Petya: The Latest  Global Ransomware Incident

Uploaded on 2017-06-28 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The UK’s National Cyber Security Centre  (NCSC) says it is aware of a cyber-attack spreading around the world amid fears of disruption to infrastructure including banking and transport.

“We’re aware of the global ransomware incident and are monitoring the situation closely,” said a spokesperson, advising members of the public and businesses to check its website for guidance on keeping their systems secure.

British advertising firm WPP said IT systems in several of its companies were affected by the attack, as Maersk employees were sent home from its offices in Berkshire.

The first reports came from Ukraine where state infrastructure including government-owned banks, energy firms, transportation and ministers’ computers were hit by the ransomware. Russian oil giant Rosneft, the world’s largest shipping company Maersk and firms in India and Norway were among those affected.

Infected computers display a message demanding a payment of $300 (£235) in Bitcoin to re-gain access to encrypted files.
The Swiss Government’s Reporting and Analysis Centre said the Petya virus was believed to be responsible and was spreading by “exploiting the SMB (Server Message Block) vulnerability”.

Petya was previously blamed for disrupting systems in 2016 and works similarly to the WannaCry ransomware that infected more than 230,000 computers in 150 countries last month.

Maersk said its IT systems were down across “multiple sites and businesses due to a cyber-attack” that could affect its global operations. Employees at Maersk’s main UK office in Maidenhead said all staff had been locked out of their computers and sent home for the day.The Danish business conglomerate is the largest container shipping company in the world and also operates in the oil and gas sectors. Seventeen shipping container terminals run by Maersk subsidiary APM Terminals have also been hacked, including two in Rotterdam and 15 in other parts of the world, according to Dutch television.

Norway’s national security agency said the ransomware was affecting an unnamed “international company” in the country.
Rosneft, a Russian government-owned oil firm, said it was also targeted by a “massive hacker attack” on its servers, as was steel maker Evraz.

Ukraine’s national bank, state power company and largest airport were among the targets first reported targets.
Rozenko Pavlo, the deputy Prime Minister, said he and other members of the government were unable to access their computers.

Ukrainian state-run aircraft manufacturer Antonov was among the companies hit, along with state power distributor Ukrenergo, which said the attack did not affect power supplies. The National Bank of Ukraine said an “unknown virus” was to blame, saying several unnamed Ukrainian banks were affected along with financial firms. 
“As a result of cyber-attacks, these banks have difficulties with customer service and banking operations,” a statement said.
“The National Bank is confident that the banking infrastructure's defence against cyber fraud is properly set up and attempted cyber-attacks on banks' IT systems will be neutralised.”

Computers and departure boards for Boryspil International Airport in Kiev, the largest in Ukraine, were also down.
The Ukrposhta state postal service, television stations and transport were affected by the attack, which left Kiev metro passengers unable to pay using bank cards. Many ATMs were disabled, displaying the message left by hackers, as were tills in supermarkets.

Ukraine's Prime Minister later described the attack as “unprecedented” but said “vital systems haven't been affected”.
 “Our IT experts are doing their job and protecting critical infrastructure, Volodymyr Groysman added.
"The attack will be repelled and the perpetrators will be tracked down."

Ukraine has blamed Russia for repeated cyber-attacks targeting crucial infrastructure during the past three years, including one on its power grid that left part of western Ukraine temporarily without electricity in December 2015.
Russia has denied involvement and the orchestrators of the attack were not known, although onlookers estimated they could make billions of dollars from the hack.

The UK’s Parliament was attacked on Friday 23rd June that compromised up to 90 accounts as part of efforts to access the accounts of MPs, peers and their staff by searching for weak passwords.

The growth of global cyber-attacks, including those targeting the election campaigns of Hillary Clinton and Emmanuel Macron, have sparked warnings of a permanent war on-line. 

Guillaume Poupard, director general of the National Cybersecurity Agency of France (ANSSI) said intensifying attacks were coming from unspecified states, as well as criminal and extremist groups.
“We must work collectively, not just with two or three Western countries, but on a global scale,” he added, saying attacks could aim at espionage, fraud, sabotage or destruction.
“We are getting closer, clearly, to a state of war that could be more complicated, probably, than those we've known until now.”

Independent

You Might Also Read:

Power Companies Cyber ‘Nightmare’:

WannaCry Prompts Microsoft Updates … And A Warning:

 

 

« Facebook Deploys AI To Block Terror Propaganda
EU Fines Google $2.7 Billion »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ITQ

ITQ

ITQ is an IT consulting firm with a focus on the entire VMware-product portfolio with three main services: Professional Services, Support Services and Managed Services.

Waterfall Security Solutions

Waterfall Security Solutions

Waterfall Security is focused on protecting critical infrastructure and industrial control systems from remote online cyber attacks,

Karamba Security

Karamba Security

Karamba provide an IoT Security solution for ECUs in automobiles which ensures that all cars are protected (not just autonomous cars).

Holm Security

Holm Security

Holm Security are taking vulnerability assessment into the next generation as a cloud service.

Cybersecurity Innovation Hub

Cybersecurity Innovation Hub

The main objective of the Hub is to bring cybersecurity and other advanced technologies closer to companies and as a result help to increase their performance as Industry 4.0.

Calero Software

Calero Software

Calero is a leading global provider of Communications and Cloud Lifecycle Management (CLM) solutions designed to simplify the management of voice, mobile and other unified communications services.

Kapalya

Kapalya

Kapalya empowers businesses and their employees to securely store sensitive files at-rest and in-transit across multiple platforms through a user-friendly desktop and mobile application.

CMMI Institute

CMMI Institute

CMMI Institute enables organizations to elevate and benchmark performance across a range of critical business capabilities, including product development, data management and cybersecurity.

Emirates International Accreditation Center (EIAC)

Emirates International Accreditation Center (EIAC)

EIACI is the national accreditation body for the United Arab Emirates. The directory of members provides details of organisations offering certification services for ISO 27001.

RISE

RISE

RISE is an independent, State-owned research institute, which offers unique expertise and over 100 testbeds and demonstration environments for future-proof technologies, products and services.

ProofID

ProofID

ProofID is a specialist provider of Identity Access Management (IAM) solutions. We focus on the solving the complex needs of the modern enterprise.

Infostream

Infostream

Infostream is a leading integrator of Digital Transformations Solutions (DTS); Public, Private, and Hybrid Cloud; Cybersecurity; Data Integrity; DevOps, DevSecOps, and Infrastructures.

Emtec

Emtec

Emtec’s cyber security team provides advisory, assessment, & managed security services that help you build the cyber security policies, toolsets & best practices to elevate your cyber security posture

Acora

Acora

Acora provide a range of best-in-class managed services, Microsoft-centric business software, and cloud solutions designed to help mid-market organisations succeed in the digital economy.

Catalogic Software

Catalogic Software

Catalogic helps clients backup, recover, manage, and protect their data across their enterprise and cloud environments with Smart Data Protection solutions.

SNC-Lavalin

SNC-Lavalin

SNC-Lavalin is a fully integrated professional services and project management company with offices around the world.

inWebo

inWebo

inWebo is the specialist in multi-factor strong authentication (MFA). We guarantee the security of data and identities in a digital world with increasingly important economic and political stakes.

Communications Fraud Control Association (CFCA)

Communications Fraud Control Association (CFCA)

CFCA is the premier International Association for fraud risk management, fraud prevention and profitability control.