A global wave of cyberattacks that began in Russia and Ukraine on Tuesday wrought havoc on government and corporate computer systems as it spread to Western Europe and across the Atlantic.
Several multinational companies said they were targeted, including US pharmaceutical giant Merck, Russian state oil giant Rosneft, British advertising giant WPP and the French industrial group Saint-Gobain.
The first reports of trouble came from Ukrainian banks, Kiev’s main airport and Rosneft, in a major incident reminiscent of the recent WannaCry virus.
Some IT experts identified the virus as “Petrwrap”, a modified version of the Petya ransomware which hit last year and demanded money from victims in exchange for the return of their data.
But global cybersecurity firm Kaspersky Lab said:
“Our preliminary findings suggest that it is not a variant of Petya ransomware as publically reported, but a new ransomware that has not been seen before,” which it named “NotPetya”.
The cyberattack also recalled a ransomware outbreak last month which hit more than 150 countries and a total of more than 200,000 victims with the WannaCry ransomware.
‘Spreading round the world’
The virus is “spreading around the world, a large number of countries are affected,” Costin Raiu, a researcher at the Moscow-based Kaspersky Lab said in a Twitter post.
In the United States, Merck was hit as was New York law firm of DLA Piper.
“We confirm our company’s computer network was compromised today as part of a global hack. Other organisations have also been affected,” Merck said on Twitter.
“It seems to be done by professionals criminals, and I think money is the motivation,” said Sean Sullivan, a researcher at the Finnish cybersecurity group F-Secure.
He said that unlike the recent WannaCry attack, this “Petrwrap” attack has sophisticated elements that could make it easier to rapidly infect many more systems.
Ukrainian Prime Minister Volodymyr Groysman wrote on Facebook that the attacks in his country were “unprecedented” but insisted that “important systems were not affected.”
However, the radiation monitoring system at Ukraine’s Chernobyl nuclear site has been taken offline after it was targeted in the attack, forcing employees to use hand-held counters to measure levels, officials said Tuesday.
The technological systems were working “as usual” at the plant that exploded in 1986, however.
The attacks started around 2:00 pm Moscow time (1100GMT) and quickly spread to 80 companies in Ukraine and Russia, said cybersecurity company Group IB.
The companies affected were hit by a type of ransomware that locks users out of the computer and demands purchase of a key to reinstate access, Group IB said.
The cryptolocker demands $300 in bitcoins and does not name the encrypting program, which makes finding a solution difficult, Group IB spokesman Evgeny Gukov said.
Ukraine’s central bank said several lenders had been hit in the country, hindering operations and leading the regulator to warn other financial institutions to tighten security measures.
Banks were experiencing “difficulty in servicing customers and performing banking operations” due to the attacks, the bank said in a statement.
Rosneft said earlier that its servers suffered a “powerful” cyberattack but thanks to its backup system “the production and extraction of oil were not stopped.” The wave of cyberattacks also impacted Maersk, a global cargo shipping company; Saint-Gobain, a French company producing glass and other construction materials; and British-based WPP.
In Amsterdam, the Dutch parcel delivery company TNT, which operates in 200 countries around the world,said its systems had been affected. “We are assessing the situation and are implementing remediation steps as quickly as possible,” the company, part of FedEx, said in a statement to AFP.
Signs of sophistication
Experts also said this latest attack could heighten fears that companies may be more vulnerable to cyberattacks than suspected, potentially putting personal data at risk.
“This will undeniably affect trust in these organisations and raise questions of competency,” said Louis Rynsard, a director at the corporate communications agency SBC London.
“The long-lasting impact of a cyberattack cannot be overstated,” he said.
The fight against cyberattacks has sparked exponential growth in global protection spending, with the cyber security market estimated at $120 billion this year, more than 30 times its size just over a decade ago. But even that massive figure looks set to be dwarfed within a few years, experts said, after ransomware attacks crippled computers worldwide in the past week.