New cyber attacks paralyse global firms
‘PETRWRAP’ RANSOMWARE HITS RUSSIA AND UKRAINE BEFORE SPREADING TO WESTERN EUROPE
Aransomware attack hit computers across the world yesterday, taking out servers at Russia’s biggest oil company, disrupting operations at Ukrainian banks, and shutting down computers at multinational shipping and advertising firms.
Cyber security experts said those behind the attack appeared to have exploited the same type of hacking tool used in the WannaCry ransomware attack that infected hundreds of thousands of computers in May before a British researcher created a kill-switch. “It’s like WannaCry all over again,” said Mikko Hypponen, chief research officer with Helsinki-based cyber security firm F-Secure.
He said he expected the outbreak to spread in the Americas as workers turned on vulnerable machines, allowing the virus to attack. “This could hit the US pretty bad,” he said.
The US Department of Homeland Security said it was monitoring reports of cyber attacks around the world and coordinating with other countries.
The first reports of organisations being hit emerged from Russia and Ukraine, but the impact quickly spread westwards to computers in Romania, the Netherlands, Norway, and Britain. Within hours, the attack had gone global.
S everal multinational companies said yesterday they were targeted in a massive wave of cyber attacks which started in Russia and Ukraine before spreading to western Europe.
Danish sea transport company Maersk, British advertising giant WPP and the French industrial group Saint-Gobain were among those who said they came under attack and put protection protocols in place to avoid data loss.
The first reports of trouble came from Ukrainian banks, Kiev’s main airport and Russia’s Rosneft oil giant, in a major incident reminiscent of the recent WannaCry virus.
IT experts identified the virus as “Petrwrap”, a modified version of the Petya ransomware which hit last year and demanded money from victims in exchange for the return of their data.
It also recalled a ransomware outbreak last month which hit more than 150 countries and a total of more than 200,000 victims with the WannaCry ransomware.
The virus is “spreading around the world, a large number of countries are affected,” Costin Raiu, a researcher at the Moscow-based computer security firm Kaspersky Lab said via Twitter.
Unprecedented attacks
Ukrainian Prime Minister Volodymyr Groysman wrote on Facebook that the attacks in his country were “unprecedented” but insisted that “important systems were not affected.”
Ukraine’s central bank said several lenders had been hit in the country, hindering operations and leading the regulator to warn other financial institutions to tighten security measures. Banks were experiencing “difficulty in servicing customers and performing banking operations” due to the attacks, the bank said in a statement.
Among those hit was Os-chadbank, one of Ukraine’s largest banks.
Russian state oil giant Rosneft said earlier that its servers suffered a “powerful” cyber attack but thanks to its backup system “the production and extraction of oil were not stopped.”
The attacks on Russian and Ukrainian companies involved a type of ransomware that locks users out of the computer and demands purchase of a key to reinstate access, said cybersecurity company Group IB.
Beyond Ukraine and Russia, the wave of cyber attacks also impacted Maersk, a global cargo shipping company and Saint-Gobain, a French company producing construction materials and British-based WPP.
The attacks started around 2pm Moscow time (1100GMT), the group said, and quickly spread to 80 companies in Ukraine and Russia.
Attacks were also reported by the website of Ukraine’s biggest airport Boryspil.
Companies hit by online attack
Following is a list of firms and organisations hit by cyber attacks: Rosneft: Russia’s top oil producer Rosneft said its servers had been hit been a large-scale cyber attack but its oil production was unaffected.
A.P. Moller-Maersk: Danish shipping giant A.P. Moller-Maersk, which handles one out of seven containers shipped globally, said a cyber attack had caused outages at its computer systems across the world.
WPP: Britain’s WPP, the world’s biggest advertising company, said computer systems within several of its agencies had been hit by a suspected cyber attack.
Merck & Co.: Pharmaceutical company Merck & Co. said in a tweet its computer network was compromised as part of a global hack.
Russian banks: Russia’s central bank said there had been “computer attacks” on Russian banks and that in isolated cases their IT systems had been infected.
Ukrainian banks , power grid: A number of Ukrainian banks and companies, including the state power distributor, were hit, the Ukrainian central bank said. Ukrainian international Airport: Yevhen Dykhne, director of the capital’s Boryspil Airport, said it had been hit. Some flight delays are possible, Dykhne said in a post on Facebook. Saint Gobain: French construction materials company Saint Gobain said it had been a victim of a cyber attack, and it had isolated its computer systems to protect data. Deutsche Post: German postal and logistics company Deutsche Post said systems of its Express division in the Ukraine have in part been affected by a cyber attack. Metro: Germany’s Metro said its wholesale stores in the Ukraine had been hit by a cyber attack and the retailer was assessing the impact.
How does it work? Is it used frequently? System flaw How to protect oneself What is ransomware?
Ransomware is malicious software which locks computer files and forces users to pay the attackers a designated sum in the virtual Bitcoin currency to regain access to the files.
Ransomware is used on PCs as well as tablets and smartphones. It can affect “at the same time individuals, businesses and institutions,” Amar Zendik, CEO security firm Mind Technologies said. Cyberpirates generally take control of computers by exploiting flaws in the internet.
That could happen when a user logs onto a web site that has been previously infected or opens an email that invites the user to click on a link or download an attachment. In a few seconds, the malware can be implanted. And when it’s installed, “it can’t be detected,” Laurent Marechal, a cyber security expert at McAfee, said.
It’s only afterwards that it “downloads the ‘payload’, that is the viral charge,” he said. From then on the computer work station is blocked. “Most often the user has to send an SMS” — and pay up — “in order to get the unblocking code,” says Marechal. Yes. And ransomware continues to multiply. According to security software Kapersky Lab, 62 new types of ransomware were identified last year.
And the US computer security software company McAfee said the number of “samples” detected increased by 88 per cent in 2016, totalling some four million. The culprits behind the cyberattacks in May apparently took advantage of a flaw in the Windows operating system. Simple rules to reduce risks of a ransomware attack, include regularly updating security software. In case of a cyberattack, disconnecting the infected equipment immediately from the network is advised. In the case of a virus affecting a business or an institution, the IT experts should be alerted right away.