Highlights: India not hit, says cyber security chief after ransomware attacks major companies and servers across Europe
Several multinational companies on Tuesday said they were targeted in an international cyberattack which started in Russia and Ukraine before spreading to western Europe.Updated: Jun 28, 2017 00:02 IST
A new and highly virulent outbreak of malicious data-scrambling software appears to be causing mass disruption across Europe, hitting Ukraine especially hard.
Company and government officials reported serious intrusions at the Ukrainian power grid, banks and government offices, where one senior official posted a photo of a darkened computer screen and the words, “the whole network is down.” Russia’s Rosneft oil company also reported falling victim to hacking, as did Danish shipping giant AP Moller-Maersk.
“We are talking about a cyber attack,” said Anders Rosendahl, a spokesman for the Copenhagen-based group. “It has affected all branches of our business, at home and abroad.”
- Rosneft – Russia’s top oil producer
- AP Moller-Maersk – Danish shipping giant
- WPP – World’s biggest advertising company based in Britain
- Merck & Co. – American pharmaceutical company, one of the largest in the world
- Saint Gobain – French construction material company
- Deutsche Post – German postal and logistics company
- Metro – German wholesale store
- Evraz – Russian steel maker
- Ukrainian banks, power grid, international airport
- Russian banks
The number of companies and agencies reportedly affected by the ransomware campaign was piling up fast, and the electronic rampage appeared to be rapidly snowballing into a real-world world crisis.
Live updates below:
11:15pm: Operations at one of the terminals of the Jawaharlal Nehru Port in Mumbai, India’s largest container port, were impacted by the cyber attack. AP Moller-Maersk operates the terminal
10:50pm: Experts said the latest ransomware attacks unfolding worldwide, dubbed GoldenEye, were a variant of an existing ransomware family called Petya. However, Russian security software maker Kaspersky Lab says its preliminary findings indicate the virus is a new ransomware not seen before
10:30pm: Cyber security experts said the attack appears to have exploited the same type of hacking tool used in the WannaCry ransomware attack in May. The malware used a US intelligence-agency’s tools to exploit a vulnerability in Microsoft Windows
10:01pm: A Ukrainian media company said it received a demand for $300 worth of Bitcoin crypto-currency to restore access to hijacked files
10pm: Germany’s cyber agency says German firms also affected
9:47pm: India’s cyber security agency chief, Sanjay Bahl, says there is no report of the ransomware hitting the country, Reuters reported
9:42pm: US Homeland Security says it is monitoring the global cyber attack and coordinating with international and domestic partners
9:35pm: Chernobyl’s radiation monitoring system affected by cyber attack, say spokeswoman
9:30pm: Global cyberattack now spreads to the US, Merck hit
9:20pm: Russia’s central bank says there has been “computer attacks” on Russian banks and that in isolated cases their IT systems had been infected
9:10pm: The attack came as computer servers across Europe and in India were hit by a major ransomware attack
8:48pm: French industrial group Saint-Gobain says it is a “target of a cyber attack”
8:45pm: Britain’s WPP, the world’s biggest advertising company, also reported being affected by the cyber attack. WPP owns agencies including JWT, Ogilvy & Mather, Young & Rubicam and Grey
8:42pm: Norway’s national security authority says an unnamed “international company” has also been affected by the ransomware attack.
“Only one international company has been affected in Norway... We have some extra resources to follow the situation closely ... We assume it is similar to the attack on Maersk,” a spokeswoman for the authority told Reuters
8:40pm: Swiss Reporting and Analysis Centre for Information Assurance, a government information technology agency, says ransomware Petya seems to have re-emerged to affect computer systems across Europe, causing issues primarily in Ukraine, Russia, England and India
8:35pm: Danish shipping giant AP Moller-Maersk also hit by cyber attack.
“We are talking about a cyberattack,” said Anders Rosendahl, a spokesman for the Copenhagen-based group to Associated Press. “It has affected all branches of our business, at home and abroad.”
8:25pm: German postal and logistics company Deutsche Post said systems of its Express division in the Ukraine have in part been affected by a cyber attack
8:20pm: Swiss government information agency says the virus could be a ransomware known as Petya
“There have been indications of late that Petya is in circulation again, exploiting the SMB (Server Message Block) vulnerability,” the Swiss Reporting and Analysis Centre for Information Assurance (MELANI) said in an e-mail to Reuters
8:15pm: Ukrainian Prime Minister Volodymyr Groysman calls attack “unprecendented”.
“...our IT experts are doing their work and protecting strategic infrastructure. Important systems have not been affected,” he said in a post on Facebook
8:10pm: Dutch broadcaster RTV says 17 shipping container terminals run by APM Terminals have been hacked, including two in Rotterdam and 15 in other parts of the world
8pm: Anton Gerashchenko, an adviser to Ukraine’s interior minister, says a version of the ‘WannaCry’ ransomware has caused outages on government websites. Indicates attack probably originated in Russia
7:50pm: In Russia, its top oil producer Rosneft says large-scale cyber attack has hit its servers. Russian metals giant Evraz says its IT systems had been affected too, Russia’s RIA news agency reports
7:40pm: A number of Ukrainian banks and companies, including the state power distributor, are hit by a cyber attack, the Ukrainian central bank says.
There’s very little information at present about who might be behind the disruption at each specific company, but cybersecurity experts rapidly zeroed in on a form of ransomware, the name given to programs that hold data hostage by scrambling it until a payment is made.
“A massive ransomware campaign is currently unfolding worldwide,” said Romanian cybersecurity company Bitdefender. He said the malicious program appeared to be nearly identical to GoldenEye, one of a family of rogue programs that has been circulating for months. It’s not clear whether or why the ransomware has suddenly become so much more potent.
The world is still recovering from a previous outbreak of ransomware, called WannaCry or WannaCrypt, which spread rapidly using digital break-in tools originally created by the US National Security Agency and recently leaked to the web.
A message sent to an email address listed on the ransom page in the current outbreak was not immediately returned.
First Published: Jun 27, 2017 20:31 IST