A new cyberattack similar to WannaCry is spreading across Europe, hitting major companies from Moscow to Copenhagen and disrupting governmen systems in Kiev.
More than 80 companies in Russia and Ukraine were affected by the Petya virus that disabled computers on Tuesday and demanded users pay $300 in cryptocurrency to unlock them. Telecommunications operators and retailers were also affected and the virus is spreading in a similar way to the WannaCry attack in May, said Moscow-based cybersecurity company, Group-IB.
Ukraine was hit especially hard. Anton Gerashchenko, an aide at the interior ministry, called the attack “the biggest in Ukraine’s history, " disguised as an attempt at extortion but with the real goal of "destabilising the economy and the civic consciousness of Ukraine.”
Company and government officials reported serious intrusions at the Ukrainian power grid, banks and government offices, where one senior official posted a photo of a darkened computer screen and the words, “the whole network is down.” Ukraine’s prime minister said the attack was unprecedented but that “vital systems haven’t been affected.”
Kievenergo, a Ukrainian utility company, switched off all computers after the hack, while another power company, Ukrenergo, was also affected, though “not seriously.” Ukrainian airports and railways continued operating but the Ukrainian delivery service, Nova Poshta, had to halt services after its network was infected. Ukraine’s Central Bank posted an alert on its website warning it had been targeted by hackers.
In a statement, Kremlin-controlled Rosneft, Russia’s largest crude producer, said it had avoided “serious consequences” by switching to a backup system "for managing production processes.”
In Denmark, Maersk, operator of the world’s largest container line, said its customers were unable to use online booking tools and its internal systems were down. The attack was affecting multiple sites and units, including a major port operator and an oil and gas producer.
Spokesman Anders Rosendahl said, " We are talking about a cyberattack. It has affected all branches of our business, at home and abroad." , spokeswoman Concepcion Boo Arias said by phone.
Saint-Gobain, a French manufacturer, said its systems had also been infected, but would not elaborate. British media company WPP Plc said its IT systems had also been hit in "several" of its companies.
Ther is very little information about what might be behind the disruption at each specific company, but cybersecurity experts rapidly zeroed in on a form of ransomware, the name given to programs that hold data hostage by scrambling it until a payment is made.
“A massive ransomware campaign is currently unfolding worldwide,” said Romanian cybersecurity company Bitdefender. Analyst Bogdan Botezatu said he had examined samples of the programme and that it appeared to be nearly identical to GoldenEye, one of a family of hostage-taking programmes that has been circulating for months.
It’s not clear whether or why the ransomware has suddenly become so much more potent, but Mr Botezatu said that it was probably spreading automatically across a network, without the need for human interaction. Self-spreading software, often described as “worms,” are particularly feared because they can spread rapidly, like a contagious disease.
“It’s like somebody sneezing into a train full of people,” said Mr Botezatu. “You just have to exist there and you’re vulnerable.”
The strikes follow the global ransomware assault involving the WannaCry virus that affected hundreds of thousands of computers in more than 150 countries as extortionists demanded $300 in bitcoin from victims. Ransomware attacks have been soaring and the number of such incidents increased by 50 percent in 2016, according to Verizon Communications Inc.
The new virus has a fake Microsoft digital signature appended to it and the attack is spreading to many countries, said Costin Raiu, director of the global research and analysis team at Moscow-based Kaspersky Lab on Twitter.
Bloomberg and Associated Press
