Massive cyberattack sweeping across Europe, US

ABC News



A massive cyberattack that freezes computers and demands a ransom to open them has hit companies in the U.S. and around the world today, U.S. officials and private cybersecurity analysts say.

Among the American targets are the giant Merck pharmaceutical company in New Jersey, the Mondelez food company that produces Oreo cookies, and a major multinational law firm, Piper DLA.

The ransomware attack, known as ‘Petya,’ used a global spam campaign to trick users into downloading malicious software onto their computers that locked them out of the device until they paid $300 in Bitcoin.

Unlike the attack from the WannaCry virus in May, which seized control of hundreds of thousands of computers and spread disruption around the world, researchers tell ABC News that today’s ransom ware has no known “kill switch,” which was used to limit the attack.

The ‘Petya’ virus does appear to also be using the leaked hacking tools, most likely the so-called DoublePulsar exploit, developed by the U.S. National Security Agency to spread quickly throughout vulnerable corporate networks with outdated security software.

“Many researchers are seeing evidence that the NSA exploits are being used to propagate this,” John Bambenek of Fidelis Cybersecurity told ABC News. “But in this case it’s a whack-a-mole defense. There’s nothing that would shut it down.”

Early reports indicated the virus affected major companies in Russia and Ukraine as well as the world’s largest shipping firm, Maersk, according to the affected companies and government sources.

Ukraine appears to have been particularly hard hit, with the country’s government reporting that some of its systems, as well as those of key institutions including banks and telecom providers, had been affected.

The U.S. pharmaceutical company Merck confirmed on Twitter that its network had been infected.

“We confirm our company’s computer network was compromised today as part of global hack,” the company tweeted. “Other organizations have also been affected. We are investigating the matter and will provide additional information as we learn more.”

Mondelez International, a New Jersey-based food and drink company, released a statement saying its networks were down.

“The Mondelez International network is experiencing a global IT outage. Our global special situations management team is in place, and they are working to resolve the situation as quickly as possible. We will update as we have more information.”

A spokesperson for DLA Piper, a global law firm with offices in Washington, D.C., also confirmed that malware had spread to its system.

“The firm, like many other reported companies, has experienced issues with some of its systems due to suspected malware. We are taking steps to remedy the issue as quickly as possible.”

Photos of the screens of computers and ATMs affected by the virus sent to ABC News and other media outlets showed the following message: “If you see this text, then your files are no longer accessible because they have been encrypted. Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service.”

The global shipping firm Maersk reported its IT systems had also been affected by the attack, with local media showing the same ransom message from the firm’s offices in Rotterdam, Reuters reported.

Russia’s state-owned energy giant, Rosneft, said it had also suffered a major attack, but in a statement on Twitter said it had succeeded in halting it. Workers at another major Russian oil company, Bashneft, told the Russian newspaper Vedomosti the firm had also been affected. An analyst at IB-Group told the Russian news site RNS that at least 80 companies had been affected in Russia and Ukraine.

In Ukraine, the virus struck the country’s government administration. The country’s vice prime minister, Pavlo Rozenko, wrote on Facebook that the cabinet’s office computers were all locked out. Ukraine’s central bank said a number of banks in the country had been hit, as well as a state energy company. Some ATMs in the country were blocked and also displayed the lock-out screen. Ordinary Ukrainians reported being unable to use some banking services. Local Ukrainian media reported that the country’s Borispol airport was also attacked, as well as Ukraine’s national rail company.

An advisor to Ukraine’s interior ministry, Anton Gerashchenko, called the cyber-attack the worst in the country’s history in a post on his Facebook page.

Researchers told ABC News that they do not believe that a nation state was behind the attack and suggested that it could have been launched by a lone cybercriminal.

“I think what’s happened here is someone is launching this tool to stock a Bitcoin wallet and is probably just surprised at how effective it is,” said Erik Rasmussen, a former deputy prosecuting attorney and special agent with the U.S. Secret Service who now works for the cybersecurity firm Kroll. “This attack doesn’t have a specific target, so it’s likely ransomware that’s gone awry and is just really good at doing damage.”

Bambenek suggested that the surprise success of the virus has made its creator a top target for law enforcement.

“This individual has just put himself on the top of everybody’s dinner menu,” Bambenek said.

AFP/Getty Images

Categories: National News, News

Related Posts