News
Spotlight: New Massive Cyber Attack Hits Global Targets, Likely to Grow Even More
Following the worldwide WannaCry ransomware attack in May, a new wave of massive cyber attack has struck targets globally since Tuesday. Experts warn that the latest attack may grow even more and last longer.
MASSIVE ATTACK SPREADS WIDELY
Ukrainian authorities said Tuesday that a massive cyber attack has struck dozens of the country’s government agencies, banks and private companies.
The websites of the Ukrainian cabinet and several ministries, the country’s power distributor, the state railway operator, the largest airport, several banks, and a string of retail and fuel networks have been hit by the attack.
In addition, the radiation monitoring at the Chernobyl nuclear facility was reportedly affected by the attack.
Experts estimated that the attack, which has affected about 80 websites, was the largest in Ukraine’s modern history.
Ukrainian Prime Minister Volodymyr Groysman has said that the information systems of Ukraine’s critical infrastructure were not affected by the cyber attack.
“It was an unprecedented attack, but our IT-experts are doing their job and protecting critical infrastructure. Important systems have not been affected,” Groysman wrote on Facebook.
According to Moscow-based cyber security company Group-IB laboratory, more than 80 companies in Russia and Ukraine came under the massive cyberattacks on Tuesday, including Russia’s oil giant Rosneft.
The cyberattack targeted a number of oil, telecommunications and financial companies in Russia and Ukraine, blocking computers and demanding USD 300 in Bitcoins, Group-IB told Russia’s Prime news agency.
According to media reports, other big companies in Europe affected by the attack include Danish shipping conglomerate Maersk, British advertising agency WPP, Dutch shipping company TNT Express, and French construction and high-performance materials company Saint Gobain.
The cyber attack that had caused chaos in Europe also halted operations at the US Port of Los Angeles’ largest terminal on Tuesday.
The APM Terminals, operated by the shipping giant A.P. Moller-Maersk which handles about 16 percent of the world’s shipping fleet, was shut down for hours on Tuesday as the company’s IT systems were disturbed, according to the Los Angeles Daily News.
Just weeks ago the world was gripped by a mysterious computer virus known as WannaCry, which infected 300,000 computers in 150 countries and wreaked havoc on some of the world’s largest companies.
ATTACK LIKELY TO GROW EVEN MORE
Kaspersky Lab said Wednesday that the new ransomware attack that started Tuesday “is likely to grow even more.”
In an updated blog posting, the multinational cybersecurity and anti-virus services provider said its experts concluded that the new malware is significantly different from all earlier known versions of Petya, a family of encrypting ransomware that was first discovered in 2016.
Petya targets Microsoft Windows-based software systems, infecting the master boot record to execute a payload that encrypts the file table with the New Technology File System (NTFS) format, which is used by current Windows versions for storing and retrieving files on a hard disk or other data storage devices, demanding a payment in Bitcoin in order to regain access to the system.
Unofficially, the author of the posting noted, “we’ve named it ExPetr or NotPetya.”
“The attack appears to be complex, involving several attack vectors,” according to the posting. “We can confirm that a modified EternalBlue exploit is used for propagation, at least within corporate networks.”
EternalBlue, generally believed to have been developed by the US National Security Agency (NSA) to exploit a vulnerability in Microsoft’s implementation of the Server Message Block (SMB) protocol, was made available on the Internet by the Shadow Brokers hacker group on April 14.
Although it was patched by Microsoft on March 14, EternalBlue was used as part of the worldwide WannaCry ransomware attack on May 12.
As in the WannaCry case, the attacker behind the new ransomware tried to extort payment equivalent to 300 dollars in Bitcoin, a cryptocurrency, from its victims for what the attacker called a “decryption key.”
A Finnish expert on computer security has said that the latest cyber blackmail program may continue much longer than the WannaCry computer virus attack earlier this year.
“The spreading of Petya will come to a halt only when it has contaminated all those systems it has been able to enter,” Mikko Hypponen, research director of the Finnish computer security company F-Secure, told national broadcaster Yle on Tuesday.
The expert explained that the reason is that it has no central server that could be used to stop it.
In Australia, all companies are vulnerable if their computers aren’t patched, a cyber security expert warned on Wednesday, as the race begins to protect against the latest global ransomware attack.
So far in Australia, the Cadbury Chocolate factory and global law firm DLA Piper are the only business to have been reportedly affected, but this number is expected to rise, according to National Surveillance and Intelligence Managing Director Navid Sobbi.
“It exploits vulnerabilities in unpatched windows operating systems,” Sobbi said.
The virus blocks all access to the users files and displays a ransom message that demands 300 dollars worth of the cryptocurrency, Bitcoin, be paid. But according to Sobbi, it appears even if the users pay, the virus still won’t return the files.
Although similar to the WannaCry virus, Petwrap (NotPetya or GoldenEye) is actually just a new variant of the 2016 virus Patya, Sobbi said.
“It employs the same exploits as WannaCry, but so far there is no kill switch found in it and there has been no weaknesses, unlike WannaCry.”
So far, it remains unclear where the virus originated from or who is responsible. (Xinhua)