Massive cyberattack hits Europe with widespread ransom demands

CERT-LatestNews Malware Security News SocialEngineering ThreatsActivists ThreatsCybercrime ThreatsEconomic ThreatsStrategic

Moscow: A new wave of powerful cyberattacks hit Europe on Tuesday in a possible reprise of a widespread ransomware assault in May that affected 150 countries, as Ukraine reported ransom demands targeting the government and key infrastructure, and the Danish Maersk conglomerate said many of its systems were down.

The Russian oil giant Rosneft was also hit, as was the British advertising and marketing multinational WPP. Norway’s National Security Authority said an “international company” there was affected.

Ukraine was first to report Tuesday's widespread cyberattacks (file image). Ukraine was first to report Tuesday’s widespread cyberattacks (file image). Photo: Bloomberg

Ukraine first reported Tuesday’s cyberattacks, saying they targeted government ministries, banks, utilities and other important infrastructure and companies nationwide, airport departure tables and demanding ransoms from government employees in the cryptocurrency bitcoin.

By midafternoon, breaches had been reported at computers governing the municipal energy company and airport in Ukraine’s capital, Kiev, the state telecommunications company Ukrtelecom, the Ukrainian postal service and the State Savings Bank of Ukraine.

Shipping company AP Moller-Maersk said every branch of its business was affected by the hack. Shipping company AP Moller-Maersk said every branch of its business was affected by the hack. Photo: Ap

Ukrainian Deputy Prime Minister Pavlo Rozenko on Tuesday tweeted a picture of a computer screen warning in English that “one of your disks contains errors,” then adding in all capital letters: “DO NOT TURN OFF YOUR PC! IF YOU ABORT THIS PROCESS, YOU COULD DESTROY ALL YOUR DATA!”

“Ta-Dam!” he wrote. “It seems the computers at the Cabinet of Ministers of Ukraine have been ‘knocked out.’ The network is down.” Other shots of computer screens attributed to government officials showed demands for a “ransom” of $300 in bitcoins to release data encrypted by the virus.

Ukraine’s National Bank said in a statement that an “unknown virus” has caused banks “difficulties in serving clients and carrying out banking operations.”

The hack’s scale and the use of ransomware quickly recalled the massive May cyberattack in which hackers likely linked to North Korea disabled computers in dozens of nations, including Ukraine, using a flaw that was once incorporated by the National Security Agency’s surveillance tool kit.

Whatever its source, the virus appeared to be spreading on Tuesday. Maersk, a Danish transport and energy conglomerate, announced that “Maersk IT systems are down across multiple sites and business units due to a cyber attack.”

Separately, the Russian oil giant Rosneft announced that its servers has been hit by a “powerful hacking attack,” which knocked the company’s website offline on Tuesday afternoon.

Apparently referring to a conflict over a regional oil producer with the Russian conglomerate Sistema, owned by oligarch Yevgeny Yevtushenkov, Rosneft’s statement added: “We hope that this has nothing to do with the current court proceedings.” There was no information immediately available tying the alleged attack to the Ukrainian hack.

Washington Post