A RANGE of organisations including big business and government offices in eastern Europe have been hit by a worldwide cyber attack.
The “massive ransomware campaign” has affected organisations ranging from global law firm DLA Piper, to advertising giant WPP and US pharmaceutical company Merck.
The hack has caused widespread disruption, with company and government officials reporting major disruption to the Ukrainian power grid, banks and government offices.
The latest attack comes just weeks after ransomware downed systems across the globe, including the NHS in the UK. More than 200,000 victims in around 150 countries were infected by the WannaCry or Wanna Decryptor ransomware, which originated in the UK and Spain last month, before spreading globally.
The current ransomware, the name given to programmes that hold data hostage by scrambling it until a payment is made, is known as GoldenEye or Petya, according to Bogdan Botezatu, a senior e-threat analyst at Bitdefender.
Victims of the malware can be asked to pay a 300 dollar ransom after their hard drive is encrypted, crashing their computer.
Mr Botezatu said on Tuesday evening that malware operators received 13 payments totalling 3,500 US dollars in digital currency in almost two hours.
He said: “Bitdefender has identified a massive ransomware campaign that is currently unfolding worldwide. “Preliminary information shows that the malware sample responsible for the infection is an almost identical clone of the GoldenEye ransomware family.”
The National Cyber Security Centre, which is part of intelligence agency GCHQ, said there was a “global ransomware incident”. A spokesman said: “We are aware of a global ransomware incident and are monitoring the situation closely. “The NCSC website provides advice to the public and business on how to protect your digital systems.”
WPP, the world’s biggest advertising business, confirmed it had been hit, while DLA Piper has taken its email system down as a preventative measure. Russia’s Rosneft energy company also reported falling victim, as did shipping company AP Moller-Maersk, which said every branch of its business was affected.
Ukrainian deputy prime minister Pavlo Rozenko posted a picture of a darkened computer screen on Twitter, saying the computer system at the government’s headquarters has been shut down. In reference to the attack, the State Agency of Ukraine on Exclusion Zone Management said Chernobyl’s radiation monitoring system has been switched to manual and is operating normally.
Experts have raised questions around the suspected exploit, named EternalBlue, which is thought to be being used to spread the ransomware from one computer to another. The same exploit is said to have been used in the WannaCry attack.
Marco Cova, senior security researcher at anti-malware company Lastline said: “The Petya attack looks very similar in its dynamics and techniques to the WannaCry ransomware that caused large disruption just a few weeks ago.
“In particular, like WannaCry, it seems to rely on the EternalBlue exploit to automatically spread from one machine to another. “It’s still early in the infection lifecycle, but obviously, if it is confirmed that the EternalBlue is the only spreading mechanism, there will be inevitable questions about how organisations could still fall to this attack after all the publicity and support tools (patches, scanning tools, etc.) that were produced as part of the WannaCry response.”
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here