Monday, 24 September, 2018

Large 'Petya' Cyberattack Hits Ukraine, And Experts Say It Could Spread

Ukraine Car bomb kills military intelligence officer Large 'Petya' Cyberattack Hits Ukraine, And Experts Say It Could Spread
Sherri Watson | 28 June, 2017, 02:57

American pharmaceutical company Merck & Co said its computer network had been affected by the global hack.

Like a previous attack that swept into more than 150 countries on May 12, Tuesday's virulent outbreak appeared to be powered by a US cyber weapon stolen from the National Security Agency.

The Petya ransomware is associated with a Bitcoin wallet and demands $300 in Bitcoins for decryption.

Attacks were reported in the UK, Spain and the Netherlands, along with Russia, Ukraine and Denmark, as well as in the United States. "There are few victims in the U.S.so far", Nick Bilogorskiy, senior threat director at Cyphort, a Santa Clara, California, cybersecurity firm, said in an emailed statement.

Researchers at Kaspersky said that after analyzing the ransomware sample used in Tuesday's attacks, they found that it was not actually a version of Petya, but a separate variant altogether. That is over £3,176 ($4,061.20) in the digital currency.

A new and highly virulent outbreak of malicious data-scrambling software appears to be causing mass disruption across Europe, hitting Ukraine especially hard.

For the moment, Ukraine has been the country most affected by the attack, which targeted the Kiev metro, the state-run Ukrenergo electricity company, the Ukrtelecom telephone company and several cell phone operators, among many other firms.

There may be delays in flights due to the situation.

SAINT GOBAIN: French construction materials company Saint Gobain said it had been a victim of a cyber attack, and it had isolated its computer systems to protect data.

"The company's servers underwent a powerful hacking attack", the company said on Twitter. The company's website was not available.

A Moscow-based cyber security firm, Group-IB, said it appeared to be a coordinated attack simultaneously targeting victims in Russian Federation and Ukraine. Eastern time, Ukraine has reported ransom demands targeting the government and key infrastructure, and the Danish Maersk conglomerate said many of its systems were down.

Apparently referring to a conflict over a regional oil producer with the Russian conglomerate Sistema, owned by oligarch Vladimir Yevtushenkov, Rosneft's statement added: "We hope that this has nothing to do with the current court proceedings". Ukraine's prime minister said the attack was unprecedented but that "vital systems haven't been affected".

"At this point, we are investigating whether the activity constitutes a significantly novel threat or an extension of known issues, as widespread ransomware campaigns are a regular occurrence at this time".

The agency did not name the companies affected, although German postal and logistics company Deutsche Post earlier said its systems in Ukraine had been affected.

The spread of the ransomware unfolded at alarming speed.

DHS is "monitoring reports of cyber attacks affecting multiple global entities and is coordinating with our worldwide and domestic cyber partners", said McConnell.

BitDefender anti-virus also confirmed that ransomware seems to be spreading through the EternalBlue computer exploit, which is alleged to have been originally created by the NSA. The group contends it has many more tools that it will auction off to bidders.