Many firms hit by global cyber-attacks

"Firms around the globe are reporting that they have been hit by a major cyber-attack.

British advertising agency WPP is among dozens of firms reporting problems.

Ukrainian firms, including the state power distributor and Kiev's main airport were among the first to report issues.

Some experts are suggesting that it could be a ransomware attack, similar to Wannacry which hit last month.

Others reporting problems include the Ukrainian central bank, the aircraft manufacturer Antonov, and two postal services.

Russian oil producer Rosneft and Danish shipping company Maersk also say they face disruption, including its offices in the UK and Ireland.

"We can confirm that Maersk IT systems are down across multiple sites and business units due to a cyber-attack," the Copenhagen-headquartered firm said via Twitter.

"We continue to assess the situation. The safety of our employees, our operations and customers' business is our top priority."

Spanish media reports that the offices of large multinationals such as food giant Mondelez and legal firm DLA Piper have suffered attacks.

And French construction materials company St Gobain has said that it is also fallen victim.

Some are speculating that it is a similar ransomware assault to the massive global Wannacry virus, which hit in May"

Quote from BBC news site^^^^^^^^^^^^^^^^^^^^^^^


http://www.bbc.co.uk/news/technology-40416611

 

I thought you were kidding when you posted this in the wannacry thread. But I did a search and you were not kidding. This live webcast is saying it is Petra Ransomware. www.youtube.com/watch?v=087QOUSnFzg

 

A security expert says it seems to be using a similar attack to wannacry that has been morphed.

 

Sounds like it has hit the power grid too. Is this the results of the wannacry surveillance?
Did wannacry take out the airport last time? Seems like it did this time.

 

Bloomberg reporting 200,000 firms have been hit in 150 countries:

https://www.bloomberg.com/news/videos/2017-06-27/cyberattack-hits-more-than-200-000-companies-video

 

"...Kasperky Labs research Costin Raiu has identified as Petrwrap, a strain of the Petya ransomware identified by the firm in June..."

https://www.siliconrepublic.com/enterprise/wannacry-attack-ransomware-russia-europe

 

"Chornobyl NPP switches to manual radiation monitoring over cyber attack..."

http://en.interfax.com.ua/news/economic/432062.html

 

? "The new ransomware has been identified as GoldenEye by Bitdefender" ?

Bitdefender has identified a massive ransomware campaign that is currently unfolding worldwide. Preliminary information shows that the malware sample responsible for the infection is an almost identical clone of the GoldenEye ransomware family. At the time of writing this there is no information about propagation vector but we presume it to be carried by a wormable component.

Unlike most ramsonware, the new GoldenEye variant has two layers of encryption: one that individually encrypts target files on the computer and another one that encrypts NTFS structures. This approach prevents victims computers from being booted up in a live OS environment and retreiving stored information or samples.
Just like Petya, GoldenEye encrypts the the entire hard disk drive and denies the user access to the computer. However, unlike Petya, there is no workaround to help victims retrieve the decryption keys from the computer.

Additionally, after the encryption process is complete, the ransomware has a specialized routine that forcefully crashes the computer to trigger a reboot that renders the computer unusable until the $300 ransom is paid..."

https://labs.bitdefender.com/2017/06/massive-goldeneye-ransomware-campaign-slams-worldwide-users/

 

Container Terminals in one of the biggest harbours (ports) in the world are infected: APM Terminals in Rotterdam (Netherlands), Maersk seems to be confirming.
Dutch site https://www.security.nl/posting/521411/Containerterminals Rotterdam getroffen door ransomware

 

"...Researchers found that the GoldenEye ransomware has the same code for EternalBlue, the NSA exploit used to spread WannaCry."

https://www.cnet.com/news/unprecedented-cyberattack-hits-businesses-across-europe/

 

Chornobyl nuclear power plant has switched to manual radiation monitoring of site b/c cyberattack, says Exclusion Zone agency press service.

 

I hope its something other than wannacry, wannacry has been cried to death on this site

 

How the seed was planted.

FWIW:

It is being reported that The MP, Ukrainian Ministry of Internal Affairs, Anton Gerashchenko has stated on his Facebook page [written in Ukranian -- translated in link] that the "malware" was contained in letters sent to Ukranian commercial enterprises and governement officials during June. The letters are said to have been written in Russian and Ukranian. It is reported that Gerashchenko further stated that the letters were masked as business letters and the inexperienced users opened them.

http://112.international/society/cy...was-prepared-at-least-during-month-18283.html

 

The Ukranian Government is displaytng a positive attitude: ["Zip-a-dee-doo-dah, zip-a-dee-ay....."]

From the English-language government-controlled @Ukraine twitter account:

https://twitter.com/Ukraine/status/879706437169147906/photo/1

 

Supermarket in Ukraine

http://i.imgur.com/lHYEekO.jpg

 

"'Petya' cyber attack spreads to US pharma giant Merck...

One of the largest pharmaceutical companies in the world has been hit by a global ransomwear [sic] attack, the company says.

'We confirm our company's computer network was compromised today as part of global hack,' US pharmaceutical company Merck &Co tweeted. 'Other organizations have also been affected. We are investigating the matter and will provide additional information as we learn more.'.."

http://www.independent.co.uk/news/w...ower-wpp-ad-agency-wannacry-nhs-a7810906.html

"...Merck has global locations including in Ukraine,..."

http://hosted.ap.org/dynamic/storie...ME&TEMPLATE=DEFAULT&CTIME=2017-06-27-12-10-46

 

The demand is only $300!

 

Symantec and Bitdefender confirmthe Peyta variant is using the EternalBlue Exploit to spread.

https://www.v3.co.uk/v3-uk/news/301...ttack-using-nsa-eternalblue-exploit-to-spread

https://labs.bitdefender.com/2017/06/massive-goldeneye-ransomware-campaign-slams-worldwide-users/

 

It's not about the money.

That is clear given the nature of the establishments targetted and the puny ransome.

Some say it's only a test. Hold on to your hats and your back-up generators.

"Ukraine is a test bed for global cyberattacks that will target major infrastructure..."

http://www.techrepublic.com/article...ttacks-that-will-target-major-infrastructure/

 

This twitter guy seems to know his stuff...

https://twitter.com/0x09AL?lang=en

 

The real worry is this stuff getting into nations defence systems.

 

Yes but it doesn't have to go that far -- social chaos and unrest would be enough -- think a "wired EMP-like attack."

 

"GoldenEye /Petya operators have ...received 13 payments in almost two hours. That is $3.5K USD worth in digital currency..."

https://labs.bitdefender.com/2017/06/massive-goldeneye-ransomware-campaign-slams-worldwide-users/

 

Yes. He/that site is well known.

He's givng good advice on this one for sure.

 

"Cyberattack against major companies appears to be 'vandalism,' says ex-FBI agent..."

http://www.cnbc.com/2017/06/27/cyberattack-appears-to-be-vandalism-ex-fbi-agent.html