Cyber attack hits oil giant and banks in Russia and Ukraine

Herbert Rhodes
June 28, 2017

"The hacking attack could have led to serious consequences but neither the oil production nor the processing has been affected thanks to the fact that the company has switched to a reserve control system", the company said. A WPP employee who asked not to be named said that workers were told to shut down their computers: "The building has come to a standstill".

Group IB, a Moscow-based cyber security company, said that hackers used a cryptolocker called "Petya", which blocks access to computers and displays a message demanding a $300 ransom payable in bitcoin. "Nobody can recover your files without our decryption service".

Among the companies that acknowledged they'd been hit were Merck, the huge US pharmaceutical; Rosneft, the Russian firm that is the world's largest publicly traded oil company; and A.P. Moller-Maersk, the Danish shipping and energy giant. It's unclear if all the attacks are related at this time. (Microsoft recently released a patch meant to address this flaw.) That exploit made its way into the wild after a group calling itself The Shadow Brokers dumped what it said was a suite of NSA hacking tools on the internet in April.

It uses two layers of encryption which have frustrated efforts by researchers to break the code, according to Romanian security firm Bitdefender.

Signs that this is a new strain led Kaspersky Lab malware analyst Vyacheslav Zakorzhevsky to say the outbreak comes from a "new ransomware we haven't seen before". Microsoft issued a patch for the exploit in March.

The ferocity of the attack can be gauged from the fact that Ukraine President Volodymyr Groysman called the cyber attack unprecedented in the history of the country.

One security researcher, Dave Kennedy of TrustedSec, a Strongsville, Ohio, firm, tweeted that Petya "spreads SUPER fast", adding that he observed the ransomware hit 5,000 networks "in under 10 minutes".

The Chernobyl nuclear power plant is among the sites hit by a new malicious data-scrambling cyber attack which has hit government, businesses, banks and airports across Europe and the UK.

More news: Woman found guilty of involuntary manslaughter because of her text messages

An advisor to Ukraine's interior minister said the virus got into computer systems via "phishing" emails written in Russian and Ukrainian created to lure employees into opening them.

According to the state security agency, the emails contained infected Word documents or PDF files as attachments.

Still, the attack could be more unsafe than traditional strains of ransomware because it makes computers unresponsive and unable to reboot, Juniper Networks said in a blog post analyzing the attack.

"There may be delays in flights due to the situation", airport director Yevhen Dykhne said in a statement.

Even as more media outlets reporting about the attack, it was believed to be spreading as far as India.

At press time, the attack has only been going on for a couple of hours, but has already caused significant damage.

Russian metals giant Evraz said its IT systems had been affected too, Russia's RIA news agency reported. One consumer lender, Home Credit, had to suspend client operations.

Other reports by TheSundaySentinel

Discuss This Article