“The US Department of Homeland Security…advised victims not to pay the extortion, saying that doing so does not guarantee access will be restored.”
An ongoing massive cyber attack via a ransomware virus has disrupted businesses across Europe. Major European corporations said they had been targeted in the cyber attack which started in Ukraine and Russia before hitting other European countries. The attack started Tuesday and is spreading.
The list of companies targeted by this new attack is impressive. The Danish shipping giant Maersk, Russia’s Rosneft oil firm, British advertising agency WPP, and the French industrial group Saint-Gobain all said they came under attack. These companies actively combatted the intrusion by putting in protection protocols to avoid further data loss and limit the scope of the damage.
Ukraine was hit especially hard in their power grid, banks, and government offices. The Boryspil Airport in the capital, Kiev, was also affected.
The following is a list of the major attacks so far:
ROSNEFT: Russia’s top oil producer, was hit in the cyber attack but the company stated that oil production was not affected.
A.P. MOLLER-MAERSK: The Danish shipping giant had outages at its computer systems across the world. Maersk’s port operator APM Terminals was also hit.
WPP: The world’s biggest advertising company said computer systems within several of its agencies had been hit and affected by the cyber attack.
MERCK & Co: The computer network was compromised at pharmaceutical company Merck & Companies.
RUSSIAN BANKS: Russia’s central bank was also the target of”computer attacks” stating that their IT systems had been infected
SAINT GOBAIN: A French construction materials company was targeted.
DEUTSCHE POST: The German postal and logistics company said systems of its Express division in the Ukraine were affected by the ongoing cyber attack.
METRO: A German retailer who has wholesale stores in the Ukraine was targeted.
EVRAZ: The Russian steelmaker said its information systems had been hit by a cyber attack, but its output was not affected.
NORWAY: A cyber attack affected an unnamed international company, but the country’s national security authority would not identify which company or companies were affected.
And in the US, Heritage Valley Health System, which runs hospitals and care facilities in Pittsburgh was affected.
Artem Shevchenko, head of the communications department at the Ukrainian ministry of internal affairs said, “Ukraine has never faced such a cyber attack before, and all state authorities are involved in the fighting of the virus. The cyber police has received more than 200 reports about interferences in computers with damaging software. Under attack are the state and corporate sector: post offices, banks, transport infrastructure, the main office of the railway station, and other facilities.”
A cyber attack was also reported by the Kyivenergopower company in the capital. “We were forced to turn off all of our computers,” a company representative told the Interfax-Ukraine agency.
Some radiation checks at the Chernobyl nuclear disaster site in Ukraine were being carried out manually as a result of the attacks, state media said.
The cyber attack comes in the shadow of a previous outbreak of ransomware, called WannaCry or WannaCrypt, which has spread rapidly since mid-May using digital break-in tools created by the US National Security Agency and recently leaked to the web.
The spread of the WannaCry ransomware which locked up hundreds of thousands computers in more than 150 countries slowed in June, but security experts have warned that new versions of the worm may still strike.
Several technologies and cyber security companies identified the ransomware as “Petya,” malware that makes computers inoperable by encrypting their hard drives and demanding ransoms in exchange for a digital key to restore access. “Petya” is a Bulgarian female name most notably associated with the Bulgarian security officer Petya Parvanova. Gavin Millard, a cyber security analyst said, “It looks like a derivative of a quite well-known ransomware called Petya, but the code has been modified to act somewhat like Wanna-Cry.”
Ironically the Wanna-Cry malware was part of a suite of cyber programs leaked from the CIA in the massive release by Wikileaks. On March 7, 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency. Code-named “Vault 7,” it was the largest ever publication of confidential documents on the agency.
The first full part of the series, “Year Zero,” comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virginia.
The latest attack and those that made up the Wanna-Cry attack all point back to similarities in the documents and programs exposed in the Wikileaks release.
The US Department of Homeland Security said it was monitoring the attacks and coordinating with other countries. It advised victims not to pay the extortion, saying that doing so does not guarantee access will be restored.