Ukraine paral­ysed, ex­perts warn of mas­sive global soft­ware virus at­tack

The Star Early Edition - - BUSINESS REPORT - Xinhua

FOL­LOW­ING the world­wide Wan­naCry ran­somware at­tack in May, a new wave of mas­sive cy­ber­at­tack has struck tar­gets glob­ally since Tues­day.

Ex­perts warn that the lat­est at­tack may grow even more and last longer.

Ukrainian author­i­ties said on Tues­day that the at­tack has struck dozens of the coun­try’s gov­ern­ment agen­cies, banks and pri­vate com­pa­nies.

The websites of the Ukrainian cab­i­net and sev­eral min­istries, the coun­try’s power dis­trib­u­tor, the state rail­way op­er­a­tor, the largest air­port, sev­eral banks, and a string of re­tail and fuel net­works have been hit.

In ad­di­tion, the ra­di­a­tion mon­i­tor­ing at the Ch­er­nobyl nu­clear fa­cil­ity was re­port­edly af­fected by the at­tack.

Ex­perts es­ti­mated that the at­tack, which has af­fected about 80 websites, was the largest in Ukraine’s mod­ern history. Ukrainian Prime Min­is­ter Volodymyr Groys­man has said that the in­for­ma­tion sys­tems of Ukraine’s crit­i­cal in­fra­struc­ture were not af­fected by the cy­ber­at­tack.

“It was an un­prece­dented at­tack, but our IT-ex­perts are do­ing their job and pro­tect­ing crit­i­cal in­fra­struc­ture. Im­por­tant sys­tems have not been af­fected,” Groys­man wrote on Face­book.

Ac­cord­ing to Moscow-based cy­ber se­cu­rity com­pany Group-IB lab­o­ra­tory, more than 80 com­pa­nies in Rus­sia and Ukraine came un­der cy­ber­at­tacks on Tues­day, in­clud­ing Rus­sia’s oil gi­ant Ros­neft.

The at­tack tar­geted a num­ber of oil, telecom­mu­ni­ca­tions and fi­nan­cial com­pa­nies in Rus­sia and Ukraine, block­ing com­put­ers and de­mand­ing $300 (R3 895) in Bit­coins, Group-IB told Rus­sia’s Prime news agency.

Ac­cord­ing to me­dia reports, other big com­pa­nies in Europe af­fected by the at­tack in­clude Dan­ish ship­ping con­glom­er­ate Maersk, Bri­tish ad­ver­tis­ing agency WPP, Dutch ship­ping com­pany TNT Ex­press, and French con­struc­tion and high-per­for­mance ma­te­ri­als com­pany Saint Gobain.

Shut down

The cy­ber­at­tack that had caused chaos in Europe also halted op­er­a­tions at the US Port of Los An­ge­les’ largest ter­mi­nal on Tues­day.

The APM ter­mi­nals, op­er­ated by the ship­ping gi­ant AP Moller-Maersk which han­dles about 16 per­cent of the world’s ship­ping fleet, was shut down for hours on Tues­day as the com­pany’s IT sys­tems were dis­turbed, ac­cord­ing to the Los An­ge­les Daily News.

Just weeks ago the world was gripped by a mys­te­ri­ous com­puter virus known as Wan­naCry, which in­fected 300 000 com­put­ers in 150 coun­tries and wreaked havoc on some of the world’s largest com­pa­nies.

Kasper­sky Lab said that the new ran­somware at­tack “is likely to grow even more.”

In an up­dated blog post­ing, the multi­na­tional cy­ber se­cu­rity and anti-virus ser­vices provider said its ex­perts con­cluded that the new mal­ware is sig­nif­i­cantly dif­fer­ent from all ear­lier known ver­sions of Petya, a fam­ily of en­crypt­ing ran­somware that was first dis­cov­ered in 2016.

Petya tar­gets Mi­crosoft Win­dows-based soft­ware sys­tems, in­fect­ing the mas­ter boot record to ex­e­cute a pay­load that en­crypts the file ta­ble with the New Tech­nol­ogy File Sys­tem for­mat, which is used by cur­rent Win­dows ver­sions for stor­ing and re­triev­ing files on a hard disk or other data stor­age de­vices, de­mand­ing a pay­ment in Bit­coin in or­der to re­gain ac­cess to the sys­tem.

Un­of­fi­cially, the au­thor of the post­ing noted, “we’ve named it ExPetr or NotPetya.” “The at­tack ap­pears to be com­plex, in­volv­ing sev­eral at­tack vec­tors,” ac­cord­ing to the post­ing. “We can con­firm that a mod­i­fied Eter­nalBlue ex­ploit is used for prop­a­ga­tion, at least within cor­po­rate net­works.”

Eter­nalBlue, gen­er­ally be­lieved to have been de­vel­oped by the US Na­tional Se­cu­rity Agency to ex­ploit a vul­ner­a­bil­ity in Mi­crosoft’s im­ple­men­ta­tion of the Server Mes­sage Block pro­to­col, was made avail­able on the In­ter­net by the Shadow Bro­kers hacker group on April 14.


Em­ploy­ees read a ran­somware de­mand for the pay­ment of $300 worth of Bit­coin on com­put­ers in­fected by the “Petya” soft­ware virus in a re­tail store in Kiev, Ukraine, on Wed­nes­day. The cy­ber­at­tack sim­i­lar to Wan­naCry be­gan in Ukraine on Tues­day.

Newspapers in English

Newspapers from South Africa

© PressReader. All rights reserved.