World in grip of widespread '˜ransomware' cyber attack

Widespread disruption has hit organisations across the world in the second major cyber attack to strike in as many months.
Organisations around the world have been hit by the second major cyber attack in as many months. Picture: Dominic Lipinski/PA WireOrganisations around the world have been hit by the second major cyber attack in as many months. Picture: Dominic Lipinski/PA Wire
Organisations around the world have been hit by the second major cyber attack in as many months. Picture: Dominic Lipinski/PA Wire

Big business including advertising giant WPP and law firm DLA Piper were affected, while government offices in eastern Europe were also hit.

A hospital in the US and pharmaceutical company Merck also fell victim, and Cadbury owner Mondelez International said it had experienced a “global IT outage” which it was working to resolve.

Hide Ad
Hide Ad

Government officials reported major disruption to the power grid, banks and government offices in Ukraine, where news of the attack first emerged on Tuesday.

The latest virus comes just weeks after ransomware – the name given to programmes that hold data hostage by scrambling it until a payment is made – downed systems across the globe, including the NHS in the UK.

More than 200,000 victims in around 150 countries were infected by the WannaCry or Wanna Decryptor ransomware, which originated in the UK and Spain last month, before spreading globally.

The National Cyber Security Centre, part of intelligence agency GCHQ, said it was monitoring the current “global ransomware incident”.

WPP, the world’s biggest advertising business, confirmed it had been hit, while DLA Piper has taken its email system down as a preventative measure.

Russia’s Rosneft energy company also reported being hit, as did shipping company AP Moller-Maersk, which said every branch of its business was affected.

Ukrainian deputy prime minister Pavlo Rozenko posted a picture of a darkened computer screen on Twitter, saying the computer system at the government’s headquarters had been shut down.

Hide Ad
Hide Ad

In reference to the attack, the State Agency of Ukraine on Exclusion Zone Management said Chernobyl’s radiation monitoring system has been switched to manual and is operating normally.

An email address posted at the bottom of ransom demands was blocked by Berlin-based host Posteo, which said it had contacted German authorities after realising the account was associated with the malware.

The current ransomware is known as GoldenEye, according to Bogdan Botezatu, a senior e-threat analyst at Bitdefender.

Victims of the malware are asked to pay a $300 (£234) ransom after their hard drive is encrypted, crashing their computer.

Botezatu, who warned against paying any money, said that the malware operators received 27 payments totalling almost $7,000 in digital currency in around five hours.

He said: “I would strongly advise against paying the ransom, because this keeps this vicious circle in which hackers get enough money to fuel even more complex malware and this is why ransomware has become so popular in just three years.

“It’s a billion-dollar business and the more customers they have, the more advanced the future ransomware attacks will be.”

Hide Ad
Hide Ad

The ransomware is believed to be spreading from one computer to another using the exploit EternalBlue, which was also used in the WannaCry attack.

Botezatu said GoldenEye, a more advanced version of the malware Petya, may have a number of exploits, meaning even those who patched their systems against EternalBlue after the WannaCry attack may still be vulnerable to the latest hack.

He said experts will work on trying to find a flaw in the ransomware in order to create a decryption tool, but there is no guarantee victims will get their information back.

Following last month’s WannaCry incident some of the blame was directed at US intelligence agencies the CIA and the National Security Agency (NSA) who were accused of “stockpiling” software code which could be exploited by hackers.

Dr David Day, a senior lecturer in cyber security at Sheffield Hallam University, said he believed the latest attack is the “tip of the iceberg” and said he is frustrated at how it has been able to unfold.

He said: “Basically what they (the NSA) have done is they have created something which can be used as a weapon, and that weapon has been stolen and that weapon is now being used. And I think it underlines the whole need for debate over privacy versus security.

“The NSA will argue that the tool was developed with a need to ensure privacy, but actually what it’s being used for is a weapon against security.”