Huge 'Petya' cyber attack spreading across the world in potential repeat of 'Wannacry' hack

Andrew Griffin
Tuesday 27 June 2017 16:07 BST
'Petya' cyber attack hits firms across the world

A huge cyber attack that initially hit Ukraine has spread across the world, causing major disruption.

The hack was already the biggest in Ukraine's history but it has now affected other countries – including the UK, Spain and India – and may be functioning like the massive "Wannacry" attack that crippled the NHS, according to cyber security experts.

The attack is hitting major infrastructure in the countries where it has spread and has also affected companies ranging from Danish shipping giant Maersk to the British advertising company WPP.

The British National Cyber Security Centre said that it was "aware of the global ransomware incident" and is "monitoring the situation closely".

Maersk said that it didn't yet know the cause of the outage but that it suspected it could extend across all of its global operations.

Some security experts have suggested the attack could be even bigger than the Wannacry attack, which spread across the world in May. That was most famous for locking down computers across hospitals and doctors surgeries, but it also hit other major international companies.

At the time, cyber security professionals warned that a repeat attack could be launched that would be even bigger than that crippling hack.

Initial reports had suggested that this was a coordinated hack being launched at Ukraine and Russia at the same time. It's not clear how it began, or how it made its way to other countries.

Russia's top oil producer Rosneft said a large-scale cyber attack hit its servers on Tuesday and computer systems at some banks and the main airport in neighbouring Ukraine were also disrupted.

Britain's WPP, the world's biggest advertising agency, said it had been hit by a cyber attack, one of many major corporations to face major disruption.

A hospital in the US and pharmaceutical company Merck also fell victim, and Cadbury owner Mondelez International said it had experienced a "global IT outage" which it was working to resolve.

The State Agency of Ukraine on Exclusion Zone Management said Chernobyl's radiation monitoring system has been switched to manual and is operating normally.

The current ransomware is known as GoldenEye, according to Bogdan Botezatu, a senior e-threat analyst at Bitdefender.

Victims of the malware are asked to pay a 300-dollar ransom after their hard drive is encrypted, crashing their computer.

Mr Botezatu, who warned against paying any money, said on Tuesday night that the malware operators received 27 payments totalling almost 7,000 dollars in digital currency in around five hours.

A spokesman confirmed it had been affected without giving any further details. The company's website was not available.

Seventeen shipping container terminals run by APM Terminals have been hacked, including two in Rotterdam and 15 in other parts of the world, Dutch broadcaster RTV Rijnmond reported.

APM Terminals is a subsidiary of shipping giant Maersk, which has confirmed it is suffering from a cyber attack.

APM's website was difficult to reach and phone calls to its headquarters in The Hague and offices in Rotterdam went unanswered.

Man who accidentally halted global cyber attack: 'I'm no hero'

A spokeswoman for the company in Copenhagen confirmed its systems were "impacted" as part of Maersk's IT infrastructure.

The RTV report said computers were infected by ransomware that encrypted their hard drives. The broadcaster published an image of the screen of an affected machine with a message demanding a $300 payment.

Following last month's WannaCry incident some of the blame was directed at US intelligence agencies the CIA and the National Security Agency (NSA) who were accused of "stockpiling" software code which could be exploited by hackers.

Dr David Day, a senior lecturer in cyber security at Sheffield Hallam University, said he believed the latest attack was the "tip of the iceberg" and said he is frustrated at how it has been able to unfold.

He said: "Basically what they (the NSA) have done is they have created something which can be used as a weapon, and that weapon has been stolen and that weapon is now being used.

"And I think it underlines the whole need for debate over privacy versus security.

"The NSA will argue that the tool was developed with a need to ensure privacy, but actually what it's being used for is a weapon against security."

Additional reporting by agencies

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in