KIEV: A wave of cyberattacks hit Russia and Ukraine before spreading to western Europe and North America on Tuesday, in the second global outbreak of so-called ransomware in less than two months.
Ukraine’s central bank, Kiev’s main airport, the Chernobyl nuclear disaster site, and a string of multinational companies, including US pharmaceutical giant Merck, Russian state oil giant Rosneft, British advertising giant WPP and French industrial group Saint-Gobain, were among the victims.
The virus is similar in its demands to the WannaCry ransomware, which swept the world last month, hitting more than 200,000 users in more than 150 countries. WannaCry locked up files and insisted on payment to regain access to them.
Some IT specialists identified the newcomer as “Petrwrap”, a modified version of ransomware called Petya which circulated last year. But global cybersecurity firm Kaspersky Lab described it as a new form of ransomware, and estimated the number of victims at around 2,000.
The virus is “spreading around the world, a large number of countries are affected,” Costin Raiu, a Kaspersky Lab researcher said in a Twitter post.
The precise method by which the intruder circulates — such as by email or through a “worm” — remains unclear, specialists said.
In France, the national cyber watchdog ANSSI said it was analysing the attacks and hoped to publish recommendations for users in a matter of hours.
Ukrainian Prime Minister Volodymyr Groysman wrote on Facebook that the attacks in his country were “unprecedented” but insisted that “important systems were not affected.”
However, the radiation monitoring system at Ukraine’s Chernobyl nuclear disaster site was taken offline.
“Our technicians are measuring radioactivity with Geiger counters onsite at the reactor as was done decades ago,” said Olena Kovaltshuk, spokesman for the government agency managing the exclusion zone around Chernobyl.
The attacks started around 2:00 pm Moscow time (1100GMT) and quickly spread to 80 companies in Ukraine and Russia, said cybersecurity company Group IB.
Victims were locked out of their computer and told to purchase a key to reinstate access. The cryptolocker demands $300 in the virtual currency Bitcoin and does not name the encrypting programme, which makes finding a solution difficult, Group IB spokesman Evgeny Gukov said.
Some Ukrainian banks were experiencing “difficulty in servicing customers and performing banking operations” due to the attacks, the central bank said in a statement.
Rosneft said its servers suffered a “powerful” cyberattack but thanks to its backup system “the production and extraction of oil were not stopped.”
In the United States, Merck was hit as was New York law firm of DLA Piper.
“We confirm our company’s computer network was compromised today as part of a global hack. Other organizations have also been affected,” Merck said on Twitter.
In Amsterdam, the Dutch parcel delivery company TNT, which operates in 200 countries around the world, said its systems had been affected.
“We are assessing the situation and are implementing remediation steps as quickly as possible,” the company, part of FedEx, said in a statement to Agence France-Presse.
Sean Sullivan, a researcher at the Finnish cybersecurity group F-Secure, said the attack “seems to be done by professional criminals,” with money as the motivation.
Unlike the recent WannaCry attack, the new attack had sophisticated elements that could make it easier to rapidly infect many more systems, he said.
Experts also said this latest attack could heighten fears that companies may be more vulnerable to cyberattacks than suspected, potentially putting personal data at risk.
“This will undeniably affect trust in these organisations and raise questions of competency,” said Louis Rynsard, a director at the corporate communications agency SBC London.
“The long-lasting impact of a cyberattack cannot be overstated,” he said.
The fight against cyberattacks has sparked exponential growth in global protection spending, with the cyber security market estimated at $120 billion this year, more than 30 times its size just over a decade ago.
But even that massive figure looks set to be dwarfed within a few years, experts said, after ransomware attacks crippled computers worldwide in the past week. AFP