Updated 12:48 pm, Tuesday, June 27, 2017
Photo: Thomas Borberg, AP
NEW YORK (AP) — The Latest on a widespread cyberattack that is affecting companies and government systems (all times local):
The head of a top Ukranian cybersecurity firm says it’s too early to say if his country was singled out as the prime target but that its institutions, long a target of Russian hackers, may have been compromised through attrition.
Victor Zhora, CEO of Infosafe IT in Kiev, says he believes the ransomware, which attacks Microsoft operating systems from Windows XP to Windows 10, was previously seeded and time-activated.
“It seems the virus is spreading all over Europe and I’m afraid it can harm the whole world,” he said. Zhora’s firm did triage on a well-coordinated attack blamed on pro-Russian hackers that tried to thwart the country’s May 2014 election.
Zhora said the current ransomware, which propagates across networks, demands $300 in Bitcoin. He says it’s too early for official confirmation of the targets in Ukraine but local media are reporting ATMs and some gasoline distribution to filling stations have been affected.
Cyberattacks blamed on pro-Russia hackers have twice taken down sizeable portions of Ukraine’s power grid.
Security experts say Tuesday’s cyberattack shares something in common with last month’s WannaCry attack: Both spread by using digital break-in tools purportedly created by the U.S. National Security Agency and recently leaked to the web.
Security vendors Bitdefender Labs and Kaspersky Labs say the NSA exploit, known as EternalBlue, is allowing the malware to spread inside an organization’s network. Other than that, the latest malware is different from WannaCry.
Organizations should be protected if they had installed a fix that Microsoft issued in March.
But Chris Wysopal, chief technology officer at the security firm Veracode, says that’s only the case if 100 percent of computers were patched. He says that if one computer gets infected, the new malware has a backup mechanism to spread to patched computers within the network as well.
Wysopal says the attack seems to be hitting large industrial companies that “typically have a hard time patching all of their machines because so many systems simply cannot have down time.”
Organizations hit include the Russian oil company Rosneft and the Danish oil and shipping company AP Moller-Maersk.
A hospital and health care system based in western Pennsylvania says it is dealing with a widespread cyberattack.
A spokeswoman for Heritage Valley Health System says the attack Tuesday is affecting the organization’s entire health system and employees are working to ensure safe patient care continues.
Heritage Valley is a $480 million network that provides care for residents of Allegheny, Beaver, Butler and Lawrence counties, in Pennsylvania; parts of eastern Ohio; and the panhandle of West Virginia.
It wasn’t immediately clear if the cyberattack was related to the outbreak of malicious data-scrambling software that appears to be causing mass disruption across Europe Tuesday.
Also affected is New Jersey-based Merck, the second-largest drugmaker in the United States with extensive operations in the Philadelphia area.
Merck confirmed its computer network was “compromised” as part of the global attack.
(Previously datelined KIEV, Ukraine)
The second-largest drugmaker in the United States is confirming it’s been affected by a cyberattack.
In a message sent using its verified Twitter account, Merck confirmed Tuesday that its computer network was “compromised” as part of a global attack.
Officials said the Kenilworth, New Jersey-based company was investigating the incident but provided no further details.
Merck has global locations including in Ukraine, where a new and highly virulent outbreak of malicious data-scrambling software causing mass disruption across Europe appeared to be hitting especially hard.
Company and government officials reported serious intrusions at the Ukrainian power grid, banks and government offices, where one senior official posted a photo of a darkened computer screen and the words, “the whole network is down.”
Dutch-based transport company TNT Express, which was taken over last year by FedEx, also said Tuesday that it is suffering computer disruptions. Spokesman Cyrille Gibot says that “like many other companies and institutions around the world, we are experiencing interference with some of our systems within the TNT network. We are assessing the situation and are implementing remediation steps as quickly as possible and we regret any inconvenience to our customers.” He declined further comment.
Ukraine’s prime minister says that a cyberattack affecting his country is “unprecedented,” but “vital systems haven’t been affected.”
A new and highly virulent outbreak of malicious data-scrambling software appears to be causing mass disruption across Europe, hitting Ukraine especially hard.
Prime Minister Volodymyr Groysman also said on Facebook that “our IT experts are doing their job and protecting critical infrastructure … The attack will be repelled and the perpetrators will be tracked down.”
Company and government officials reported serious intrusions at the Ukrainian power grid, banks and government offices, where one senior official posted a photo of a darkened computer screen and the words, “the whole network is down.” Russia’s Rosneft oil company also reported falling victim to hacking, as did Danish shipping giant A.P. Moller-Maersk.
Hackers have caused widespread disruption across Europe, hitting Ukraine especially hard.
Company and government officials reported major disruption to the Ukrainian power grid, banks and government offices. Russia’s Rosneft energy company also reported falling victim to hacking, as did shipping company A.P. Moller-Maersk, which said every branch of its business was affected.
Ukrainian Deputy Prime Minister Pavlo Rozenko on Tuesday posted a picture of a darkened computer screen to Twitter, saying that the computer system at the government’s headquarters has been shut down.
There’s very little information about who might be behind the disruption, but technology experts who examined screenshots circulating on social media said it bears the hallmarks of ransomware, the name given to programs that hold data hostage by scrambling it until a payment is made.