According to numerous media reports, a new wave of powerful cyberattacks is causing mass disruption across Europe Tuesday, with banks, airports, the state power company and government departments in Ukraine being hit especially hard.
Several newspapers are reporting that the cyberattack has hit major companies in countries around the world.
According to The Washington Post, in a story posted at 11 a.m. Eastern time, Ukraine has reported ransom demands targeting the government and key infrastructure, and the Danish Maersk conglomerate said many of its systems were down.
“The Russian oil giant Rosneft was also hit, as was the British advertising and marketing multinational WPP. Norway’s National Security Authority said an ‘international company’ there was affected,” Washington Post reporter Andrew Roth wrote in the story.
Roth further reports, “Ukraine first reported Tuesday’s cyberattacks, saying they targeted government ministries, banks, utilities and other important infrastructure and companies nationwide, airport departure tables and demanding ransoms from government employees in the cryptocurrency bitcoin. By midafternoon, breaches had been reported at computers governing the municipal energy company and airport in Ukraine’s capital, Kiev, the state telecommunications company Ukrtelecom, the Ukrainian postal service and the State Savings Bank of Ukraine.”
Also, Ukraine’s National Bank said in a statement that an “unknown virus” has caused banks “difficulties in serving clients and carrying out banking operations,” according to the Washington Post.
Reporting from UK-based newspaper The Telegraph describes a cyberattack that has crippled firms, airports, banks and government departments in Ukraine, with Danish and Spanish multi-national firms also paralyzed by the attack. That article states that the computer virus is “a form of ransomware known as Petya.”
“In Ukraine, government departments, the central bank, a state-run aircraft manufacturer, the airport in Kiev and the metro network have all been paralyzed by the hack. In the UK, the advertising firm WPP said its systems had also been struck down, while in the Netherlands a major shipping firm confirmed its computer terminals were malfunctioning,” The Telegraph reports.
At press time, there have been no reports of cyberattacks or disruptions in the United States.
The cyberattacks is reminiscent of a widespread ransomware attack in May, called WannaCry, that affected 150 countries and crippled parts of the NHS in Britain.
Raj Samani, head of strategic intelligence at McAfee LLC, a computer security software company, issued the following statement regarding the Petya, or “PetrWrap” ransomware outbreak: “McAfee has received multiple reports of modified variants of the Petya ransomware variants. McAfee Labs is analyzing these samples and advising customers on how to address the threat in their environments. This outbreak does not appear to be as great as WannaCry but the number of impacted organizations is significant. It appears that its using the same propagation method as WannaCry, at least based on the data we have right now. Anybody running Operating Systems that have not been patched for the vulnerability WannaCry exploited could be vulnerable to this attack.”
An article in the British online newspaper The Independent provided more details about how the cyberattack is impacting the Ukrainian government. Reporter Lizzie Dearden writes, “Rozenko Pavlo, the deputy Prime Minister, said he and other members of the Ukrainian government were unable to access their computers.” And the article quotes Pavlo as writing, “We also have a network 'down'. This image is being displayed by all computers of the government.”
“The photo showed his PC displaying a message claiming a disk ‘contains errors and needs to be prepared’, urging the user not to turn it off,” Dearden wrote.
Images from other affected computers and disabled cash points showed what appeared to be ransomware, demanding a payment of $300 (£235) in Bitcoin to re-gain access to encrypted files,” according to The Independent article.
An article in The Independent, written by Aatif Sulleyman, quotes a cybersecurity experts who says the Petya cyberattack currently spreading around the world could be “bigger” than WannaCry. “This new Petya ransomware variant is like WannaCry without the kill switch, spreading automatically from computer to computer by itself and locking files,” Steve Malone, the director of security product management at Mimecast, told the Independent,” Sulleyman wrote. Further, Sulleyman goes on to quote Malone: “This new Petya variant is exactly the type of follow-up attack that everyone really feared; bigger and better.”
Sulleyman, writing for The Independent, wrote that, like WannaCry, it is believed that Petya is making use of the EternalBlue exploit that was stolen from the National Security Agency. “Microsoft has patched the issue, which took advantage of a vulnerability in Windows, but users who haven’t downloaded the fix can still be hit,” Sulleyman wrote.
An ABC News article posted online states, “There's very little information about what might be behind the disruption at each specific company, but cybersecurity experts rapidly zeroed in on a form of ransomware, the name given to programs that hold data hostage by scrambling it until a payment is made.”
That story also reports that company and government officials are reporting serious intrusions at the Ukrainian power grid, banks and government offices, “where one senior official posted a photo of a darkened computer screen and the words, ‘the whole network is down.’ Ukraine's prime minister said the attack was unprecedented but that ‘vital systems haven't been affected’,” ABC News has reported.
Healthcare Informatics will continue to follow this story as it develops.