Ransomware attack hits property arm of France bank BNP Paribas

APTFilter AVGNews CERT-LatestNews FSecureNews KasperskyNews Malware McAfeeNews Security News SocialEngineering SophosNews SymantecNews ThreatsActivists ThreatsCybercrime ThreatsEconomic ThreatsStrategic TrendMicroNews Uncategorized VulnerabilitiesAdobe VulnerabilitiesAll VulnerabilitiesApple VulnerabilitiesApplications VulnerabilitiesCisco VulnerabilitiesCrypto VulnerabilitiesDBMS VulnerabilitiesFirmware VulnerabilitiesGoogle VulnerabilitiesHardware VulnerabilitiesLinux VulnerabilitiesMicrosoft VulnerabilitiesMozilla VulnerabilitiesNetwork VulnerabilitiesOS VulnerabilitiesVMWare VulnerabilitiesVOIP

A global cyberattack has hit the property arm of France’s biggest bank BNP Paribas, one of the largest financial institutions known to be affected by an extortion campaign that started in Russia and Ukraine before spreading.

The worldwide attack has disrupted computers at Russia’s biggest oil company, Ukrainian banks and multinational firms with a virus similar to the ransomware that infected more than 300,000 computers last month.

Reverberations from the attack continued on Wednesday with shipping giant A.P. Moller-Maersk, which handles one in seven containers shipped worldwide, telling Reuters it is unable to process new orders.

By Wednesday, Moller-Maersk said in a statement it has “shut down a number of systems to help contain the issue,” while several entities including its oil, tankers and drilling activities “are not operationally affected.” 

Among other French companies, retailer Auchan said Tuesday’s cyberattack had hit terminal payments in its stores in Ukraine but the incident was now over.

French construction and building materials group St. Gobain, affected Tuesday by the attack, said its systems were gradually returning to normal.

A BNP spokesperson told Reuters that a person familiar with the matter had said that some of the staff computers of BNP’s real estate subsidiary were blocked on Tuesday.


Many of the companies targeted by the attack had links to Ukraine. (Valentyn Ogirenko/Reuters)

“The necessary measures have been taken to rapidly contain the attack,” he said.

BNP Paribas Real Estate provides advisory, property, and investment management and development services mostly in Europe.

It employed 3,472 staff at end of last year, with operations in 16 countries, and had the equivalent of about $35 billion Cdn in assets under management.

Links to Ukraine

Many companies affected globally by the cyberattack had links to Ukraine, although there is no indication this was the case for BNP, which owns a bank in the country, UkrSibbank.

The ransomware virus includes a code known as Eternal Blue, which cybersecurity experts widely believe was stolen from the U.S. National Security Agency. The virus can spread rapidly if one computer in the network is infected.

Ransomware attacks: the new normal?5:14

The virus crippled computers running Microsoft Corp’s Windows by encrypting hard drives and overwriting files, then demanded $300 in bitcoin payments to restore access.

Earlier this year, following a similar attack, many banks in Europe said they had stepped up efforts to shield themselves.

Authorities including the European Central Bank have also checked their technology systems in recent years.

Some issues under ‘control’

By Wednesday morning, the Ukrainian cabinet said the outburst of malicious software has been contained and the situation now is under “full control.”

Among those hit were top-level government offices, energy companies, banks, cash machines, gas stations and supermarkets.

The cabinet added that “all strategic assets, including those involved in protecting state security, are working normally.”

Ukrainian railways said in a separate statement that the cyberattack caused some disruptions with money transactions, but its operations haven’t been affected.

Meanwhile, Russia’s Rosneft oil company said some of its gas stations were affected, but production operations haven’t been hurt.

The company said Wednesday it’s too early to assess the damage.

The Kremlin said the attack highlights the need for close international co-operation in fighting cybercrime.

Russian President Vladimir Putin’s spokesman, Dmitry Peskov, said the attack “again proves the Russian thesis that such a threat requires cooperation on the global level.”