This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.theguardian.com/world/2017/jun/27/petya-ransomware-attack-strikes-companies-across-europe

The article has changed 11 times. There is an RSS feed of changes available.

Version 2 Version 3
'Petya' ransomware attack strikes companies across Europe Ransomware attack strikes companies across Europe and US
(35 minutes later)
A major cyber-attack has struck large multinational companies across Europe, with Ukraine’s government, banks, state power utility and Kiev’s airport and metro system particularly badly affected. A major ransomware attack has struck Europe and the US for the second time in as many months, with serious disruption at large firms including the advertising giant WPP, French construction materials company Saint-Gobain and Russian steel and oil firms Evraz and Rosneft.
The attack on Tuesday caused serious disruption at firms including the advertising giant WPP, French construction materials company Saint-Gobain and Russian steel and oil firms Evraz and Rosneft. The attack was first reported in Ukraine, where its government, banks, state power utility and Kiev’s airport and metro system all particularly badly affected. The radiation monitoring system at Chernobyl was taken offline, forcing employees to use hand-held counters to measure levels at former nuclear plant’s exclusion zone.
The food giant Mondelez, legal firm DLA Piper and Danish shipping and transport giant AP Moller-Maersk also said their systems had been hit by the malware, the second large-scale cyber attack in as many months. The food giant Mondelez, legal firm DLA Piper and Danish shipping and transport giant AP Moller-Maersk also said their systems had been hit by the malware.
WPP said in a statement that the computer systems at several of its subsidiary companies had been affected, adding that it was “assessing the situation and taking appropriate measures”.WPP said in a statement that the computer systems at several of its subsidiary companies had been affected, adding that it was “assessing the situation and taking appropriate measures”.
In an internal memo to staff, one WPP firm said it was the target of “a massive global malware attack, affecting all Windows servers, PCs and laptops”. It warned employes to turn off and disconnect all machines using Windows.In an internal memo to staff, one WPP firm said it was the target of “a massive global malware attack, affecting all Windows servers, PCs and laptops”. It warned employes to turn off and disconnect all machines using Windows.
Technology experts said the attack appeared consistent with ransomware described as an “updated variant” of a malware virus known as Petya or Petrwrap. Some technology experts said the attack appeared consistent with an “updated variant” of a virus known as Petya or Petrwrap, a ransomware that locks computer files and forces users to pay a designated sum to regain access.
Many organisations worldwide affected right now by a new variant of the Petya ransom trojan. Spreading mechanism unknown at the time. But analysts at cyber security firm Kaspersky Labs said they had traced the infections to “a new ransomware that has not been seen before”. The “NotPetya” attack had hit 2,000 users in Russia, Ukraine, Poland, France, Italy, the UK, Germany and the US, Kaspersky said.
Analysts at cyber security firm Symantec said they had confirmed the ransomware was using the same exploit a program that takes advantage of a software vulnerability as last month’s WannaCry or WannaCrypt ransomware attack. Kaspersky Lab analysts say new attacks are not a variant of #Petya ransomware as publicly reported, but a new ransomware they call NotPetya! pic.twitter.com/zLwKNOR2VL
That attack affected more than 230,000 computers in over 150 countries, with the UK’s national health service, Spanish phone giant Telefónica and German state railways among those hardest hit. Last month’s WannaCry or WannaCrypt ransomware attack affected more than 230,000 computers in over 150 countries, with the UK’s national health service, Spanish phone giant Telefónica and German state railways among those hardest hit.
Symantec cyber security experts said they had confirmed the ransomware in the current attack was using the same exploit – a program that takes advantage of a software vulnerability - as WannaCry.
The exploit - called EternalBlue - was leaked by the Shadow Brokers hacker group in April and is thought to have been developed by the US National Security Agency.The exploit - called EternalBlue - was leaked by the Shadow Brokers hacker group in April and is thought to have been developed by the US National Security Agency.
Pictures circulating on social media of screens purportedly affected by the Petya attack showed a message stating, “Your files are no longer accessible because they have been encrypted,” and demanding a $300 ransom in the Bitcoin digital currency. Pictures circulating on social media on Tuesday of screens purportedly affected by the attack showed a message stating, “Your files are no longer accessible because they have been encrypted,” and demanding a $300 ransom in the Bitcoin digital currency.
New #ransomware spreading through SMB... Its #rebooting OS and encrypting files. Any idea which one it is? pic.twitter.com/DaEyqIKBvHNew #ransomware spreading through SMB... Its #rebooting OS and encrypting files. Any idea which one it is? pic.twitter.com/DaEyqIKBvH
The attack affected all business units at Maersk, including container shipping, port and tug boat operations, oil and gas production, drilling services, and oil tankers, the company said, as well as seventeen container terminals.The attack affected all business units at Maersk, including container shipping, port and tug boat operations, oil and gas production, drilling services, and oil tankers, the company said, as well as seventeen container terminals.
“We can confirm that Maersk IT systems are down across multiple sites and business units due to a cyber-attack,” the Copenhagen-based firm said on Twitter. “We continue to assess the situation.”“We can confirm that Maersk IT systems are down across multiple sites and business units due to a cyber-attack,” the Copenhagen-based firm said on Twitter. “We continue to assess the situation.”
The disruptions in Ukraine follow a rash of hacking attempts on state websites in late 2016 and a succession of attacks on the national electricity grid that prompted security chiefs to call for improved cyber defences.The disruptions in Ukraine follow a rash of hacking attempts on state websites in late 2016 and a succession of attacks on the national electricity grid that prompted security chiefs to call for improved cyber defences.
The country’s prime minister, Volodymyr Groysman, said the attack was “unprecedented” but vital systems had not been affected. “Our IT experts are doing their job and protecting critical infrastructure,” he said. “The attack will be repelled and the perpetrators will be tracked down.”The country’s prime minister, Volodymyr Groysman, said the attack was “unprecedented” but vital systems had not been affected. “Our IT experts are doing their job and protecting critical infrastructure,” he said. “The attack will be repelled and the perpetrators will be tracked down.”
Deputy prime minister Pavlo Rozenko tweeted a picture of a darkened computer screen and said the government’s IT system had been shut down. The state grid, Ukrenergo, said its system had been hit but power supplies were unaffected. In a bid to calm public fears about the attack, which temporarily shut down the country’s main airport and prevented travellers from using the Kiev metro, the authorities tweeted a GIF of a dog nonchalantly drinking tea in a room on fire.
Some of our gov agencies, private firms were hit by a virus. No need to panic, we’re putting utmost efforts to tackle the issue 👌 pic.twitter.com/RsDnwZD5Oj
Deputy prime minister Pavlo Rozenko earlier tweeted a picture of a darkened computer screen and said the government’s IT system had been shut down. The state grid, Ukrenergo, said its system had been hit but power supplies were unaffected.
The central bank said an “unknown virus” was to blame for the latest attacks. “As a result of these cyber-attacks, these banks are having difficulties with client services and carrying out banking operations,” it said in a statement.The central bank said an “unknown virus” was to blame for the latest attacks. “As a result of these cyber-attacks, these banks are having difficulties with client services and carrying out banking operations,” it said in a statement.
Ukraine has blamed Russia for previous cyber-ttacks, including one on its power grid at the end of 2015 that left part of western Ukraine temporarily without electricity. Russia has denied carrying out cyber-attacks on Ukraine.Ukraine has blamed Russia for previous cyber-ttacks, including one on its power grid at the end of 2015 that left part of western Ukraine temporarily without electricity. Russia has denied carrying out cyber-attacks on Ukraine.
Nicolas Duvinage, head of the French military’s digital crime unit, told Agence France-Presse the attack was “a bit like a flu epidemic in winter”, adding: “We will get many of these viral attack waves in coming months.”Nicolas Duvinage, head of the French military’s digital crime unit, told Agence France-Presse the attack was “a bit like a flu epidemic in winter”, adding: “We will get many of these viral attack waves in coming months.”
The growing fight against cyber-attacks has seen protection spending surge around the world, with the global cyber security market estimated to be worth some £94bn ($120bn) this year – more than 30 times its size just over a decade ago.The growing fight against cyber-attacks has seen protection spending surge around the world, with the global cyber security market estimated to be worth some £94bn ($120bn) this year – more than 30 times its size just over a decade ago.