Petya cyber attack: Ransomware spreads across Europe with firms in Ukraine, Britain and Spain shut down
Many more European countries are under attack.
INDIA MIGHT GET UNDER THREAT.
Sources:
NY Times https://www.nytimes.com/reuters/2017/06/27/business/27reuters-ukraine-cyber-attacks-ukrenergo.html
The Washington Post https://www.washingtonpost.com/world/europe/ukraines-government-key-infrastructure-hit-in-massive-cyberattack/2017/06/27/7d22c7dc-5b40-11e7-9fc6-c7ef4bc58d13_story.html
Companies across the globe are reporting that they have been struck by a major ransomware cyber-attack.
 |
| A message demanding money is seen on a monitor of a payment terminal at a branch of Ukraine's state-owned bank Oschadbank : Source The Telegraph (UK) |
Reuters summarizes:
- SWISS GOV'T AGENCY SAYS UKRAINE, RUSSIA, ENGLAND AND INDIA ARE MOST AFFECTED BY VIRUS, NO INDICATION THAT SWISS COMPANIES AFFECTED
- SWISS GOV'T AGENCY SAYS THERE ARE INDICATIONS THAT PETYA RANSOMWARE VIRUS IS CIRCULATING AGAIN
In Ukraine, government departments, the central bank, a state-run aircraft manufacturer, the airport in Kiev and the metro network have all been paralysed by the hack. The Chernobyl nuclear power plant has also had to monitor radiation levels manually after its Windows-based sensors were shut down.
In the UK, the advertising firm WPP said its systems had also been struck down, while in the Netherlands a major shipping firm confirmed its computer terminals were malfunctioning. British advertising agency WPP is among those to say its IT systems have been disrupted as a consequence.
The virus is believed to be ransomware - a piece of malicious software that shuts down a computer system and then demands an extortionate sum of money to fix the problem.
American and British analysts believe that attack, which unfolded in May, was carried out by North Korea. It remains unclear who is responsible for Tuesday's attack.
"The National Bank of Ukraine has warned banks... about an external hacker attack on the websites of some Ukrainian banks... which was carried out today," Ukraine's central bank said in a statement.
A spokesman for Ukraine's Presidential Administration said it was paying "a high level of attention" to the situation.
Maersk, a Danish transport, and logistics company with branches worldwide, announced that "multiple sites and business units" had been shut down after the cyber attack.
It came as Russian oil giant Rosneft said that its servers had suffered a "powerful" cyber attack, as the company is locked in a bitter court fight with the Russian conglomerate Sistema.
Experts suggest the malware is taking advantage of the same weaknesses used by the Wannacry attack last month.
What is Petya/Petrwrap?
By: Prof Alan Woodward, University of Surrey
Petya is a type of ransomware that appeared in early 2016 and returned to a trick first seen in the early 1990s, whereby criminals do not encrypt all the files on your computer but instead they attack a part of the operating system called the Master File Table (MFT).The MFT is essential for the system to know where to find files on the computer, so it has the same effect as if each file had been locked separately.The big difference is that it is very much faster to attack the MFT than to encrypt each file separately.In early 2017, a new form of Petya, dubbed Petrwrap, emerged which built on Petya but it corrected some of the weaknesses in the original code that allowed security companies to help people unlock their systems.Whilst Petrwarp is detectable by antivirus checkers, if it manages to gain a foothold before it is stopped its encryption is so strong that you are unlikely to be able to break through to recover your files.Now it appears that whilst the initial attack is probably still via something such as an infected spreadsheet arriving in an email, it can spread, at least in part, across a network using what appears to be the same weakness as was used in the Wannacry ransomware outbreak.
Details are collected from the Internet and proper credit is given to the respective authors.
(p.s. Utmost care is taken to keep the post error free. The data is collected from the Internet for compiling this article. )
** STAY PROTECTED, STAY SAFE. **