems were down.
Reports of attacks spread quickly on Tuesday afternoon.
The attack was confirmed to have spread beyond Europe when U.S. drugmaker Merck, based in New Jersey, said its systems had also been compromised.
The number of companies and agencies reportedly affected by the ransomware campaign was piling up fast, and the electronic rampage appeared to be rapidly snowballing into a worldwide crisis. The Russian oil giant Rosneft and a subsidiary, Bashneft, were also hit, as was the British advertising and marketing multinational WPP. Norway’s National Security Authority said an “international company” there was affected, and Martijn Pols, a spokesman for the Port of Rotterdam, said one shipping company, APM Terminals, was targeted.
The virus even hit systems monitoring radiation at the site of the former Chernobyl nuclear power plant, where computers running Windows were temporarily knocked offline. By late Tuesday morning, reports of cyberattacks had spread as far as India and the United States.
But the damage was worst in Ukraine, which first reported Tuesday’s cyberattacks, saying they targeted government ministries, banks, utilities and other important infrastructure and companies nationwide, demanding ransoms from government employees in the cryptocurrency bitcoin.
The hack’s scale and the use of ransomware quickly recalled the massive May cyberattack in which hackers likely linked to North Korea disabled computers in more than 150 nations using a flaw that was once incorporated by the National Security Agency’s surveillance tool kit. That attack used the vulnerability to install ransomware called WannaCry.
Tuesday’s attacks used a different form of ransomware similar to a virus known as Petrwrap or Petya, according to Costin Raiu, director of Global Research and Analysis Team at Kaspersky Lab.
By mid afternoon, breaches had been reported at computers governing the municipal energy company and airport in Ukraine’s capital, Kiev, the state telecommunications company Ukrtelecom, the Ukrainian postal service and the State Savings Bank of Ukraine. Payment systems at grocery stores were knocked offline, as well as the turnstile system in the Kiev metro.
Ukrainian Deputy Prime Minister Pavlo Rozenko on Tuesday tweeted a picture of a computer screen warning in English that “one of your disks contains errors,” then adding in all capital letters: “DO NOT TURN OFF YOUR PC! IF YOU ABORT THIS PROCESS, YOU COULD DESTROY ALL YOUR DATA!”
“Ta-Dam!” he wrote. “It seems the computers at the Cabinet of Ministers of Ukraine have been ‘knocked out.’ The network is down.” Other shots of computer screens attributed to government officials showed demands for a “ransom” in bitcoins to release data encrypted by the virus.
Ukraine’s National Bank said in a statement said that an “unknown virus” has caused banks “difficulties in serving clients and carrying out banking operations.”
Suspicions among Ukrainian officials quickly fell on Russia, which annexed the Crimean Peninsula in 2014 and has backed separatists in eastern Ukraine. But no proof of Russian involvement in the hack was immediately made public. Ukraine has accused Russia of several large-scale assaults on the country’s power infrastructure in damaging cyberattacks.
Whatever its source, the virus appeared to be spreading Tuesday. A.P Moller – Maersk Group, a Danish transport and energy conglomerate, announced that “Maersk IT systems are down across multiple sites and business units due to a cyber attack.”
The company was trying to determine exactly how broad the attack was. “We are assessing the situation, and of course the safety of our employees and our operations alongside our customers’ business – these are our top priorities,” Maersk spokeswoman Concepcion Boo Arias said.
Separately, the Russian oil giant Rosneft announced that its servers were hit by a “powerful hacking attack,” which knocked the company’s website offline Tuesday afternoon. Photographs leaked to the Russian business daily Vedomosti showed that computers at the Rosneft-owned regional oil company Bashneft were compromised by malware similar to the programs holding computers hostage in Ukraine.
Apparently referring to a conflict over a regional oil producer with the Russian conglomerate Sistema, owned by oligarch Vladimir Yevtushenkov, Rosneft’s statement added: “We hope that this has nothing to do with the current court proceedings.”
__________
Follow us on Twitter at @thesignalng
Copyright 2017 SIGNAL. Permission to use portions of this article is granted provided appropriate credits are given to www.signalng.com and other relevant sources.
