http://www.telegraph.co.uk/news/2017/06/27/ukraine-hit-massive-cyber-attack1/
Live
Petya cyber attack: Ransomware spreads across Europe with firms in Ukraine, Britain and Spain shut down
A message demanding money is seen on a monitor of a payment terminal at a branch of Ukraine's state-owned bank Oschadbank
A message demanding money is seen on a monitor of a payment terminal at a branch of Ukraine's state-owned bank Oschadbank
James Rothwell James Titcomb Cara McGoogan
27 June 2017 • 6:49pm
Huge cyber attack cripples firms, airports, banks and government departments in Ukraine
Hack may have spread to Britain, with the advertising firm WPP affected
Danish and Spanish multinationals also paralysed by attack
Virus 'a form of ransomware' known as Petya
How does ransomware work?
Major firms, airports and government departments in Ukraine have been struck by a massive cyber attack which began to spread across Europe on Tuesday afternoon.
In Ukraine, government departments, the central bank, a state-run aircraft manufacturer, the airport in Kiev and the metro network have all been paralysed by the hack.
Deputy Head of the Presidential Administration @dshymkiv instructed the team to help IT teams of other governmental institutions pic.twitter.com/iQw33ZJO7X
— The Bankova (@TheBankova) June 27, 2017
In the UK, the advertising firm WPP said its systems had also been struck down, while in the Netherlands a major shipping firm confirmed its computer terminals were malfunctioning.
The virus is believed to be ransomware - a piece of malicious software that shuts down a computer system and then demands an extortionate sum of money to fix the problem.
It comes just a few weeks after the WannaCry hack which affected more than 150 countries and crippled parts of the NHS.
A programer shows a sample of a ransomware cyberattack on a laptop in Taipei, Taiwan
A programer shows a sample of a ransomware cyberattack on a laptop in Taipei, Taiwan
American and British analysts believe that attack, which unfolded in May, was carried out by North Korea. It remains unclear who is responsible for Tuesday's attack.
"The National Bank of Ukraine has warned banks... about an external hacker attack on the websites of some Ukrainian banks... which was carried out today," Ukraine's central bank said in a statement.
We can confirm that Maersk IT systems are down across multiple sites and business units. We are currently assessing the situation.
— Maersk (@Maersk) June 27, 2017
A spokesman for Ukraine's Presidential Administration said it was paying "a high level of attention" to the situation.
Maersk, a Danish transport and logistics company with branches worldwide, announced that "multiple sites and business units" had been shut down after the cyber attack.
Just called my father. He says he couldn't buy fuel at a petrol station, the system is shut down.
Everyone is disoriented.
— Kateryna_Kruk (@Kateryna_Kruk) June 27, 2017
It came as Russian oil giant Rosneft said that its servers had suffered a "powerful" cyberattack, as the company is locked in a bitter court fight with the Russian conglomerate Sistema.
"The Ukraine cabinet of ministers seems to also have been hacked. The network is down" says deputy PM. This is turning into 1 hell of a hack https://t.co/nnZrcDgOoq
— Alec Luhn (@ASLuhn) June 27, 2017
Timeline | High-profile hacks
Auto update
6:49PM
2,000 computers hit in a dozen countries
Security firm Kaspersky Lab said the attack has hit around 2,000 computers so far in around a dozen countries. The most affected organisations are located in Russia and the Ukraine, with systems in the UK, Germany, France, Italy, the US and Poland also hit.
The researchers confirmed that one of the ways the virus spread was using the Eternal Blue tool, but that there are likely other ways too.
The company added that the ransomware might not be a variation of Petya but a new strain of the virus.
"Kaspersky Lab's analsyts are investigating the new wave of ransomware attacks targeting organisations across the world. Our preliminary findings suggest that it is not a variant of Petya ransomware as publically reported, but a new ransomware that has not been seen before," the researchers said.
6:30PM
Michael Fallon warns UK could respond to cyber attacks with military force
The Defence Secretary has said the UK would be prepared to retaliate against future cyber attacks using military force such as missile strikes.
He warned cyber attacks against UK systems “could invite a response from any domain - air, land, sea or cyberspace".
Michael Fallon
Michael Fallon made the comments at a conference in London Credit: Jason Alden
5:18PM
Ukraine says Chernobyl systems working normally
The Ukrainian state news agency has said all technology systems at the nuclear plant are working normally. It reportedly switched its radiation monitoring system to manual after reports a cyber attack had hit organisations in the country including the National Bank of Ukraine.
4:56PM
More companies hit as attack spreads to Israel
DLA Piper, a global law firm with offices in the UK, and Merck, a Netherlands-based pharmaceutical company, have both confirmed that they have been hit by the Petya ransomware.
The confirmations come as reports are surfacing of the first instance of the attack in Israel. The most affected countries so far are Ukraine, Russia, Poland, Italy, Germany and Belarus, according to a researcher at Kaspersky.
Petya-like infecting number of victims in Israel. Hundreds of stations encrypted. pic.twitter.com/8lS8l4zSSW
— Ido Naor (@IdoNaor1) June 27, 2017
4:45PM
No 'kill switch' for Petya
Security experts are warning there is no kill switch for the Petya ransomware, dispelling hopes that a quick fix could stop the attack as it did with WannaCry.
Yes, this(https://t.co/LLpWkU2Ngr) is pretty much wanacry without the kill switch. A mayor reason things like this will start happening now: pic.twitter.com/SQZFpp2GOC
— Yonathan Klijnsma (@ydklijnsma) June 27, 2017
Now everyone is going to think every virus has a simple secret killswitch. It's going to be in a TV show in the next 6 months I promise you.
— SwiftOnSecurity (@SwiftOnSecurity) 20 May 2017
Petya inflicts more damage on machines than WannaCry as it targets the hard drive rather than individual files. "This attack doesn't just encrypt data for a ransom - but instead hijacks computers and prevents them from working altogether," said Ken Spinner, vice president of Varonis. "The implications of this type of cyberattack spread far and wide: and can affect everything from government to banks to transportation."
Experts said separately that people using Windows computers at home should be safe from the attack if they have installed all updates.
4:21PM
'Several cases' of Petya reported in Lithuania
Details of which firms are affected are yet to emerge, but there are reports coming from Lithuania that several companies have been infected by Petya.
4:13PM
UK's chief cyber security agency 'monitoring situation'
“We’re aware of the global ransomware incident and are monitoring the situation closely,” a spokesman said.
4:12PM
Shipping terminals across the world shut down
More detail has emerged about Danish shipping firm Maersk, which said earlier that its terminals in Rotterdam had been shut down.
Seventeen shipping container terminals run by APM Terminals have been hacked, including two in Rotterdam and 15 in other parts of the world, according to Dutch broadcaster RTV Rijnmond.
Maersk shipping containers
Maersk shipping containers
APM Terminals is a subsidiary of shipping giant Maersk , which has confirmed it is suffering from a cyber attack.
APM's website was difficult to reach and phones at its headquarters in The Hague and offices in Rotterdam went unanswered.
A spokeswoman for the company in Copenhagen confirmed its systems were "impacted" as part of Maersk's IT infrastructure.
4:00PM
Chernobyl nuclear plant affected by hack - local media
Pravda, a Ukrainian broadsheet newspaper, reports that computers at Chernobyl nuclear plant have been infected by the virus.
Staff were told to shut down their computers after several were infected by what appeared to be a virus, shift director Vladimir Ilchuk told Ukrainskaya Pravda.
There was no threat of a radiation leak as a result, he added.
3:57PM
Virus 'almost impossible to stop,' says expert
“With the severity of this attack and the degree to which the virus has already spread on an international scale across major business and infrastructure, it is now almost impossible to stop it from spreading further," said Robert Edwards, a barrister and cybercrime specialist at St John’s Buildings.
"The fallout of this is likely to be severe, and raises serious questions about the security of devices and the ease in which hackers are able to commit such attacks.
An employee sits next to a payment terminal out of order in Ukraine
An employee sits next to a payment terminal out of order in Ukraine
"We are seeing a worrying trend where variants of ransomware such as Petya are becoming more complex and are spreading faster, and, as we saw with the NHS attack, many businesses simply aren’t doing enough to secure their data. When the safeguards can be as simple as updating software, businesses and employees must do more to protect themselves from this new threat."
3:51PM
Ransomware is 2016-programme 'Petya'
Ransomware known as Petya seems to have re-emerged to affect computer systems across Europe, causing issues primarily in Ukraine, Russia, England and India, a Swiss government information technology agency has told Reuters.
"There have been indications of late that Petya is in circulation again, exploiting the SMB (Server Message Block) vulnerability," the Swiss Reporting and Analysis Centre for Information Assurance (MELANI) said in an e-mail.
It said it had no information that Swiss companies had been impacted, but said it was following the situation. The Petya virus was blamed for disrupting systems in 2016.
Russia's top oil producer Rosneft said a large-scale cyber attack hit its servers on Tuesday, with computer systems at some banks and the main airport in neighbouring Ukraine also disrupted.
3:48PM
'A multi-pronged attack'
"This appears to be a multi-pronged attack that started with a phishing campaign targeting infrastructure in the Ukraine," said Allan Liska, a security analyst at Recorded Future.
"There is some speculation that, like WannaCry, this attack is being spread using the EternalBlue exploit which would explain why it is spreading so quickly (having reached targets in Spain and France in addition to the Ukraine).
The hack is spreading across Europe
The hack is spreading across Europe
"Our threat intelligence also indicated that we are now starting to see US victims of this attack.
"This attack not only could make the victim's machine inoperable, it could steal valuable information that an attacker can take advantage of during the confusion."
3:43PM
'We were told to turn off our computers'
An employee at WPP quoted by MailOnline said they were told to switch off their computers - at which point many workers decided to nip out for a drink.
"We were told to turn our computers off straight away and not to use the WiFi or servers," the unnamed employees said.
"Most people just left the building and went to the pub."
WPP employs around 250,000 workers worldwide.
3:27PM
Spanish firms affected
The attack may have spread to Spain, with several multi-nationals reporting issues, according to local media.
Ransomware attack has also hit offices of multinationals in Spain. Brace yourself folks, hope you've got backups https://t.co/f0p4YMflTK pic.twitter.com/mFNvcaLHFC
— Graham Cluley (@gcluley) June 27, 2017
3:23PM
Cyber security expert: Ransomware to blame
"We are looking into the ransomware activity that has reportedly disrupted organizations in Ukraine and elsewhere," said John Miller, a security expert at FireEye.
At this point, we are investigating whether the activity constitutes a significantly novel threat or an extension of known issues, as widespread ransomware campaigns are a regular occurrence at this time.
Victims are reporting that a variant of the Petya ransomware is responsible; Petya is a well-understood ransomware type that we have reported on since 2016.
3:11PM
Shipping container terminals in Rotterdam shut down
Maersk, a Danish shipping firm, has confirmed that 17 of its shipping container terminals have been crippled by the same cyber attack which hit Ukraine.
3:08PM
Russian oil giant hacked
Russian oil giant Rosneft has said that its servers had suffered a "powerful" cyberattack, as the company is locked in a bitter court fight with the Russian conglomerate Sistema.
"A powerful hacking attack has been carried out against the company's servers," Rosneft said on Twitter, adding that it "hopes" the incident was "not connected to current legal proceedings".
A tweet from an account belonging to Ukraine deputy prime minister, Rozenko Pavlo, appeared to show first-hand the effects of the hack.
3:06PM
WPP confirms hack
A spokesman for WPP has confirmed that the British advertising firm is also a victim of the hack.
Share this article
Live
Petya cyber attack: Ransomware spreads across Europe with firms in Ukraine, Britain and Spain shut down
A message demanding money is seen on a monitor of a payment terminal at a branch of Ukraine's state-owned bank Oschadbank
A message demanding money is seen on a monitor of a payment terminal at a branch of Ukraine's state-owned bank Oschadbank
James Rothwell James Titcomb Cara McGoogan
27 June 2017 • 6:49pm
Huge cyber attack cripples firms, airports, banks and government departments in Ukraine
Hack may have spread to Britain, with the advertising firm WPP affected
Danish and Spanish multinationals also paralysed by attack
Virus 'a form of ransomware' known as Petya
How does ransomware work?
Major firms, airports and government departments in Ukraine have been struck by a massive cyber attack which began to spread across Europe on Tuesday afternoon.
In Ukraine, government departments, the central bank, a state-run aircraft manufacturer, the airport in Kiev and the metro network have all been paralysed by the hack.
Deputy Head of the Presidential Administration @dshymkiv instructed the team to help IT teams of other governmental institutions pic.twitter.com/iQw33ZJO7X
— The Bankova (@TheBankova) June 27, 2017
In the UK, the advertising firm WPP said its systems had also been struck down, while in the Netherlands a major shipping firm confirmed its computer terminals were malfunctioning.
The virus is believed to be ransomware - a piece of malicious software that shuts down a computer system and then demands an extortionate sum of money to fix the problem.
It comes just a few weeks after the WannaCry hack which affected more than 150 countries and crippled parts of the NHS.
A programer shows a sample of a ransomware cyberattack on a laptop in Taipei, Taiwan
A programer shows a sample of a ransomware cyberattack on a laptop in Taipei, Taiwan
American and British analysts believe that attack, which unfolded in May, was carried out by North Korea. It remains unclear who is responsible for Tuesday's attack.
"The National Bank of Ukraine has warned banks... about an external hacker attack on the websites of some Ukrainian banks... which was carried out today," Ukraine's central bank said in a statement.
We can confirm that Maersk IT systems are down across multiple sites and business units. We are currently assessing the situation.
— Maersk (@Maersk) June 27, 2017
A spokesman for Ukraine's Presidential Administration said it was paying "a high level of attention" to the situation.
Maersk, a Danish transport and logistics company with branches worldwide, announced that "multiple sites and business units" had been shut down after the cyber attack.
Just called my father. He says he couldn't buy fuel at a petrol station, the system is shut down.
Everyone is disoriented.
— Kateryna_Kruk (@Kateryna_Kruk) June 27, 2017
It came as Russian oil giant Rosneft said that its servers had suffered a "powerful" cyberattack, as the company is locked in a bitter court fight with the Russian conglomerate Sistema.
"The Ukraine cabinet of ministers seems to also have been hacked. The network is down" says deputy PM. This is turning into 1 hell of a hack https://t.co/nnZrcDgOoq
— Alec Luhn (@ASLuhn) June 27, 2017
Timeline | High-profile hacks
Auto update
6:49PM
2,000 computers hit in a dozen countries
Security firm Kaspersky Lab said the attack has hit around 2,000 computers so far in around a dozen countries. The most affected organisations are located in Russia and the Ukraine, with systems in the UK, Germany, France, Italy, the US and Poland also hit.
The researchers confirmed that one of the ways the virus spread was using the Eternal Blue tool, but that there are likely other ways too.
The company added that the ransomware might not be a variation of Petya but a new strain of the virus.
"Kaspersky Lab's analsyts are investigating the new wave of ransomware attacks targeting organisations across the world. Our preliminary findings suggest that it is not a variant of Petya ransomware as publically reported, but a new ransomware that has not been seen before," the researchers said.
6:30PM
Michael Fallon warns UK could respond to cyber attacks with military force
The Defence Secretary has said the UK would be prepared to retaliate against future cyber attacks using military force such as missile strikes.
He warned cyber attacks against UK systems “could invite a response from any domain - air, land, sea or cyberspace".
Michael Fallon
Michael Fallon made the comments at a conference in London Credit: Jason Alden
5:18PM
Ukraine says Chernobyl systems working normally
The Ukrainian state news agency has said all technology systems at the nuclear plant are working normally. It reportedly switched its radiation monitoring system to manual after reports a cyber attack had hit organisations in the country including the National Bank of Ukraine.
4:56PM
More companies hit as attack spreads to Israel
DLA Piper, a global law firm with offices in the UK, and Merck, a Netherlands-based pharmaceutical company, have both confirmed that they have been hit by the Petya ransomware.
The confirmations come as reports are surfacing of the first instance of the attack in Israel. The most affected countries so far are Ukraine, Russia, Poland, Italy, Germany and Belarus, according to a researcher at Kaspersky.
Petya-like infecting number of victims in Israel. Hundreds of stations encrypted. pic.twitter.com/8lS8l4zSSW
— Ido Naor (@IdoNaor1) June 27, 2017
4:45PM
No 'kill switch' for Petya
Security experts are warning there is no kill switch for the Petya ransomware, dispelling hopes that a quick fix could stop the attack as it did with WannaCry.
Yes, this(https://t.co/LLpWkU2Ngr) is pretty much wanacry without the kill switch. A mayor reason things like this will start happening now: pic.twitter.com/SQZFpp2GOC
— Yonathan Klijnsma (@ydklijnsma) June 27, 2017
Now everyone is going to think every virus has a simple secret killswitch. It's going to be in a TV show in the next 6 months I promise you.
— SwiftOnSecurity (@SwiftOnSecurity) 20 May 2017
Petya inflicts more damage on machines than WannaCry as it targets the hard drive rather than individual files. "This attack doesn't just encrypt data for a ransom - but instead hijacks computers and prevents them from working altogether," said Ken Spinner, vice president of Varonis. "The implications of this type of cyberattack spread far and wide: and can affect everything from government to banks to transportation."
Experts said separately that people using Windows computers at home should be safe from the attack if they have installed all updates.
4:21PM
'Several cases' of Petya reported in Lithuania
Details of which firms are affected are yet to emerge, but there are reports coming from Lithuania that several companies have been infected by Petya.
4:13PM
UK's chief cyber security agency 'monitoring situation'
“We’re aware of the global ransomware incident and are monitoring the situation closely,” a spokesman said.
4:12PM
Shipping terminals across the world shut down
More detail has emerged about Danish shipping firm Maersk, which said earlier that its terminals in Rotterdam had been shut down.
Seventeen shipping container terminals run by APM Terminals have been hacked, including two in Rotterdam and 15 in other parts of the world, according to Dutch broadcaster RTV Rijnmond.
Maersk shipping containers
Maersk shipping containers
APM Terminals is a subsidiary of shipping giant Maersk , which has confirmed it is suffering from a cyber attack.
APM's website was difficult to reach and phones at its headquarters in The Hague and offices in Rotterdam went unanswered.
A spokeswoman for the company in Copenhagen confirmed its systems were "impacted" as part of Maersk's IT infrastructure.
4:00PM
Chernobyl nuclear plant affected by hack - local media
Pravda, a Ukrainian broadsheet newspaper, reports that computers at Chernobyl nuclear plant have been infected by the virus.
Staff were told to shut down their computers after several were infected by what appeared to be a virus, shift director Vladimir Ilchuk told Ukrainskaya Pravda.
There was no threat of a radiation leak as a result, he added.
3:57PM
Virus 'almost impossible to stop,' says expert
“With the severity of this attack and the degree to which the virus has already spread on an international scale across major business and infrastructure, it is now almost impossible to stop it from spreading further," said Robert Edwards, a barrister and cybercrime specialist at St John’s Buildings.
"The fallout of this is likely to be severe, and raises serious questions about the security of devices and the ease in which hackers are able to commit such attacks.
An employee sits next to a payment terminal out of order in Ukraine
An employee sits next to a payment terminal out of order in Ukraine
"We are seeing a worrying trend where variants of ransomware such as Petya are becoming more complex and are spreading faster, and, as we saw with the NHS attack, many businesses simply aren’t doing enough to secure their data. When the safeguards can be as simple as updating software, businesses and employees must do more to protect themselves from this new threat."
3:51PM
Ransomware is 2016-programme 'Petya'
Ransomware known as Petya seems to have re-emerged to affect computer systems across Europe, causing issues primarily in Ukraine, Russia, England and India, a Swiss government information technology agency has told Reuters.
"There have been indications of late that Petya is in circulation again, exploiting the SMB (Server Message Block) vulnerability," the Swiss Reporting and Analysis Centre for Information Assurance (MELANI) said in an e-mail.
It said it had no information that Swiss companies had been impacted, but said it was following the situation. The Petya virus was blamed for disrupting systems in 2016.
Russia's top oil producer Rosneft said a large-scale cyber attack hit its servers on Tuesday, with computer systems at some banks and the main airport in neighbouring Ukraine also disrupted.
3:48PM
'A multi-pronged attack'
"This appears to be a multi-pronged attack that started with a phishing campaign targeting infrastructure in the Ukraine," said Allan Liska, a security analyst at Recorded Future.
"There is some speculation that, like WannaCry, this attack is being spread using the EternalBlue exploit which would explain why it is spreading so quickly (having reached targets in Spain and France in addition to the Ukraine).
The hack is spreading across Europe
The hack is spreading across Europe
"Our threat intelligence also indicated that we are now starting to see US victims of this attack.
"This attack not only could make the victim's machine inoperable, it could steal valuable information that an attacker can take advantage of during the confusion."
3:43PM
'We were told to turn off our computers'
An employee at WPP quoted by MailOnline said they were told to switch off their computers - at which point many workers decided to nip out for a drink.
"We were told to turn our computers off straight away and not to use the WiFi or servers," the unnamed employees said.
"Most people just left the building and went to the pub."
WPP employs around 250,000 workers worldwide.
3:27PM
Spanish firms affected
The attack may have spread to Spain, with several multi-nationals reporting issues, according to local media.
Ransomware attack has also hit offices of multinationals in Spain. Brace yourself folks, hope you've got backups https://t.co/f0p4YMflTK pic.twitter.com/mFNvcaLHFC
— Graham Cluley (@gcluley) June 27, 2017
3:23PM
Cyber security expert: Ransomware to blame
"We are looking into the ransomware activity that has reportedly disrupted organizations in Ukraine and elsewhere," said John Miller, a security expert at FireEye.
At this point, we are investigating whether the activity constitutes a significantly novel threat or an extension of known issues, as widespread ransomware campaigns are a regular occurrence at this time.
Victims are reporting that a variant of the Petya ransomware is responsible; Petya is a well-understood ransomware type that we have reported on since 2016.
3:11PM
Shipping container terminals in Rotterdam shut down
Maersk, a Danish shipping firm, has confirmed that 17 of its shipping container terminals have been crippled by the same cyber attack which hit Ukraine.
3:08PM
Russian oil giant hacked
Russian oil giant Rosneft has said that its servers had suffered a "powerful" cyberattack, as the company is locked in a bitter court fight with the Russian conglomerate Sistema.
"A powerful hacking attack has been carried out against the company's servers," Rosneft said on Twitter, adding that it "hopes" the incident was "not connected to current legal proceedings".
A tweet from an account belonging to Ukraine deputy prime minister, Rozenko Pavlo, appeared to show first-hand the effects of the hack.
3:06PM
WPP confirms hack
A spokesman for WPP has confirmed that the British advertising firm is also a victim of the hack.
Share this article
