On Tuesday hackers launched blistering ransomware attacks against companies and agencies the world over, with a strong target on businesses registered in Ukraine.
British advertising agency WPP, Russian oil and gas giant Rosneft and the Danish shipping company Maersk have all confirmed been targeted.
WPP shared on Twitter:
IT systems in several WPP companies have been affected by a suspected cyber attack. We are taking appropriate measures & will update asap.
— WPP (@WPP) June 27, 2017
Maersk followed with a statement saying:
“(our tech systems) are down across multiple sites and business units due to a cyber attack."
The America- based pharmaceutical company Merck also confirmed being a victim of this latest attack on their Twitter account:
We confirm our company's computer network was compromised today as part of global hack. Other organizations have also been affected (1 of 2)
— Merck (@Merck) June 27, 2017
Mondelez, Oreos’, Cadbury and other American snack brands popular the world over, reported a computer outage across its global operations under a cloud of confusion. The law firm DLA Piper said it had suspended its systems in response to "a serious global cyber incident."
2017 seems to be seeing an unprecedented amount of targeted cyber attacks as the world edges closer to the coveted Internet of Things. Just last month in May, the planet was in the grips of a potentially disastrous malware attack in WannaCry that left a lot of people’s wallets empty. This attack, however, couldn’t be any more different. Both attacks require a payment in Bitcoin to retrieve personal information, and both use a similar flaw to spread through networks. Cybersecurity firm Group-IB estimated yesterday that the virus affected just under 80 Russian and Ukrainian companies.
This malware works by locking an infected computer, demanding a US$300 ransom in Bitcoins from the user in order to give them access once again.
There are multiple reports of the similarity of this particular ransomware to a variant of Petya, a notorious ransomware among the cyber security fraternity. Kaspersky Lab, however, seems to have deduced from their preliminary findings that the attacks originate from a new ransomware it's now dubbed "ExPetr."
The attacks that were then identified by the public on Tuesday, also use a Windows flaw called EternalBlue to spread through corporate networks. A subsequent investigation into WannaCry showed that it was leaked as part of a trove of NSA-owned hacking apparatus. Microsoft swiftly issued patches for the exploits in March available for download by its million of users. According to the software giant, WannaCry was using multiple techniques to spread, including one that was addressed by the security patch released in March, but an investigation is still well underway.
It is continuing to investigate in a joint attempt with the United States Homeland Security and continental law enforcement agency, Europol.
"The DHS is coordinating with our international and domestic cyber partners. We stand ready to support any requests for assistance."
DHS Spokesman Scott McConnell
Thus far, the biggest victims of this attack have been Ukrainian companies and government agencies, including the postal service and Kiev metro system, with a strong focus on the financial firms’ customer service operations prompting a warning from the country’s central bank. According to security firm Cisco Talos and Ukrainian officials, the ransomware initially infected Medoc, a piece of Ukrainian accounting software which then sent an infected file to customers. It spread to other computers on companies' networks by leveraging software holes. Craig Williams of Cisco Talos has claimed that this ransomware was much more advanced than WannaCry.
Deputy Prime Minister, Pavlo Rozenko seems to have been a victim as well. He tweeted a screenshot of his malfunctioning computer saying computers at the Cabinet of Ministers had been affected as well.
Та-дам! Секретаріат КМУ по ходу теж "обвалили". Мережа лежить. pic.twitter.com/B74jMsT0qs
— Rozenko Pavlo (@RozenkoPavlo) June 27, 2017
Chernobyl nuclear power plant was also hit by the cyber attack releasing a statement that their website is down as a direct result of the the cyber attack plaguing the country. They’ve had to disconnect all Microsoft Windows systems temporarily and manually conduct radiation monitoring in the area of the industrial site.
While the best way to mitigate these attacks is to always update your operating system, and backup data, people’s reluctance to practice due diligence, combined with the overwhelming number of people that pay the ransom only encourages these thieves to continue.
What do you think? Are we fighting a war we are completely ill-equipped for? Share your thoughts in the comments section below. Thank you for visiting Base64!