Cyber assault wreaks havoc on Ukraine and infects major global companies' IT systems

Latest malware strike hits eastern European country hard but also infects computers of global shipping giant Maersk, French manufacturing giant Saint-Gobain and other major companies worldwide.

Container shipping and oil and gas production are among the sectors that have been hit by the latest major international cyber strike, which has wrought particular havoc on critical infrastructure in Ukraine – a country that has regularly found itself in the cross-hairs of cyber criminals in recent years.

A form of powerful malware, believed to be related to a ransomware tool called Petrwrap, disrupted radiation checks at the Chernobyl power plant and the infected IT systems of the country’s national bank, it emerged last night.

Ukraine’s postal service, the country’s largest airport systems and the Kiev Metro system were also hit. The countrys Deputy Prime Minister Pavlo Rozenko posted a picture of a darkened computer screen on Twitter, saying the computer system at the governments headquarters had been shut down. The eastern European country’s power network has also allegedly fallen victim yet again, following previous blackouts caused by cyber interference last year and in 2015.

The virus, which renders computers virtually inaccessible by encrypting their hard drives and then demands a ransom to be paid in untraceable bitcoin, is also known to have affected major companies internationally including the Spanish food group that owns Cadbury, French manufacturer Saint-Gobain, US pharmaceutical firm Merck and Danish shipping company Maersk.

Russia’s top oil producer Rosneft also said its servers had been hit by the cyber weapon but its oil production was unaffected. Andrew Clarke from IT security company One Identity said: “Once the system is locked, the user is faced with a demand for a bitcoin payment to receive the unlock key.”

The virus usually arrives via a spam email containing a web link or an attachment, he said. 

Bogdan Botezatu, a senior e-threat analyst at Bitdefender, which provides cyber-security packages for businesses, warned against paying any ransom money to attackers.

He said: I would strongly advise against paying the ransom, because this keeps this vicious circle in which hackers get enough money to fuel even more complex malware and this is why ransomware has become so popular in just three years.

It's a billion-dollar business and the more customers they have, the more advanced the future ransomware attacks will be.

He said experts would work on trying to find a flaw in the ransomware in order to create a decryption tool, but added there was no guarantee that victims would get their information back.

Cyber security lawyer Robert Cattanach said the attack was ominous since it confirmed the sophistication of cyber criminals, whom it is believed may be state sponsored.

Cattanach said: “The lack of reported monetary gain from the most recent similar attack – WannaCry – also raises the question of the true motive of the attackers. It also highlights the reality that no sector of industry or government is immune from attack, and underscores the lack of any ability to coordinate defences cross-border, raising again the question of the proper role of government in protecting its citizens and commerce.

The National Cyber Security Centre, which is part of UK intelligence agency GCHQ, said there was a global ransomware incident” ongoing.

A spokesman said: We are aware of a global ransomware incident and are monitoring the situation closely.

The NCSC website provides advice to the public and business on how to protect your digital systems.

UK defence secretary Michael Fallon yesterday said Britain would be prepared to send troops or authorise air strikes in retaliation for any future cyber attack that threatened the country.

Speaking at the Chatham House think tank, he also warned that Britain had the capability to carry out “offensive” cyber attacks of its own.

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them

Close