Cyberattack hits Ukraine, Europe, U.S.; hackers use suspected ransomware similar to “WannaCry” malware

PARIS — A new and highly virulent outbreak of malicious data-scrambling software appears to be causing mass disruption across Europe, hitting Ukraine especially hard.

Company and government officials reported serious intrusions at the Ukrainian power grid, banks and government offices, where one senior official posted a photo of a darkened computer screen and the words, “the whole network is down.”

The attack was reportedly affecting websites in Great Britain, Norway and India, as well, and at least one major U.S. company said it was affected. The New Jersey-based pharmaceutical company Merck confirmed that its computer network was compromised as part of what it called a “global hack,” and said it was investigating.

We confirm our company’s computer network was compromised today as part of global hack. Other organizations have also been affected (1 of 2)

– Merck (@Merck)
June 27, 2017

Ukraine’s government said the cyberattack was the biggest ever to hit the country, and an adviser to the Minister of Internal Affairs was quick to suggest the attacks appeared to have originated from Russia.

However, Russia’s Rosneft energy company also reported falling victim to the hacking, saying it had narrowly avoided major damage.

“The hacking attack could have led to serious consequences but neither the oil production nor the processing has been affected thanks to the fact that the company has switched to a reserve control system,” the company said.

U.S. cybersecurity expert Chris Hadnagy, CEO of Social-Engineer Inc., told CBS News, “We’ve been following it very closely and it is … massive. It’s attacking a lot of industrial areas, airports, banks, power grids in the Ukraine and in Russia.”

The U.S. Department of Homeland Security issued a statement saying it is monitoring reports of attacks “affecting multiple global entities” and is “coordinating with our international and domestic cyber partners,” offering confidential analysis and technical support.

The number of companies and agencies reportedly affected by the ransomware campaign piled up fast, as the electronic rampage appeared to be rapidly snowballing into a real-world world crisis.

Shipping company A.P. Moller-Maersk said every branch of its business was affected. “We are responding to limit impact on customers and to uphold operations,” the company said in a statement posted on Twitter.

“We are talking about a cyberattack,” said Anders Rosendahl, a spokesman for the Copenhagen-based shipping group. “It has affected all branches of our business, at home and abroad.”

Dutch daily Algemeen Dagblaad said container ship terminals in Rotterdam run by a unit of Maersk were also affected.

The Ukrainian Interior Ministry adviser said the cyberattacks were using a modified version of the “WannaCry” malware that was found to be at the heart of a massive, global attack by hackers earlier this year — one that cost companies billions of dollars.

Technology experts said in May that there was evidence North Korean hackers could have been behind that malware assault.

Ukrainian Deputy Prime Minister Pavlo Rozenko on Tuesday posted a picture of a darkened computer screen to Twitter, saying that the computer system at the government’s headquarters had been shut down.

There was very little information on Tuesday about who might be behind the latest disruption, but technology experts who examined screenshots circulating on social media said it bears the hallmarks of ransomware, the name given to programs that hold data hostage by scrambling it until a payment is made.

“A massive ransomware campaign is currently unfolding worldwide,” said Romanian cybersecurity company Bitdefender. It said the malicious program appeared to be nearly identical to GoldenEye, one of a family of rogue programs that has been circulating for months. It’s not clear whether or why the ransomware had suddenly become so much more potent.

In Switzerland, a government cybersecurity agency said the attacks appeared to employ ransomware known as “Petya.”

“There have been indications of late that Petya is in circulation again, exploiting the SMB (Server Message Block) vulnerability,” the Swiss Reporting and Analysis Center for Information Assurance (MELANI) told the Reuters news agency in an e-mail.

Reuters said the Petya virus was behind a widespread attack in 2016.

CNET reports the malware encrypts crucial computer files and holds them hostage, demanding $300 in bitcoin to regain access.

Ukraine Prime Minister’s Office via CNET

What can computer users do to protect themselves? ZDNet security editor Zack Whittaker said it’s important to keep software up to date by installing the latest security patches, but even that may not be enough.

“There’s some conflicting reports that even backed-up computers may be affected,” he said. “We’ll see what happens in the next few hours as we have more information.”

In addition to software updates, he advised, “You should carry out regular backups of your data to make sure it’s safe and secure, and make sure that backed-up data is never connected to the internet.”

Many systems are still recovering from the WannaCry outbreak this spring, which spread rapidly using digital break-in tools originally created by the U.S. National Security Agency (NSA) that were leaked to the web by a group calling itself the Shadow Brokers.

Max Everett, a cybersecurity expert and managing director at Fortalice Solutions, told CBSN on Monday that the world was simply not prepared for the more widespread attacks expected in the future.


Article by channel:

Read more articles tagged: Malware