Petya Cyber Attack Hits EU & US

Victims of a major ransomware cyberattack that has spread through the US and Europe can no longer unlock their computers even if they pay the ransom.

The “Petya” ransomware has caused serious disruption at large firms including the advertising giant WPP, French construction materials company Saint-Gobain and Russian steel and oil firms Evraz and Rosneft.

Infected computers display a message demanding a Bitcoin ransom worth $300. Those who pay are asked to send confirmation of payment to an email address. However, that email address has been shut down by the email provider. 
“We do not tolerate any misuse of our platform,” said the German email provider Posteo in a blog post.

This means that there is no longer any way for people who decide to pay the ransom to contact the attacker for a decryption key to unlock their computer.
“This is not an experienced ransomware operator,” said Ryan Kalember, senior vice-president of cybersecurity strategy at Proofpoint.

The attack was first reported in Ukraine, where the government, banks, state power utility and Kiev’s airport and metro system were all affected. The radiation monitoring system at Chernobyl was taken offline, forcing employees to use hand-held counters to measure levels at the former nuclear plant’s exclusion zone. 

The food giant Mondelez, legal firm DLA Piper, Danish shipping and transport giant AP Moller-Maersk and Heritage Valley Health System, which runs hospitals and care facilities in Pittsburgh, also said their systems had been hit by the malware.
WPP said in a statement that the computer systems at several of its subsidiary companies had been affected, adding that it was “assessing the situation and taking appropriate measures”.

In an internal memo to staff, one WPP firm said it was the target of “a massive global malware attack, affecting all Windows servers, PCs and laptops”. It warned employees to turn off and disconnect all machines using Windows. Some technology experts said the attack appeared consistent with an “updated variant” of a virus known as Petya or Petrwrap, a ransomware that locks computer files and forces users to pay a designated sum to regain access. 

But analysts at cyber security firm Kaspersky Labs said they had traced the infections to “a new ransomware that has not been seen before”. The “NotPetya” attack had hit 2,000 users in Russia, Ukraine, Poland, France, Italy, the UK, Germany and the US, Kaspersky said.

Last month’s WannaCry or WannaCrypt ransomware attack affected more than 230,000 computers in over 150 countries, with the UK’s national health service, Spanish phone giant Telefónica and German state railways among those hardest hit.
Symantec cyber security experts said they had confirmed the ransomware in the current attack was using the same exploit – a program that takes advantage of a software vulnerability - as WannaCry. The exploit, called EternalBlue, was leaked by the Shadow Brokers hacker group in April and is thought to have been developed by the US National Security Agency.

To spread within companies that installed the patch to protect themselves against WannaCry, the Petya ransomware appears to have two other ways of spreading rapidly within an organisation, by targeting the network’s administrator tools. 
It’s not yet clear how computers became infected with the ransomware in the first place, but it doesn’t seem to be through email as happened with WannaCry, said Kalember.

Pictures circulating on social media recently on screens purportedly affected by the attack showed a message stating, “Your files are no longer accessible because they have been encrypted,” and demanding a $300 ransom in the Bitcoin digital currency.

The attack affected all business units at Maersk, including container shipping, port and tug boat operations, oil and gas production, drilling services, and oil tankers, the company said, as well as seventeen container terminals.
“We can confirm that Maersk IT systems are down across multiple sites and business units due to a cyber-attack,” the Copenhagen-based firm said on Twitter. “We continue to assess the situation.”

The disruptions in Ukraine follow a rash of hacking attempts on state websites in late 2016 and a succession of attacks on the national electricity grid that prompted security chiefs to call for improved cyber defences. The country’s prime minister, Volodymyr Groysman, said the attack was “unprecedented” but vital systems had not been affected. “Our IT experts are doing their job and protecting critical infrastructure,” he said. “The attack will be repelled and the perpetrators will be tracked down.”

In a bid to calm public fears about the attack, which temporarily shut down the country’s main airport and prevented travellers from using the Kiev metro, the authorities tweeted a GIF of a dog nonchalantly drinking tea in a room on fire.
Deputy prime minister Pavlo Rozenko earlier tweeted a picture of a darkened computer screen and said the government’s IT system had been shut down. The state grid, Ukrenergo, said its system had been hit but power supplies were unaffected.
The central bank said an “unknown virus” was to blame for the latest attacks. “As a result of these cyber-attacks, these banks are having difficulties with client services and carrying out banking operations,” it said in a statement.

Ukraine has blamed Russia for previous cyber-attacks, including one on its power grid at the end of 2015 that left part of western Ukraine temporarily without electricity. Russia has denied carrying out cyber-attacks on Ukraine.
Nicolas Duvinage, head of the French military’s digital crime unit, told Agence France-Presse the attack was “a bit like a flu epidemic in winter”, adding: “We will get many of these viral attack waves in coming months.” 

The growing fight against cyber-attacks has seen protection spending surge around the world, with the global cyber security market estimated to be worth some £94bn ($120bn) this year, more than 30 times its size just over a decade ago.

Guardan

You Might Also Read:

Petya: The Latest  Global Ransomware Incident:

WannaCry Prompts Microsoft Updates … And A Warning:

 

« Does Canada Need Its Own CIA Or MI6?
India Internet Shutdowns 'Violate Human Rights' »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Endace

Endace

Endace is a leader in network visibility, network recording and packet capture solutions for security, network and application performance monitoring.

StickyMinds

StickyMinds

StickyMinds is the web's first interactive testing community exclusively engaged in improving software quality throughout the software development lifecycle.

Cyber Security Recruiters

Cyber Security Recruiters

Cyber Security Recruiters is a niche recruiting firm who finds impact players for our clients in the Information Security Space.

Ubisecure

Ubisecure

Ubisecure provide Identity & Access Management solutions.

NPCore

NPCore

NPCore is specialized in defense solution against unknown APT and Ransomware and provides two-level defense on network and endpoint based on behavior.

Council to Secure the Digital Economy (CSDE)

Council to Secure the Digital Economy (CSDE)

CSDE brings together companies from across the ICT sector to combat increasingly sophisticated and emerging cyber threats through collaborative actions.

Jobsora

Jobsora

Jobsora is an innovative job search platform in the UK and more than 35 other countries around the world. Sectors covered include IT and cybersecurity.

Internet 2.0

Internet 2.0

Internet 2.0 is a Cyber Security technology company with a core focus on developing affordable but sophisticated cyber security solutions.

UnderDefense

UnderDefense

UnderDefense provides cyber resiliency consulting and technology-enabled services to anticipate, manage and defend against cyber threats.

HENSOLDT Cyber

HENSOLDT Cyber

HENSOLDT Cyber introduces a paradigm shift to cyber security. Our products have been designed to ensure the integrity of embedded systems at the core: the operating system and the processor.

Digital Catapult

Digital Catapult

Digital Catapult is the UK authority on advanced digital technology. We bring out the best in business by accelerating new possibilities with advanced digital technologies.

HashiCorp

HashiCorp

At HashiCorp, we believe infrastructure enables innovation, and we are helping organizations to operate that infrastructure in the cloud.

HTL Support

HTL Support

HTL Support, your trusted partner for comprehensive IT support in London. We specialize in delivering top-tier IT solutions tailored to both large enterprises and small businesses.

Orca Technology

Orca Technology

Orca is a UK-based Managed Service Provider delivering end-to-end managed IT services, support, hosted desktop, cloud solutions and strategic guidance.

Invisily

Invisily

Invisily makes enterprise and cloud computing resources invisible to attackers with zero trust solutions, making them visible only when needed to only those who need them.

LEPHISH

LEPHISH

LePhish is a French cybersecurity solution specializing in automated phishing campaigns.