IEyeNews

iLocal News Archives

Global ransomware attack causes turmoil

From BBC

Companies across the globe are reporting that they have been struck by a major ransomware cyber-attack.

British advertising agency WPP is among those to say its IT systems have been disrupted as a consequence.

The virus, the source of which is not yet known, freezes the user’s computer until a ransom in untraceable Bitcoin is paid.

Ukrainian firms, including the state power company and Kiev’s main airport, were among the first to report issues.

The Chernobyl nuclear power plant has also had to monitor radiation levels manually after its Windows-based sensors were shut down.

The Russian anti-virus firm Kaspersky Lab said its analysis showed that there had been about 2,000 attacks – most in Ukraine, Russia and Poland.

The international police organisation Interpol has said it was “closely monitoring” the situation and liaising with its member countries.

Experts suggest the malware is taking advantage of the same weaknesses used by the Wannacry attack last month.

“It initially appeared to be a variant of a piece of ransomware that emerged last year,” said computer scientist Prof Alan Woodward.

“The ransomware was called Petya and the updated version Petrwrap.

“However, now that’s not so clear.”

Kaspersky Lab reported that it believed the malware was a “new ransomware that has not been seen before” despite its resemblance to Petya.

As a result, the firm has dubbed it NotPetya. Kaspersky added that it had detected suspected attacks in Poland, Italy, Germany, France and the US in addition to the UK, Russia and Ukraine.

Andrei Barysevich, a spokesman for security firm Recorded Future, told the BBC such attacks would not stop because cyber-thieves found them too lucrative.

“A South Korean hosting firm just paid $1m to get their data back and that’s a huge incentive,” he said. “It’s the biggest incentive you could offer to a cyber-criminal.”

A bitcoin wallet associated with the outbreak has received several payments since the outbreak began. The wallet currently holds almost 3.3 bitcoins (£6,175; $7,920).

An email address associated with the blackmail attempt has been blocked by German independent email provider Posteo.

It means that the blackmailers have not been able to access the mailbox.

Problems have also affected:

  • the Ukrainian central bank, the aircraft manufacturer Antonov, and two postal services
  • Russia’s biggest oil producer, Rosneft
  • Danish shipping company Maersk, including its container shipping, oil, gas and drilling operations
  • a Pennsylvania hospital operator, Heritage Valley Health System, which reported its computer network was down, causing operations to be delayed – but it is not yet clear if it was subject to the same type of attack
  • Spanish food giant Mondelez – whose brands include Oreo and Toblerone – according to the country’s media
  • Netherlands-based shipping company TNT, which said some of its systems needed “remediation”
  • French construction materials company St Gobain
  • US pharmaceuticals-maker Merck and the local offices of the law firm DLA Piper – a sign in the firm’s Washington DC office said: “Please remove all laptops from docking stations and keep turned off – no exceptions.”

The attacks come two months after another global ransomware assault, known as Wannacry, which caused major problems for the UK’s National Health Service.

Veteran security expert Chris Wysopal from Veracode said the malware seemed to be spreading via some of the same Windows code loopholes exploited by Wannacry. Many firms did not patch those holes because Wannacry was tackled so quickly, he added.

Those being caught out were also industrial firms that often struggled to apply software patches quickly.

“These organisations typically have a challenge patching all of their machines because so many systems cannot have down time,” he said. “Airports also have this challenge.”

Copies of the virus have been submitted to online testing systems that check if security software, particularly anti-virus systems, were able to spot and stop it.

“Only two vendors were able to detect it so many systems are defenceless if they are unpatched and relying on anti-virus,” he said.

Ukraine seems to have been particularly badly hit this time round.

Reports suggest that the Kiev metro system has stopped accepting payment cards while several chains of petrol stations have suspended operations.

Ukraine’s deputy prime minister has tweeted a picture appearing to show government systems have been affected.

His caption reads: “Ta-daaa! Network is down at the Cabinet of Minister’s secretariat.”

For more on this story go to: http://www.bbc.com/news/technology-40416611

 

Related story

DLA Piper hit by ‘major cyber attack’ amid larger hack spreading to US

BY DEBRA CASSENS WEISS From aba journal

DLA Piper is dealing with a ransomware attack on Tuesday that is apparently affecting offices in the United States, Europe and the Middle East.

Legal Week
says the firm was “hit by a major cyber attack.” Lawyers who spoke with the publication said emails and phone systems were affected, and computers were shut down as a precaution.

DLA Piper’s woes came the same day a massive hack hit computer systems overseas, spreading from Russia to the United States, report the New York Times and the Associated Press.

Above the Law cites a report that the malware attack appeared to originated at a DLA office in Spain. The blog showed a screen shot said to be displayed on DLA Piper computer monitors that told users their files have been encrypted, and they will need to pay $300 worth of Bitcoin for a key to access them.

New Jersey-based pharmaceutical company Merck has acknowledged it was hit by the virus, known as Petya, The Hill and AP reported.

For more on this story go to: http://www.abajournal.com/news/article/dla_piper_is_hit_by_major_cyber_attack_amid_larger_hack_spreading_to_us/

 

DLA Piper statement on malware attack

Following reports of a malware attack, a DLA Piper spokesperson said: “The firm, like many other reported companies, has experienced issues with some of its systems due to suspected malware. We are taking steps to remedy the issue as quickly as possible.”

 

LEAVE A RESPONSE

Your email address will not be published. Required fields are marked *