Massive cyber attack hits systems in Ukraine, Russia, Western Europe

Massive cyber attack hits systems in Ukraine, Russia, Western Europe
Ransomware message displayed on computer of Ukrainian Deputy Prime Minister Pavel Rozenko. / Photo by Pavel Rozenko/Twitter
By bne IntelliNews June 27, 2017

A massive cyber attack wrought havoc on energy, transport and government computer systems in Ukraine and Russia on June 27, and appeared to be spreading rapidly beyond these countries, with reports of disruptions also in Denmark, Romania, Spain and the UK.

A Moscow-based cyber security firm, Group-IB, said it appeared to be a coordinated attack simultaneously targeting victims in the two former Soviet neighbours. Analysts said the virus called Petrwrap or Petya bore similarities to the WannaCry ransomware that infected more than 230,000 computers in 150 countries in May.

Affected organisations included the Rosneft oil major and its recently acquired subsidiary Bashneft, metals major Evraz, as well as Russian divisions of Mars, Nivea, TESA, and a number of banks, altogether over 80 entities, according to the Russian business daily Vedomosti.

Russia’s largest oil producer, Kremlin-controlled Rosneft, said in a statement that it avoided “serious consequences” from the “powerful hacker attack” by switching to “a backup system for managing production processes”.

In Ukraine, networks of Borispol airport near Kyiv, as well as the government computer network, were said to be affected, with Ukrainian Deputy Prime Minister Pavlo Rozenko tweeting a picture of an error message on his screen.

The National Bank of Ukraine, a number of banks and companies, including the state power distributor, were also hit, disrupting some operations, Reuters reported. Ukrainian utility Kievenergo powered down all of its computers after the hack, while another power company, Ukrenergo, was also affected but “not seriously”, according to Interfax.

Anton Gerashchenko, a senior adviser at the Ukrainian interior ministry, wrote on Facebook that the disruption was “the biggest in Ukraine’s history”.

Although the virus also hit Russia and appears to be spreading indiscriminately across borders, Zoryan Shkiryak, another ministry advisor, was quick to blame Moscow. He told TV channel 112 Ukraina that “there was no doubt Russia is behind [the attacks] as this is what hybrid war looks like today,” Vedomosti reported.

In another of the affected countries, Danish transport and logistics company Maersk also said that “multiple sites and business units” had been shut down after the cyber attack.

According to cybersecurity experts surveyed by the newspaper, the virus is unlikely to be a version of the recent WannaCry ransomware, but a modification of the Petya virus that attacks hard drives and spreads through emailed links and then through internal networks.

It does not allow victims to use infected devices, since after completing the encryption process, the virus forces the computer to shut down and makes it unusable until $300 cryptocurrency ransom demands are paid.

An expert from Kaspersky Lab told gazeta.ru that the new virus could be spreading through human resources departments of companies, masked as letters from potential candidates with links to fake CVs.

News

Dismiss