Cyber attack hits servers in Europe
A large ransomware attack hit computers at Russia’s biggest oil company, the country’s banks, Ukraine’s international airport as well as global shipping firm AP Moller-Maersk.
A large ransomware attack hit computers at Russia’s biggest oil company, the country’s banks, Ukraine’s international airport as well as global shipping firm AP Moller-Maersk.
Moscow-based cyber security firm Group IB said hackers had exploited code developed by the US National Security Agency that was leaked and then used in the WannaCry ransomware attack that caused global disruption in May.
One of the victims of Tuesday’s cyber attack, a Ukrainian media company, said its computers were blocked and it had received a demand for $300 worth of the Bitcoin cryptocurrency to have access to its files restored.
“If you see this text, then your files are no longer accessible, because they have been encrypted. Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service,” the message said, according to a screenshot posted by Ukraine’s Channel 24.
The same message appeared on computers at Maersk offices in Rotterdam, according to screenshots posted on local media.
Other companies that said they had been hit by a presumed cyber attack included Russian metal maker Evraz, French construction materials firm Saint Gobain and the world’s largest advertising agency, WPP — though it was not clear if their problems were caused by the same virus.
Food company Mondelez International also said its staff in different regions were experiencing technical problems.
Cyber security firms scrambled to understand the scope and effect of the attacks, seeking to confirm suspicions that hackers had leveraged the same type of National Security Agency hacking tool exploited by WannaCry and to identify ways to stop the onslaught.
Researchers identified the ransomware as Petya, which encrypts computer hard drives and demands ransoms in exchange for a digital key to restore access. “It’s like WannaCry all over again,” said F-Secure chief research officer Mikko Hypponen.
He expected the outbreak to be reported in the Americas as workers turned on vulnerable machines.