MOSCOW — A new wave of powerful
cyberattacks hit Europe on Tuesday in a possible reprise of a widespread
ransomware assault in May that affected 150 countries, as Ukraine
reported ransom demands targeting the government and key infrastructure,
and the Danish Maersk conglomerate said many of its systems were down.Reports of attacks spread quickly on Tuesday afternoon. The Russian oil giant Rosneft and a subsidiary, Bashneft, were also hit, as was the British advertising and marketing multinational WPP. Norway’s National Security Authority said an “international company” there was affected, and Martijn Pols, a spokesman for the Port of Rotterdam, said one shipping company, APM Terminals,
was targeted.
The virus even hit systems monitoring radiation at the site of the former Chernobyl nuclear power plant, where computers running Windows were temporarily knocked offline. By midday Tuesday, reports of cyberattacks had spread as far as India and the United States, where the Merck pharmaceutical giant reported on Twitter that “our company’s computer network was compromised today as part of global hack.” The New Jersey-based company said it was investigating the attack.
But the damage was worst in Ukraine, which first reported Tuesday’s cyberattacks, saying they targeted government ministries, banks, utilities and other important infrastructure and companies nationwide, demanding ransoms from government employees in the cryptocurrency bitcoin.
The hack’s scale and the use of ransomware quickly recalled the massive May cyberattack in which hackers likely linked to North Korea disabled computers in more than 150 nations using a flaw that was once incorporated by the National Security Agency’s surveillance tool kit. That attack used the vulnerability to install ransomware called WannaCry.
Tuesday’s attacks used a different form of ransomware similar to a virus known as Petrwrap or Petya, according to Costin Raiu, director of Global Research and Analysis Team at Kaspersky Lab.
Cyber researchers have tied the vulnerability in Petya to the one used in WannaCry — a vulnerability discovered by the NSA years ago that the agency turned into a hacking tool dubbed EternalBlue. Petya works like WannaCry in that it is a worm that spreads quickly to vulnerable systems, said Bill Wright, senior policy counsel for Symantec, the world’s largest cybersecurity firm. But that makes it difficult to control — or to aim at anyone, he said.
“Once you unleash something that propagates in this manner, it’s impossible to control,” he said.
He also expressed puzzlement about why firms and governments are still being hit. Microsoft in March made available a patch for the Windows flaw that EternalBlue exploited. “If you were running an updated operating system and had the latest patch, you would be protected,” Wright said.
Symantec said in a report: “A new strain of the Petya ransomware started propagating on June 27, 2017, infecting many organizations. Similar to WannaCry, Petya uses the Eternal Blue exploit to propagate itself.”
The Petya ransomware was identified in 2016, wrote FireEye Senior Manager John Miller. The virus differs from other ransomware because it “overwrites the master boot record (MBR) and encrypts the master file table (MFT), which renders the system inoperable until the ransom has been paid.”
The American Gas Association said that the Petya ransomware “struck Europe at about 9 a.m. EDT” on Tuesday and has spread from “critical infrastructure sectors including banking, electric, and aviation in Ukraine” to other countries including Britain, Russia, Denmark and Spain. The association added: “Natural gas and electric sectors in the U.S. were alerted within minutes of the European report and are reviewing indicators to monitor and defend against infection.” It said that so far, “there are no known compromises related to this malware to domestic natural gas utilities.”
By midafternoon in Ukraine, breaches had been reported at computers governing the municipal energy company and airport in the capital, Kiev, the state telecommunications company Ukrtelecom, the Ukrainian postal service and the State Savings Bank of Ukraine. Payment systems at grocery stores were knocked offline, as well as the turnstile system in the Kiev metro.
Ukrainian Deputy Prime Minister Pavlo Rozenko on Tuesday tweeted a picture of a computer screen warning in English that “one of your disks contains errors,” then adding in all capital letters: “DO NOT TURN OFF YOUR PC! IF YOU ABORT THIS PROCESS, YOU COULD DESTROY ALL YOUR DATA!”
“Ta-Dam!” he wrote. “It seems the computers at the Cabinet of Ministers of Ukraine have been ‘knocked out.’ The network is down.” Other shots of computer screens attributed to government officials showed demands for a “ransom” in bitcoins to release data encrypted by the virus.
Ukraine’s National Bank said in a statement said that an “unknown virus” has caused banks “difficulties in serving clients and carrying out banking operations.”
Suspicions among Ukrainian officials quickly fell on Russia, which annexed the Crimean Peninsula in 2014 and has backed separatists in eastern Ukraine. But no proof of Russian involvement in the hack was immediately made public. Ukraine has accused Russia of several large-scale assaults on the country’s power infrastructure in damaging cyberattacks.
Whatever its source, the virus appeared to be spreading Tuesday. A.P Moller - Maersk Group, a Danish transport and energy conglomerate, announced that “Maersk IT systems are down across multiple sites and business units due to a cyber attack.”
The company was trying to determine exactly how broad the attack was. "We are assessing the situation, and of course the safety of our employees and our operations alongside our customers’ business — these are our top priorities," Maersk spokeswoman Concepcion Boo Arias said.
No comments:
Post a Comment