Published: Wed, June 28, 2017
Business | By Max Garcia

'Petya' Cyberattack Cripples Ukraine, And Experts Say It's Spreading Globally

'Petya' Cyberattack Cripples Ukraine, And Experts Say It's Spreading Globally

The Maersk shipping company, based in Denmark, has confirmed that its "IT systems are down across multiple sites and business units due to a cyber attack".

APM Terminals, owned by Maersk, experienced system issues at multiple terminals, including the Port of NY and New Jersey, the largest port on the US East Coast, and Rotterdam in The Netherlands, Europe's largest harbour. Indian subsidiaries of United Kingdom and Russia-based oil and gas, energy and aviation companies were also hit.

"We confirm our company's computer network was compromised today as part of a global hack".

So far there was no clear indication of who was behind the attack. While banks and retailers have strengthened defences against certain types of attacks, such as those targeting credit card data, many others are still catching up in guarding against ransomware. Both asked victims to pay Bitcoin to get their files back, and both use a similar flaw to spread through networks.

"We are continuing to investigate and will take appropriate action to protect customers", a spokesman for the company said, adding that Microsoft antivirus software detects and removes it.

Group IB said the ransomware infects and locks a computer, and then demands a $300 ransom to be paid in Bitcoins.

"The ransomware, called Petwrap, is based on an older Petya variant, originating from the GoldenEye malware in December 2016", Phil Richards, chief information security officear for IT services firm Ivanti - formerly LANDESK - said in a statement.

Kaspersky Lab believes the strain is a "new ransomware that has not been seen before", despite its strong resemblance to Petya.

Organizations should be protected if they had installed a fix that Microsoft issued in March.

Any requests for help from DHS, McConnell says, are confidential.

In France, the national cyber watchdog ANSSI said it was analysing the attacks and hoped to publish recommendations for users in a matter of hours.

"This morning the National Bank of Ukraine has warned banks and other financial market participants about an external hacker attack on the websites of some Ukrainian banks, as well as commercial and public enterprises", the statement read.

The threat does not have "a known, viable external spreading mechanism - such as the Internet", so "it is possible that some infections may be associated with software update systems for a Ukrainian tax accounting package called MeDoc", according to Williams.

Companies don't patch for a variety of reasons: their machines don't support the patch, it's too expensive to do it, it might disrupt their services or they simply forget about an outdated computer on their network. He says it's too early for official confirmation of the targets in Ukraine but local media are reporting ATMs and some gasoline distribution to filling stations have been affected.

This ransomware was much more advanced than WannaCry, according to Craig Williams, senior tech lead and security outreach manager at Cisco Talos.

Ukraine's vice prime minister, Pavlo Rozenko, tweeted a screenshot of his malfunctioning computer saying computers at the Cabinet of Ministers have been affected.

The Chernobyl nuclear power plant was also hit by the cyber attack, according to a Ukrainian federal agency.

A representative of the agency said only the radiation checks on personnel entering and leaving the zone were being done manually, while all other radiation monitoring was being carried out as normal. It is more risky and intrusive as it is programmed to encrypt the Master File Tree tables for NTFS partitions and overrides the Master Boot Record (MBR) with a custom bootloader to display a ransom note and prevents victims from booting up, it said.

Like this: