Canadian Manufacturing

Hackers launch cyber attack across Europe UPDATED: Pharma giant Merck the latest victim

by Raphael Satter, The Associated Press   

Canadian Manufacturing
Operations Risk & Compliance Supply Chain Technology / IIoT Aerospace Energy Infrastructure Mining & Resources Oil & Gas Public Sector Transportation


There are reports of serious intrusions at the power grid, banks and government offices in Ukraine. Russia's Rosneft oil company also reported hacking, as did Danish shipping giant A.P. Moller-Maersk

This is a developing story. Check back here for updates

UPDATED: 3:30 pm EST: Security experts say a June 27 cyberattack shares something in common with last month’s WannaCry attack: Both spread by using digital break-in tools purportedly created by the U.S. National Security Agency and recently leaked to the web.

Security vendors Bitdefender Labs and Kaspersky Labs say the NSA exploit, known as EternalBlue, is allowing the malware to spread inside an organization’s network. Other than that, the latest malware is different from WannaCry.

Organizations should be protected if they had installed a fix that Microsoft issued in March.

Advertisement

But Chris Wysopal, chief technology officer at the security firm Veracode, says that’s only the case if 100 per cent of computers were patched. He says that if one computer gets infected, the new malware has a backup mechanism to spread to patched computers within the network as well.

Wysopal says the attack seems to be hitting large industrial companies that “typically have a hard time patching all of their machines because so many systems simply cannot have down time.”

UPDATE: 3:00 pm EST: Analyst Bogdan Botezatu at cybersecurity company Bitdefender said that it appeared to be nearly identical to GoldenEye, one of a family of hostage-taking programs that has been circulating for months. Some analysts were calling the new form of ransomware Petya.

It’s not clear whether or why the ransomware has suddenly become so much more potent, but Botezatu said that it was likely spreading automatically across a network, without the need for human interaction. Such self-spreading software, often called “worms,” are particularly feared because they can replicate rapidly, like a contagious disease.

“It’s like somebody sneezing into a train full of people,” Botezatu told The Associated Press. “You just have to exist there and you’re vulnerable.”

The world is still recovering from a previous outbreak of ransomware, called WannaCry or WannaCrypt, which spread rapidly using digital break-in tools originally created by the U.S. National Security Agency and recently leaked to the web.

“Data breaches and cyber hacks are one of the biggest risks facing business worldwide,” said Michelle Crorie, a partner at law firm Clyde & Co. who specializes in cybersecurity issues. “The WannaCry attack and now Petya clearly demonstrate that hackers do not discriminate which type of business they are targeting.”

This particular variant of ransomware leaves a message with a contact email; several messages sent to the address were not immediately returned.
——
UPDATE: 2:10 pm EST: The second-largest drugmaker in the United States is confirming it’s been affected by a cyberattack.

In a message sent using its verified Twitter account, Merck confirmed June 27 that its computer network was “compromised” as part of a global attack.

Officials said the Kenilworth, N.J.-based company was investigating the incident but provided no further details.

Merck has global locations including in Ukraine, where a new and highly virulent outbreak of malicious data-scrambling software causing mass disruption across Europe appeared to be hitting especially hard.

Dutch-based transport company TNT Express, which was taken over last year by FedEx, also said June 27 that it is suffering computer disruptions. Spokesman Cyrille Gibot says that “like many other companies and institutions around the world, we are experiencing interference with some of our systems within the TNT network. We are assessing the situation and are implementing remediation steps as quickly as possible and we regret any inconvenience to our customers.” He declined further comment.

——
UPDATE: 11:15 am EST: The number of companies and agencies reportedly affected by the ransomware campaign is piling up fast, and the electronic rampage appeared to be rapidly snowballing into a real-world world crisis. Dutch daily newspaper Algemeen Dagblaad says that container ship terminals in Rotterdam run by a unit of Maersk were affected. Rosneft said that the company narrowly avoided major damage.

“The hacking attack could have led to serious consequences but neither the oil production nor the processing has been affected thanks to the fact that the company has switched to a reserve control system,” the company said.

There’s very little information about who might be behind the disruption at each specific company, but cybersecurity experts rapidly zeroed in on a form of ransomware, the name given to programs that hold data hostage by scrambling it until a payment is made.

“A massive ransomware campaign is currently unfolding worldwide,” said Romanian cybersecurity company Bitdefender. He said the malicious program appeared to be nearly identical to GoldenEye, one of a family of rogue programs that has been circulating for months. It’s not clear whether or why the ransomware has suddenly become so much more potent.

The world is still recovering from a previous outbreak of ransomware, called WannaCry or WannaCrypt, which spread rapidly using digital break-in tools originally created by the U.S. National Security Agency and recently leaked to the web.

A message sent to an email address listed on the ransom page in the current outbreak was not immediately returned.
——
Original story, posted 10:00 am EST:

PARIS—Hackers have caused widespread disruption across Europe, hitting Ukraine especially hard.

Company and government officials reported serious intrusions at the Ukrainian power grid, banks and government offices. Russia’s Rosneft oil company also reported falling victim to hacking, as did Danish shipping giant A.P. Moller-Maersk.

“We are talking about a cyberattack,” said Anders Rosendahl, a spokesman for the Copenhagen-based group. “It has affected all branches of our business, at home and abroad.”

Rosendahl didn’t say what had caused the problems. Danish media say Maersk offices in Britain, Panama and Venezuela were affected.

Maersk said on Twitter: “the safety of our customers’ business and our people is our top priority.”

Ukrainian Deputy Prime Minister Pavlo Rozenko on June 27 posted a picture of a darkened computer screen to Twitter, saying that the computer system at the government’s headquarters has been shut down.

There’s very little information about who might be behind the disruption, but technology experts who examined screenshots circulating on social media said it bears the hallmarks of ransomware, the name given to programs that hold data hostage by scrambling it until a payment is made.

The world is still recovering from a previous outbreak of ransomware, called WannaCry or WannaCrypt, which spread rapidly using digital break-in tools originally created by the U.S. National Security Agency and recently leaked to the web.

Jan M. Olsen in Copenhagen, Denmark, contributed to this report.

Stories continue below
Print this page

Related Stories
Canada so far spared from vicious global cyber attack that hit automakers, hospitals
Global accounting firm Deloitte latest corporate hack attack victim
CyberCatch survey reveals 75% of SMBs say they would be able to survive only 3 to 7 days from ransomware attack
The next big attack: WannaCry could be just the beginning