Filed Under:Risk Management, Cybersecurity

Global cyberattack hits telecoms, retailers, Chernobyl nuclear plant

Users told to pay $300 in cryptocurrency to unlock computer systems

More than 80 companies in Russia and Ukraine — and the Chernobyl nuclear plant — were initially affected by the Petya virus that disabled computers Tuesday and told users to pay $300 in cryptocurrency to unlock them.  (Photo: Shutterstock)
More than 80 companies in Russia and Ukraine — and the Chernobyl nuclear plant — were initially affected by the Petya virus that disabled computers Tuesday and told users to pay $300 in cryptocurrency to unlock them. (Photo: Shutterstock)

(Bloomberg) -- A new cyberattack similar to WannaCry is spreading from Europe to the U.S., hitting port operators in New York and Rotterdam, disrupting government systems in Kiev, and disabling operations at companies including Rosneft PJSC and advertiser WPP Plc.

More than 80 companies in Russia and Ukraine — and the Chernobyl nuclear plant — were initially affected by the Petya virus that disabled computers Tuesday and told users to pay $300 in cryptocurrency to unlock them. Telecommunications operators and retailers were also affected and the virus is spreading in a similar way to the WannaCry attack in May, Moscow-based cybersecurity company Group-IB said.

Rob Wainwright, executive director at Europol, said the agency is "urgently responding" to reports of the new cyber attack. In a separate statement, Europol said it’s in talks with "member states and key industry partners to establish the full nature of this attack at this time."

Kremlin-controlled Rosneft, Russia’s largest crude producer, said in a statement that it avoided “serious consequences” from the “hacker attack” by switching to “a backup system for managing production processes.”

U.K. media company WPP’s website is down, and employees have been told to turn off their computers and not use WiFi, according to a person familiar with the matter. Sea Containers, the London building that houses WPP and agencies including Ogilvy & Mather, has been shut down, another person said. “IT systems in several WPP companies have been affected,” the company said in emailed statement.

Global attack


The hack has quickly spread from Russia and the Ukraine, through Europe and into the U.S. A.P. Moller-Maersk, operator of the world’s largest container line, said its customers can’t use online booking tools and its internal systems are down. The attack is affecting multiple sites and units, which include a major port operator and an oil and gas producer, spokeswoman Concepcion Boo Arias said by phone.

APM Terminals, owned by Maersk, is experiencing system issues at multiple terminals, including the Port of New York and New Jersey, the largest port on the U.S. East Coast, and Rotterdam in The Netherlands, Europe’s largest harbor. APM Terminals at the Port of New York and New Jersey will be closed for the rest of the day “due to the extent of the system impact,” the Port said.

Cie de Saint-Gobain, a French manufacturer, said its systems had also been infected, though a spokeswoman declined to elaborate, and the French national railway system, the SNCF, was also affected, according to Le Parisien. Mondelez International Inc. said it was also experiencing a global IT outage and was looking into the cause. Merck & Co. Inc., based in Kenilworth, New Jersey, reported that its computer network was compromised due to the hack.

New virus called Petya


The strikes follow the global ransomware assault involving the WannaCry virus that affected hundreds of thousands of computers in more than 150 countries as extortionists demanded $300 in Bitcoin from victims. Ransomware attacks have been soaring and the number of such incidents increased by 50% in 2016, according to  Verizon Communications Inc. 

Related: Ransomware's good, bad and ugly impact on insurers

Analysts at Symantec Corp., have said the new virus, called Petya, uses an exploit called EternalBlue to spread, much like WannaCry. EternalBlue works on vulnerabilities in Microsoft Corp.’s Windows operating system.

The new virus has a fake Microsoft digital signature appended to it and the attack is spreading to many countries, Costin Raiu, director of the global research and analysis team at Moscow-based Kaspersky Lab, said on Twitter.

The attack has hit Ukraine particularly hard. The intrusion is “the biggest in Ukraine’s history,” Anton Gerashchenko, an aide to the Interior Ministry, wrote on Facebook. The goal was “the destabilization of the economic situation and in the civic consciousness of Ukraine,” though it was “disguised as an extortion attempt,” he said.

Kyivenergo, a Ukrainian utility, switched off all computers after the hack, while another power company, Ukrenergo, was also affected, though “not seriously,” the Interfax news service reported.

Ukrainian delivery network Nova Poshta halted service to clients after its network was infected, the company said on Facebook. Ukraine’s Central Bank warned on its website that several banks had been targeted by hackers.

Related: 11 tips for effective cyber security

Copyright 2018 Bloomberg. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Related

Ransomware attacks leave insurers and businesses exposed

The recent WannaCry incident confirms what they and many insurers have feared — that a large-scale attack could involve entities...

Featured Video

Most Recent Videos

Video Library ››

Top Story

20 safest airlines to fly with in 2018

To recognize those leading the way, AirlineRatings.com released its annual list of the world's safest airlines. Of the 409 airlines it monitors, 20 stand out as the 'best of the best.'

Top Story

11 ways cars will be smarter in 2018

Connected vehicle technology, better electric batteries, and 'infotainment' systems are just three of the trends for insurers and claims specialists to watch.

More Resources

Comments

eNewsletter Sign Up

PropertyCasualty360 Daily eNews

Get P&C insurance news to stay ahead of the competition in one concise format - FREE. Sign Up Now!

Mobile Phone

Advertisement. Closing in 15 seconds.