Advertising giant WPP’s shares are down after a major ransomware attack that’s spreading fast (WPP)

APTFilter AVGNews CERT-LatestNews FSecureNews KasperskyNews Malware McAfeeNews Security News SocialEngineering SophosNews SymantecNews ThreatsActivists ThreatsCybercrime ThreatsEconomic ThreatsStrategic TrendMicroNews Uncategorized VulnerabilitiesAdobe VulnerabilitiesAll VulnerabilitiesApple VulnerabilitiesApplications VulnerabilitiesCisco VulnerabilitiesCrypto VulnerabilitiesDBMS VulnerabilitiesFirmware VulnerabilitiesGoogle VulnerabilitiesHardware VulnerabilitiesLinux VulnerabilitiesMicrosoft VulnerabilitiesMozilla VulnerabilitiesNetwork VulnerabilitiesOS VulnerabilitiesVMWare VulnerabilitiesVOIP
Ukraine ransomwareValentyn Ogirenko

A massive cyberattack is spreading around the world right now, with companies telling employees to go home as their machines are hit by malicious software.

Some of the attacks look similar to the WannaCry outbreak, which spread to 99 countries and caused chaos.

Here are the companies and organisations impacted by the new outbreak so far:

  • Advertising giant WPP
  • Government departments in Ukraine
  • Dutch logistics firm Maersk
  • Kiev airport
  • Russian oil firm Rosneft
  • Mondelez, the confectionary firm which owns Cadbury, has also reported IT issues
  • The Madrid office of law firm DLA Piper
  • US pharmaceutical firm Merck
  • There’s an early report suggesting the Ukrainian nuclear plant Chernobyl has “switched to manual” radiation monitoring due to the attack

Ukraine first reported that a cyberattack was impacting banks, government departments, and other institutions.

The website for Boryspil International Airport in Kiev is not currently reporting arrivals or departures. Ukraine’s central bank said in a statement that it had warned banks and other financial institutions about “an external hacker attack”, and that some were experiencing “difficulty” in day-to-day operations. 

And the country’s deputy prime minister Pavlo Rozenko also said ministers had been affected by an attack.

Other companies around the world reported ransomware attacks

Employees of other companies, such as ad holding group WPP, around the world began posting pictures on Twitter of computer screens with the message that their files had been encrypted, and that they would need to hand over $300 (£234) in Bitcoin to decrypt them.

The message begins: “Oops! Your important files are encrypted.” 

It then goes on to tell the user that they can’t decrypt their files without sending Bitcoin to the hackers. The message gives a Bitcoin wallet address, and asks the user for their own wallet address and key.

WPP confirmed it was under attack in a tweet. Its share price began to fall as news of the attack emerged and was down 1.2% at the time of writing. 

The company wrote: “IT systems in several WPP companies have been affected by a suspected cyber attack. We are taking appropriate measures & will update asap.”

Maersk also confirmed it was under attack in a tweet. 

Russian oil firm Rosneft said it had been hit by a “powerful” cyber attack. 

And confectionary firm Mondelez reported that it had tech problems, though it’s unclear whether this is related to the attack.

Merck also confirmed it had been “compromised” in a “global hack.”

People have paid £2,000 to hackers so far

At least some of the attacks take the form of ransomware, malicious software which encrypts your files, then asks for payment in exchange for decrypting them.

An analyst for security firm Kaspersky identified the ransomware as Petrwrap, or Petya. Security firm Avira added that Petya makes use of an exploit that may have been developed by the NSA, called Eternal Blue, also used in WannaCry.

While most security researchers agree it’s a bad idea to pay hackers, some people obviously haven’t paid attention.

The Bitcoin address listed on the ransomware demand currently holds around 1.2 Bitcoins, or around £2,000 at the time of writing.