E&T News: Cyber assault wreaks havoc on Ukraine and infects major global companies' IT systems

Latest malware strike hits eastern European countries hard but also infects computers of global shipping giant Maersk, French manufacturing giant Saint-Gobain and other major companies worldwide.

Go to the profile of Georgina Bloomfield
Jun 28, 2017
Upvote 0 Comment

By Josh Loeb

Container shipping and oil and gas production are among the sectors that have been hit by the latest major international cyber strike, which has wrought particular havoc on critical infrastructure in Ukraine – a country that has regularly found itself in the cross-hairs of cyber criminals in recent years.

A form of powerful malware, believed to be related to a ransomware tool called Petrwrap, disrupted radiation checks at the Chernobyl power plant and the infected IT systems of the country’s national bank, it emerged last night.

Ukraine’s postal service, the country’s largest airport systems and the Kiev Metro system were also hit. The country’s Deputy Prime Minister Pavlo Rozenko posted a picture of a darkened computer screen on Twitter, saying the computer system at the government’s headquarters had been shut down. The eastern European country’s power network has also allegedly fallen victim yet again, following previous blackouts caused by cyber interference last year and in 2015.

The virus, which renders computers virtually inaccessible by encrypting their hard drives and then demands a ransom to be paid in untraceable bitcoin, is also known to have affected major companies internationally including the Spanish food group that owns Cadbury, French manufacturer Saint-Gobain, US pharmaceutical firm Merck and Danish shipping company Maersk.

Russia’s top oil producer Rosneft also said its servers had been hit by the cyber weapon but its oil production was unaffected. Andrew Clarke from IT security company One Identity said: “Once the system is locked, the user is faced with a demand for a bitcoin payment to receive the unlock key.”

The virus usually arrives via a spam email containing a web link or an attachment, he said. 

Bogdan Botezatu, a senior e-threat analyst at Bitdefender, which provides cyber-security packages for businesses, warned against paying any ransom money to attackers.

He said: “I would strongly advise against paying the ransom, because this keeps this vicious circle in which hackers get enough money to fuel even more complex malware and this is why ransomware has become so popular in just three years.

“It's a billion-dollar business and the more customers they have, the more advanced the future ransomware attacks will be.”

He said experts would work on trying to find a flaw in the ransomware in order to create a decryption tool, but added there was no guarantee that victims would get their information back.

Cyber security lawyer Robert Cattanach said the attack was “ominous” since it confirmed the sophistication of cyber criminals, whom it is believed may be state sponsored.

Cattanach said: “The lack of reported monetary gain from the most recent similar attack – WannaCry – also raises the question of the true motive of the attackers. It also highlights the reality that no sector of industry or government is immune from attack, and underscores the lack of any ability to coordinate defences cross-border, raising again the question of the proper role of government in protecting its citizens and commerce.”

The National Cyber Security Centre, which is part of UK intelligence agency GCHQ, said there was a “global ransomware incident” ongoing.

A spokesman said: “We are aware of a global ransomware incident and are monitoring the situation closely.

“The NCSC website provides advice to the public and business on how to protect your digital systems.”

UK defence secretary Michael Fallon yesterday said Britain would be prepared to send troops or authorise air strikes in retaliation for any future cyber attack that threatened the country.

Speaking at the Chatham House think tank, he also warned that Britain had the capability to carry out “offensive” cyber attacks of its own.

Read more on E&T here.

Go to the profile of Georgina Bloomfield

Georgina Bloomfield

Digital Content Editor, The Institution of Engineering & Technology

No comments yet.