Sunday, 18 November, 2018

Large Cyberattack Hits Ukraine, Snarling Electric Grids And Banks

Several major firms say targets of international cyberattack Several major firms say targets of international cyberattack
Melinda Barton | 29 June, 2017, 08:58

The cyber attack is believed to be a form of ransomware which Cert NZ describes as a malicious software that shuts down computers and demands a ransom to be paid for them to be unlocked.

The Ukraine president's deputy head of administration, Dmytro Shymkiv said its officials were paying a "high level of attention" to the attack, but its IT systems were operating as normal.

Beyond Ukraine and Russian Federation, the wave of cyberattacks also impacted Maersk, a global cargo shipping company and Saint-Gobain, a French company producing construction materials and British-based WPP.

A new wave of powerful cyberattacks hit Europe on Tuesday in a possible reprise of a widespread ransomware assault in May that affected 150 countries, as Ukraine reported ransom demands targeting the government and key infrastructure, and the Danish Maersk conglomerate said many of its systems were down.

The world is still recovering from a previous outbreak of ransomware, called WannaCry or WannaCrypt, which spread rapidly using digital break-in tools originally created by the U.S. National Security Agency and recently leaked to the web.

"Due to the temporary disconnection of the Windows system, the radiation monitoring in the area of the industrial site is carried out manually", the agency for control of the Chernobyl exclusion zone said in a statement.

The scale and use of ransomware has similarities to last month's cyber attack, which some experts linked to North Korea.

"We are talking about a cyberattack", said Anders Rosendahl, a spokesman for the Copenhagen-based shipping group.

The British National Cyber Security Centre said it was "aware of the global ransomware incident" and is "monitoring the situation closely".

"The criminals behind this attack are asking for $300 in Bitcoins to deliver the key that decrypts the ransomed data, payable to a unified Bitcoin account", Kaspersky said in a news update late Tuesday afternoon, noting that the culprits asked victims to send electronic payment via email.

In other words, Petya encrypts one's entire hard-disk on the computer, rather than individual files and applications, which was how WannaCry operated. "Perhaps you are busy looking for a way to recover your files, but don't waste your time".

The same message appeared on computers at Maersk offices in Rotterdam, according to screenshots posted on local media.

"Petya is different and could be much worse", said Morey Haber, vice president of technology at BeyondTrust."The main takeaway is that WannaCry only had one method to propagate".

Reports also said the attacks impacted Russian metal maker Evraz, French construction materials firm Saint Gobain and the world's biggest advertising agency, WPP but it could not be ascertained whether it was by the same virus.

Among the American targets are the giant Merck pharmaceutical company in New Jersey; the Mondelez food company, which produces Oreo cookies; and a major multinational law firm, DLA Piper. Rosneft said that the company narrowly avoided major damage.

Chris Wysopal of security company Veracode was quoted by the BBC as saying the malware seemed to be spreading via some of the same Windows code loopholes exploited by Wannacry. Many firms did not patch those holes because Wannacry was tackled so quickly, he added.

Heavily concentrated in Russian Federation and Ukraine, Petya infections have also been seen across Europe at large, with reports coming in from Denmark and Spain - and even the United States, which may indicate the potential for a greater spread across the world.