New cyber attack spreads across Europe

Over 80 firms in Russia, Ukraine hit by Petya virus which wants users to pay $416 ransom

A ransom message popping up on a monitor of a payment terminal at a branch of Ukraine's state-owned bank Oschadbank after institutions were hit by a wave of cyber attacks yesterday. The new virus, which is spreading to many countries, has a fake Microsoft digital signature appended to it, said the director of the global research and analysis team at Moscow-based Kaspersky Lab. PHOTO: REUTERS

Updated

Published

Jun 28, 2017, 05:00 AM

KIEV • A new cyber attack similar to WannaCry is spreading across Europe, hitting major companies from Rosneft PJSC in Moscow to A.P. Moller-Maersk in Copenhagen while disrupting government systems in Kiev.

More than 80 companies in Russia and Ukraine were affected by the Petya virus that disabled computers yesterday and told users to pay US$300 (S$416) in cryptocurrency to unlock them, according to the Moscow-based cyber security company Group-IB.

Telecommunications operators and retailers were also affected and the virus is spreading in a similar way to the WannaCry attack last month, it said.

The intrusion is "the biggest in Ukraine's history", Mr Anton Gerashchenko, an aide to the Interior Ministry, wrote on Facebook.

The goal was "the destabilisation of the economic situation and in the civic consciousness of Ukraine", though it was "disguised as an extortion attempt", he said.

He added the attacks probably originated from Russia.

Kremlin-controlled Rosneft, Russia's largest crude oil producer, said in a statement that it avoided "serious consequences" from the "hacker attack" by switching to "a backup system for managing production processes".

Denmark's Maersk, operator of the world's largest container line, said its customers could not use online booking tools and its internal systems were down. The attack is affecting multiple sites and units, which include a major port operator and an oil and gas producer, spokesman Concepcion Boo Arias said over the phone.

Saint-Gobain, a French manufacturer, said its systems had also been infected, though a spokesman declined to elaborate. UK media company WPP has also been hit.

"IT systems in several WPP companies have been affected," the company said in e-mail statement.

The strikes follow the global ransomware assault involving the WannaCry virus that affected hundreds of thousands of computers in more than 150 countries, as extortionists demanded US$300 in bitcoin from victims.

Ransomware attacks have been soaring and the number of such incidents increased by 50 per cent last year, according to Verizon Communications.

Kievenergo, a Ukrainian utility company, switched off all computers after the hack, while another power company, Ukrenergo, was also affected, though "not seriously", the Interfax news service reported. Ukrainian airports and railways are operating as usual, according to the Russian news service.

Ukrainian delivery network Nova Poshta halted service to clients after its network was infected, the company said on Facebook. Ukraine's Central Bank warned on its website that several banks had been targeted by hackers.

The new virus has a fake Microsoft digital signature appended to it and the attack is spreading to many countries, Mr Costin Raiu, director of the global research and analysis team at Moscow-based Kaspersky Lab, said on Twitter.

BLOOMBERG, REUTERS