Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

UK National Cyber Security Centre says it is 'aware of global ransomware incident'

Companies in UK, US, Germany, Ukraine, Russia and Norway among those affected so far

Lizzie Dearden
Tuesday 27 June 2017 16:58 BST
'Petya' cyber attack hits firms across the world

The UK’s National Cyber Security Centre says it is aware of a cyber attack spreading around the world amid fears of disruption to infrastructure including banking and transport.

“We’re aware of the global ransomware incident and are monitoring the situation closely,” a spokesperson told The Independent, advising members of the public and businesses to check its website for guidance on keeping their systems secure.

British advertising firm WPP said IT systems in several of its companies were affected by the attack, as Maersk employees were sent home from its offices in Berkshire.

The first reports came from Ukraine, where state infrastructure including government-owned banks, energy firms, transportation and ministers’ computers were hit by the ransomware.

Russian oil giant Rosneft, the world’s largest shipping company Maersk and firms in the US and Norway were among those affected.

Meanwhile, the hack caused authorities in the Chernobyl exclusion zone to switch to manual radiation monitoring at the site of the 1986 nuclear disaster.

Infected computers display a message demanding a payment of $300 (£235) in Bitcoin to re-gain access to encrypted files.

A message demanding money is seen on a monitor of a payment terminal at a branch of Ukraine's state-owned bank Oschadbank after a wave of cyber attacks, in Kiev, Ukraine, June 27, 2017. (Reuters)

The Swiss government’s Reporting and Analysis Centre said the Petya virus was believed to be responsible and was spreading by “exploiting the SMB (Server Message Block) vulnerability”.

This view was echoed by Germany's Federal Office for Information Security. Businesses in the country were also affected, the agency said and urged firms to report any issues.

BSI President Arne Schoenbohm said a software patch available from Microsoft could have prevented infections in many cases, although Petya also used an administrative tool in internal networks that attacked even systems that have been patched.

Petya was previously blamed for disrupting systems in 2016 and works similarly to the WannaCry ransomware that infected more than 230,000 computers in 150 countries last month.

Maersk said its IT systems were down across “multiple sites and businesses due to a cyber attack” that could affect its global operations.

Employees at Maersk’s main UK office in Maidenhead said all staff had been locked out of their computers and sent home for the day.

The Danish business congolmerate is the largest container shipping company in the world and also operates in the oil and gas sectors.

Seventeen shipping container terminals run by Maersk subsidiary APM Terminals have also been hacked, including two in Rotterdam and 15 in other parts of the world, according to Dutch television.

American pharmaceutical giant Merck confirmed its network had been "compromised" by the attack and said it was launching an investigation.

Norway’s national security agency said the ransomware was affecting an unnamed “international company” in the country.

Rosneft, a Russian government-owned oil firm, said it was also targeted by a “massive hacker attack” on its servers, as was steel maker Evraz.

Ukraine’s national bank, state power company and largest airport were among the targets first reported targets on Tuesday.

The website of Boryspil International Airport during a cyber attack targeting Ukrainian infrastructure on 27 June 2017

Rozenko Pavlo, the deputy Prime Minister, said he and other members of the government were unable to access their computers.

Ukrainian state-run aircraft manufacturer Antonov was among the companies hit, along with state power distributor Ukrenergo, which said the attack did not affect power supplies.

The National Bank of Ukraine said an “unknown virus” was to blame, saying several unnamed Ukrainian banks were affected along with financial firms.

“As a result of cyber attacks, these banks have difficulties with customer service and banking operations,” a statement said.

“The National Bank bank is confident that the banking infrastructure's defence against cyber fraud is properly set up and attempted cyber attacks on banks' IT systems will be neutralised.”

Computers and departure boards for Boryspil International Airport in Kiev – the largest in Ukraine – were also down.

The Ukrposhta state postal service, television stations and transport were affected by the attack, which left Kiev metro passengers unable to pay using bank cards.

Many ATMs were disabled, displaying the message left by hackers, as were tills in supermarkets.

Ukraine's Prime Minister later described the attack as “unprecedented” but said “vital systems haven't been affected”.

Emails hit as Parliament targeted by cyber security attack

“Our IT experts are doing their job and protecting critical infrastructure, Volodymyr Groysman added.

"The attack will be repelled and the perpetrators will be tracked down."

Ukraine has blamed Russia for repeated cyber attacks targeting crucial infrastructure during the past three years, including one on its power grid that left part of western Ukraine temporarily without electricity in December 2015.

Russia has denied involvement and the orchestrators of Tuesday’s attack were not known, although onlookers estimated they could make billions of dollars from the hack.

The UK’s Houses of Parliament were targeted in a separate attack on Friday that compromised up to 90 accounts as part of efforts to access the accounts of MPs, peers and their staff by searching for weak passwords.

The growth of global cyber attacks, including those targeting the election campaigns of Hillary Clinton and Emmanuel Macron, have sparked warnings of a “permanent war” online.

Guillaume Poupard, director general of the National Cybersecurity Agency of France (ANSSI) said intensifying attacks were coming from unspecified states, as well as criminal and extremist groups.

“We must work collectively, not just with two or three Western countries, but on a global scale,” he added, saying attacks could aim at espionage, fraud, sabotage or destruction.

“We are getting closer, clearly, to a state of war - a state of war that could be more complicated, probably, than those we've known until now.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in