28 Jun 2017

Cyber attack hits companies across Europe

6:20 am on 28 June 2017

A major ransomware attack has struck large companies across Europe including Russia's biggest oil company, Ukraine's international airport and global shipping firm Maersk.

Keyboard, computer, cyber attack

Companies across Europe are reporting that they have been struck by a major ransomware cyber attack Photo: 123rf

Firms in Ukraine, including the state power company and Kiev's main airport, were among the first to report issues.

The Chernobyl nuclear power plant has also had to monitor radiation levels manually after its Windows-based sensors were shut down.

Cyber security firms are scrambling to understand the scope and impact of the attacks, seeking to confirm suspicions hackers had leveraged the same type of NSA hacking tool exploited in the WannaCry attack in May. Experts suggest the malware is taking advantage of the same weaknesses used by the WannaCry attack.

"It appears to be a variant of a piece of ransomware that emerged last year," said computer scientist Prof Alan Woodward.

"It was updated earlier in 2017 by the criminals when certain aspects were defeated. The ransomware was called Petya and the updated version Petrwrap."

Andrei Barysevich, a spokesman for security firm Recorded Future, told the BBC that it had seen the malware for sale on many forums over the last 12 months.

Mr Barysevich said the attacks would not stop because cyber-thieves found them too lucrative.

"A South Korean hosting firm just paid $1 million to get their data back and that's a huge incentive," he said. "It's the biggest incentive you could offer to a cyber-criminal."

A bitcoin wallet associated with the outbreak has received several payments since the outbreak began. The wallet currently holds 1.5 bitcoins - equivalent to $US3500.

Firms report disruption

Others reporting problems include the Ukrainian central bank, the aircraft manufacturer Antonov, and two postal services.

Russian oil producer Rosneft and Danish shipping company Maersk also say they face disruption, including the latter's offices in the UK and Ireland.

Spanish media report that the offices of large multinationals such as food giant Mondelez and legal firm DLA Piper have suffered attacks.

Netherlands-based shipping company TNT said some of its systems needed "remediation".

And French construction materials company St Gobain has said that it had fallen victim.

British advertising agency WPP is among those to say its IT systems have been disrupted as a consequence.

The attacks come two months after the WannaCry attack caused major problems for the UK's National Health Service.

Veteran security expert Chris Wysopal from Veracode said the malware seemed to be spreading via some of the same Windows code loopholes exploited by WannaCry. Many firms did not patch those holes because WannaCry was tackled so quickly, he added.

Those being caught out were also industrial firms that often struggled to apply software patches quickly.

"These organisations typically have a challenge patching all of their machines because so many systems cannot have downtime," he said. "Airports also have this challenge."

- BBC / Reuters

Get the RNZ app

for ad-free news and current affairs