Several multinational companies said Tuesday they were targeted in a massive wave of cyberattacks which started in Russia and Ukraine before spreading to western Europe.
Danish sea transport company Maersk, British advertising giant WPP and the French industrial group Saint-Gobain were among those who said they came under attack and put protection protocols in place to avoid data loss.
The first reports of trouble came from Ukrainian banks, Kiev’s main airport and Russia’s Rosneft oil giant, in a major incident reminiscent of the recent WannaCry virus.
IT experts identified the virus as “Petrwrap”, a modified version of the Petya ransomware which hit last year and demanded money from victims in exchange for the return of their data.
It also recalled a ransomware outbreak last month which hit more than 150 countries and a total of more than 200,000 victims with the WannaCry ransomware.
The virus is “spreading around the world, a large number of countries are affected,” Costin Raiu, a researcher at the Moscow-based computer security firm Kaspersky Lab said via Twitter.
Ukrainian Prime Minister Volodymyr Groysman wrote on Facebook that the attacks in his country were “unprecedented” but insisted that “important systems were not affected.”
‘Powerful cyberattack’
Ukraine’s central bank said several lenders had been hit in the country, hindering operations and leading the regulator to warn other financial institutions to tighten security measures.
Banks were experiencing “difficulty in servicing customers and performing banking operations” due to the attacks, the bank said in a statement.
Among those hit was Oschadbank, one of Ukraine’s largest banks.
Russian state oil giant Rosneft said earlier that its servers suffered a “powerful” cyberattack but thanks to its backup system “the production and extraction of oil were not stopped.”
The attacks on Russian and Ukrainian companies involved a type of ransomware that locks users out of the computer and demands purchase of a key to reinstate access, said cybersecurity company Group IB.
Beyond Ukraine and Russia, the wave of cyberattacks also impacted Maersk, a global cargo shipping company and Saint-Gobain, a French company producing construction materials and British-based WPP.
“To protect our data we have isolated our systems,” Saint-Gobain told AFP.
A Maersk representative told AFP that company systems are “down across all business units due to a virus.”
The attacks started around 2:00 pm Moscow time (1100GMT), the group said, and quickly spread to 80 companies in Ukraine and Russia.
The cryptolocker demands $300 in bitcoins and does not name the encrypting program, which makes finding a solution difficult, said Group IB spokesman Evgeny Gukov in an emailed comment.
Energy firms, airport
Attacks were also reported by the power company in Kiev, Kyivenergo. “We were forced to turn off all of our computers,” a company representative told Interfax Ukraine agency.
The attack also affected some Ukraine government computers and the website of Ukraine’s biggest airport Boryspil.
“The official airport website and the flight schedule are not working!” wrote airport director Pavlo Ryabykin on Facebook, though without confirming the website was hit by a virus.
The government press service said Petya hit “personal computers” of some individuals but not government servers.
Ukraine’s delivery service company Nova Poshta confirmed the virus that hit its computers was Petya.A.
The fight against cyberattacks has sparked exponential growth in global protection spending, with the cyber security market estimated at $120 billion this year, more than 30 times its size just over a decade ago.
But even that massive figure looks set to be dwarfed within a few years, experts said, after ransomware attacks crippled computers worldwide in the past week.
Cyberattack: List of victims
A major cyberattack unfolded on Tuesday, striking banks, corporations and infrastructure in Ukraine and Russia before spreading to western Europe and then the United States.
Experts say the virus is a modified version of the so-called Petya ransomware, which hit last year and demanded money from victims in exchange for their data.
A similar virus called WannaCry infected more than 200,000 computers in more than 150 countries last month.
Following is a list of companies and organisations which say they have been a victim of the latest attack:
– Ukraine’s central bank, the National Bank of Ukraine
– Ukrainian bank Oschadbank
– Ukrainian delivery service company Nova Poshta
– Russian state oil giant Rosneft
– Kyivenergo, Kiev power company
– Radiation monitoring system at Chernobyl
– Website of Kiev’s Boryspil international airport
– Danish sea transport company Maersk
– British advertising giant WPP
– French industrial group Saint-Gobain
– US pharmaceutical giant Merck
Filed Under: Cybersecurity, Industry regulations + certifications