WORLDWIDE RANSOMWARE ATTACK
Ukraine paralysed, experts warn of massive global software virus attack
FOLLOWING the worldwide WannaCry ransomware attack in May, a new wave of massive cyberattack has struck targets globally since Tuesday.
Experts warn that the latest attack may grow even more and last longer.
Ukrainian authorities said on Tuesday that the attack has struck dozens of the country’s government agencies, banks and private companies.
The websites of the Ukrainian cabinet and several ministries, the country’s power distributor, the state railway operator, the largest airport, several banks, and a string of retail and fuel networks have been hit.
In addition, the radiation monitoring at the Chernobyl nuclear facility was reportedly affected by the attack.
Experts estimated that the attack, which has affected about 80 websites, was the largest in Ukraine’s modern history. Ukrainian Prime Minister Volodymyr Groysman has said that the information systems of Ukraine’s critical infrastructure were not affected by the cyberattack.
“It was an unprecedented attack, but our IT-experts are doing their job and protecting critical infrastructure. Important systems have not been affected,” Groysman wrote on Facebook.
According to Moscow-based cyber security company Group-IB laboratory, more than 80 companies in Russia and Ukraine came under cyberattacks on Tuesday, including Russia’s oil giant Rosneft.
The attack targeted a number of oil, telecommunications and financial companies in Russia and Ukraine, blocking computers and demanding $300 (R3 895) in Bitcoins, Group-IB told Russia’s Prime news agency.
According to media reports, other big companies in Europe affected by the attack include Danish shipping conglomerate Maersk, British advertising agency WPP, Dutch shipping company TNT Express, and French construction and high-performance materials company Saint Gobain.
Shut down
The cyberattack that had caused chaos in Europe also halted operations at the US Port of Los Angeles’ largest terminal on Tuesday.
The APM terminals, operated by the shipping giant AP Moller-Maersk which handles about 16 percent of the world’s shipping fleet, was shut down for hours on Tuesday as the company’s IT systems were disturbed, according to the Los Angeles Daily News.
Just weeks ago the world was gripped by a mysterious computer virus known as WannaCry, which infected 300 000 computers in 150 countries and wreaked havoc on some of the world’s largest companies.
Kaspersky Lab said that the new ransomware attack “is likely to grow even more.”
In an updated blog posting, the multinational cyber security and anti-virus services provider said its experts concluded that the new malware is significantly different from all earlier known versions of Petya, a family of encrypting ransomware that was first discovered in 2016.
Petya targets Microsoft Windows-based software systems, infecting the master boot record to execute a payload that encrypts the file table with the New Technology File System format, which is used by current Windows versions for storing and retrieving files on a hard disk or other data storage devices, demanding a payment in Bitcoin in order to regain access to the system.
Unofficially, the author of the posting noted, “we’ve named it ExPetr or NotPetya.” “The attack appears to be complex, involving several attack vectors,” according to the posting. “We can confirm that a modified EternalBlue exploit is used for propagation, at least within corporate networks.”
EternalBlue, generally believed to have been developed by the US National Security Agency to exploit a vulnerability in Microsoft’s implementation of the Server Message Block protocol, was made available on the Internet by the Shadow Brokers hacker group on April 14.