Thursday 20 July 2017

Global cyber attack hits IT systems in Ireland and the UK

  • A raft of organisations including big business and government offices in eastern Europe have been hit by a worldwide cyber attack
  • Chernobyl monitoring system taken offline due to cyber attack
  • Hack may have spread to Ireland with the shipping giant, Maersk affected
  • Danish, British and Spanish multinationals have also been hit by the attack
This file photograph taken on August 30, 2010, shows containers from the Danish sea transport company Maersk stacked at the North port terminal in Bremerhaven, northern Germany. / AFP PHOTO / PATRIK STOLLARZPATRIK STOLLARZ/AFP/Getty Images
This file photograph taken on August 30, 2010, shows containers from the Danish sea transport company Maersk stacked at the North port terminal in Bremerhaven, northern Germany. / AFP PHOTO / PATRIK STOLLARZPATRIK STOLLARZ/AFP/Getty Images
The website homepage of British advertising giant WPP is pictured on a computer laptop screen in this arranged photograph taken in London on June 27, 2017. AFP PHOTO / Benjamin FATHERSBENJAMIN FATHERS/AFP/Getty Images
A message demanding money is seen on a monitor of a payment terminal at a branch of Ukraine's state-owned bank Oschadbank after Ukrainian institutions were hit by a wave of cyber attacks earlier in the day, in Kiev, Ukraine, June 27, 2017. REUTERS/Valentyn Ogirenko
An employee sits next to a payment terminal out of order at a branch of Ukraine's state-owned bank Oschadbank after Ukrainian institutions were hit by a wave of cyber attacks earlier in the day, in Kiev, Ukraine, June 27, 2017. REUTERS/Valentyn Ogirenko
The world's biggest advertising business said a number of its companies had been affected and it was currently "assessing the situation".

Ben Woods and Adrian Weckler

Shipping group Maersk said that its computer systems have failed across multiple regions, including Ireland and the UK.

"We can confirm that Maersk IT systems are down across multiple sites and business units due to a cyber-attack," the Danish shipping group said via Twitter.

"We continue to assess the situation. The safety of our employees, our operations and customers' business is our top priority."

A spokesperson for the Copenhagen-headquartered firm confirmed to Independent.ie that the IT systems in its Irish office had been affected.

Ukrainian deputy prime minister Pavlo Rozenko posted a picture of a darkened computer screen on Twitter, saying the computer system at the government's headquarters has been shut down.

Russia's biggest oil company, Ukraine's international airport, WPP, the world’s biggest advertising firm, food company Mondelēz, and pharmaceutical giant Merck are also affected.

An employee sits next to a payment terminal out of order at a branch of Ukraine's state-owned bank Oschadbank after Ukrainian institutions were hit by a wave of cyber attacks earlier in the day, in Kiev, Ukraine, June 27, 2017. REUTERS/Valentyn Ogirenko
An employee sits next to a payment terminal out of order at a branch of Ukraine's state-owned bank Oschadbank after Ukrainian institutions were hit by a wave of cyber attacks earlier in the day, in Kiev, Ukraine, June 27, 2017. REUTERS/Valentyn Ogirenko

There is very little information about who might be behind the Eastern European disruption, but technology experts who examined screenshots circulating on social media said it bears the hallmarks of ransomware, the name given to programmes that hold data hostage by scrambling it until a payment is made.

The latest attack comes just weeks after ransomware downed systems across the globe, including the NHS in the UK.

More than 200,000 victims in around 150 countries were infected by the WannaCry or Wanna Decryptor ransomware, which originated in the UK and Spain last month, before spreading globally.

The current ransomware, the name given to programmes that hold data hostage by scrambling it until a payment is made, is known as GoldenEye or Petya, according to Bogdan Botezatu, a senior e-threat analyst at Bitdefender.

Mr Botezatu said on Tuesday evening that malware operators received 13 payments totalling 3,500 US dollars in digital currency in almost two hours.

He said: "Bitdefender has identified a massive ransomware campaign that is currently unfolding worldwide.

The website homepage of British advertising giant WPP is pictured on a computer laptop screen in this arranged photograph taken in London on June 27, 2017. AFP PHOTO / Benjamin FATHERSBENJAMIN FATHERS/AFP/Getty Images
The website homepage of British advertising giant WPP is pictured on a computer laptop screen in this arranged photograph taken in London on June 27, 2017. AFP PHOTO / Benjamin FATHERSBENJAMIN FATHERS/AFP/Getty Images

"Preliminary information shows that the malware sample responsible for the infection is an almost identical clone of the GoldenEye ransomware family."

In reference to the attack, the State Agency of Ukraine on Exclusion Zone Management said Chernobyl's radiation monitoring system has been switched to manual and is operating normally.

Experts have raised questions around the suspected exploit, named EternalBlue, which is thought to be being used to spread the ransomware from one computer to another.

The same exploit is said to have been used in the WannaCry attack.

Marco Cova, senior security researcher at anti-malware company Lastline said: "The Petya attack looks very similar in its dynamics and techniques to the WannaCry ransomware that caused large disruption just a few weeks ago.

"In particular, like WannaCry, it seems to rely on the EternalBlue exploit to automatically spread from one machine to another.

"It's still early in the infection lifecycle, but obviously, if it is confirmed that the EternalBlue is the only spreading mechanism, there will be inevitable questions about how organisations could still fall to this attack after all the publicity and support tools (patches, scanning tools, etc.) that were produced as part of the WannaCry response."

The attack has also spread to Spain, with several multi-nationals reporting issues, according to local media.

Global law firm DLA Piper, which has offices in London and other parts of the UK, confirmed it had been affected.

A spokeswoman said: "The firm, like many other reported companies, has experienced issues with some of its systems due to suspected malware.

"We are taking steps to remedy the issue as quickly as possible."

It is understood the company has taken its email system down as a preventative measure.

Press Association

Promoted articles

Also in Business