Ransomware attack targets 2,000 gov't, private servers worldwide

By Ed Adamczyk and Doug G. Ware  |  June 27, 2017 at 3:37 PM
share with facebook
share with twitter

June 27 (UPI) -- Another ransomware cyberattack, similar to one launched a month ago, targeted thousands of government and private corporate servers on Tuesday, European authorities said.

Officials said the attack impacted government, bank, energy and infrastructure providers in Ukraine, Russia, Britain and elsewhere. Some U.S. companies, including food producer Mondelēz International and drug-maker Merck, were also affected.

"We confirm our company's computer network was compromised today as part of global hack," Merck tweeted.

Mondelēz said it experienced "a global IT outage."

Ukrainian energy companies Ukrenergo and Kyivenergo were among other companies hit. The National Bank said an "unknown virus" had spread through its computers, and Ukraine Deputy Prime Minister Pavlo Rozenko said his computer, like others in the Ukrainian government, became inaccessible.

Ukrainian Prime Minister Volodymyr Groysman called the ransomware campaign "unprecedented," but said "vital systems haven't been affected."

The ransomware authorities believe may have been used in Tuesday's attack is called Petya. Russian security software firm Kaspersky said about 2,000 computers were affected -- far fewer than the cyberattack last month that targeted 300,000. Kaspersky said a new ransomware variant may have been used Tuesday.

"We are aware of a developing ransomware attack & liaising w/ cyberunits in EU & key industry partners to establish full nature of this attack," European law enforcement agency Europol said in a tweet Tuesday.

Dutch shipping and energy company Maersk similarly reported a cyberattack Tuesday, as did Russia's Rosnoft bank. Maersk said its sites were down across "multiple sites and businesses due to a cyberattack;" Rosnoft said it faced a "powerful hacker attack."

Eugene Dykhne, director of Kiev's Boryspil Airport, said in a Facebook entry Tuesday that "the official site of the airport and the flight schedules are not working." Kiev Metro, the city's bus and train provider, said it could not accept bank card payments at its terminals.

Ransomware attacks involve malicious software that targets and blocks a user's computer data and effectively holds it hostage until money is paid for its release.

Some computers displayed an English-language message demanding a Bitcoin ransom of $300, Forbes reported Tuesday, an action similar to that of the "WannaCry" virus cyberattack last month. U.S. authorities believe that virus originated in North Korea.

"The criminals behind this attack are asking for $300 in Bitcoins to deliver the key that decrypts the ransomed data, payable to a unified Bitcoin account," Kaspersky said in a news update late Tuesday afternoon, noting that the culprits asked victims to send electronic payment via email. "At the time of writing, the Bitcoin wallet has accrued 24 transactions totaling 2.54 bitcoin or just under $6,000."

It is unclear if the attacks on computers Tuesday, spreading across Europe but centered on Ukraine, are a single organized effort by hackers, or if several distinct attacks took place.

The incidents occurred as a Ukrainian military intelligence official, Col. Maxim Shapoval, was killed by a car bomb as he drove through Kiev. Officials referred to it as a terrorist act, the BBC reported.

Related UPI Stories
Topics: North Korea
Trending Stories