Jun 27, 2017

Massive ransomware attack hits Europe


A massive cyberattack appears to have hit Europe, touching a number of countries, companies and public domains.

  • WPP, one of the world's largest advertising agencies confirmed on Twitter that its IT system has been affected from a possible cyberattack. Employees at Ogilvy and other WPP agencies were sent home.
  • AP reports that Ukraine's prime minister Volodymyr Groysman said the cyberattack is 'unprecedented' but that 'vital systems' haven't been affected, but Ukrainian banks and an electricity firm have been attacked. A Ukrainian official wrote on his official Facebook page that a Ukrainan airport's IT systems had also been compromised.
  • Russia's state-controlled oil company (and the world's largest publicly listed oil company by production), PAO Rosneft, said it was under a "massive hacker attack" but said its oil production hadn't been affected, per WSJ,
  • The WSJ also reports that an attack brought down computer systems across Denmark's shipping giant Maersk, which runs the world's largest container operator.
  • A large percentage of infected machines appear to be Windows 7 and 10 with a majority running 64-bit OS, according to David Kennerley at Webroot.

Daniel Smith, security researcher at Radware, tells Axios the attack is a global ransomware campaign, meaning the attackers are asking victims to forward money to be relieved. "This outbreak is leveraging the ransomware variant PETRWRAP/PETYA and spreading via the EternalBlue exploit, similar to how WannaCry spread," said Smith. "The ransom requested is $300 BTC upon infection. There is only one BTC address associated with this campaign."

What is "Petya"? A strain of attack first reported in March that reboots victims' computers, encrypts their hard drive's master file (instead of individual files) and renders their entire master hard drive inoperable. The Petya component includes many features that enable to malware to remain viable on infected systems, and the EternalBlue component enables it to proliferate through organizations that don't have the correct patches or antivirus software.

"This is a great example of two malware components coming together to generate more pernicious and resilient malware," said Phil Richards, chief information officer at Ivanti.

Timing: The attack comes just over a month after the massive WannaCry ransomware attack, conducted by a North Korean hacking group, that spread to 300,000 breaches across 150 countries. Last October, a DDOS (distributed denial of service) cyberattack shut down a huge portion of the internet. Many organizations spent countless hours trying to patch the vulnerability to the WannaCry attack and were not necessarily paying attention to other vulnerabilities in their devices, Kennerley said.

Who is responsible? Monzy Merza, head of cyber research for Splunk — a San Francisco software company that detects cyber-attacks and insider threats — speculates it might be Ukraine's neighboring countries or hackers nearby since geospatial proximity makes attacking easier. He also notes that the attackers were likely using Ukraine as a "testing ground" for future attacks.

Why it matters: Merza says people are becoming increasingly aware of these types of cyber attacks because they are starting to directly affect people outside of the cyber realm.

This story is being updated.

Go deeper

Pope Francis delivers Palm Sunday sermon to empty St. Peter’s Basilica

Photo: Alberto Pizzoli/POOL/AFP via Getty Images

Pope Francis called on listeners in his Palm Sunday sermon — on the first day of Holy Week — to "reach out to those who are suffering and those most in need" during the coronavirus pandemic, Reuters reports.

Why it matters: Francis delivered his message inside an empty St. Peter’s Basilica, broadcasting it over the internet to churches around the world.

Go deeperArrow29 mins ago - World

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 7:30 a.m. ET: 1,213,927 — Total deaths: 65,652 — Total recoveries: 252,391Map.
  2. U.S.: Total confirmed cases as of 7:30 a.m. ET: 312,245 — Total deaths: 8,503 — Total recoveries: 15,021Map.
  3. Public health latest: CDC launches national trackers and recommends face coverings in public. Federal government will cover costs of COVID-19 treatment for uninsured. The virus is hitting poor, minority communities harder and upending childbirth.
  4. 2020 latest: "We have no contingency plan," Trump said on the 2020 Republican National Convention. "We're having the convention at the end of August."
  5. Business updates: Restaurants step up for health care workers. Employees are pressuring companies to provide protections during coronavirus.
  6. Oil latest: Monday meeting among oil-producing countries to discuss supply curbs is reportedly being delayed amid tensions between Saudi Arabia and Russia.
  7. Education update: Many college-age students won't get coronavirus relief checks.
  8. 1 🏀 thing: The WNBA postpones start of training camps and season.
  9. What should I do? Pets, moving and personal health. Answers about the virus from Axios expertsWhat to know about social distancingQ&A: Minimizing your coronavirus risk.
  10. Other resources: CDC on how to avoid the virus, what to do if you get it.

Subscribe to Mike Allen's Axios AM to follow our coronavirus coverage each morning from your inbox.

Virus vices take a toll on Americans

Illustration: Sarah Grillo/Axios

Americans are doubling down on their worst habits to cope with the mental and emotional stress of the coronavirus pandemic.

Why it matters: The pandemic will have a long-lasting impact on health of the American people, in part due to the habits they will pick up during the weeks and months they are forced to stay home.

Go deeperArrow2 hours ago - Health