Global cyber attack hits IT systems in Ireland and the UK
- A raft of organisations including big business and government offices in eastern Europe have been hit by a worldwide cyber attack
- Chernobyl monitoring system taken offline due to cyber attack
- Hack may have spread to Ireland with the shipping giant, Maersk affected
- Danish, British and Spanish multinationals have also been hit by the attack
Shipping group Maersk said that its computer systems have failed across multiple regions, including Ireland and the UK.
"We can confirm that Maersk IT systems are down across multiple sites and business units due to a cyber-attack," the Danish shipping group said via Twitter.
We confirm some Maersk IT systems are down. The safety of our customers' business and our people is our top priority. Updates to follow.— Maersk Line (@MaerskLine) June 27, 2017
"We continue to assess the situation. The safety of our employees, our operations and customers' business is our top priority."
A spokesperson for the Copenhagen-headquartered firm confirmed to Independent.ie that the IT systems in its Irish office had been affected.
Ukrainian deputy prime minister Pavlo Rozenko posted a picture of a darkened computer screen on Twitter, saying the computer system at the government's headquarters has been shut down.
Russia's biggest oil company, Ukraine's international airport, WPP, the world’s biggest advertising firm, food company Mondelēz, and pharmaceutical giant Merck are also affected.
There is very little information about who might be behind the Eastern European disruption, but technology experts who examined screenshots circulating on social media said it bears the hallmarks of ransomware, the name given to programmes that hold data hostage by scrambling it until a payment is made.
The latest attack comes just weeks after ransomware downed systems across the globe, including the NHS in the UK.
More than 200,000 victims in around 150 countries were infected by the WannaCry or Wanna Decryptor ransomware, which originated in the UK and Spain last month, before spreading globally.
The current ransomware, the name given to programmes that hold data hostage by scrambling it until a payment is made, is known as GoldenEye or Petya, according to Bogdan Botezatu, a senior e-threat analyst at Bitdefender.
Mr Botezatu said on Tuesday evening that malware operators received 13 payments totalling 3,500 US dollars in digital currency in almost two hours.
He said: "Bitdefender has identified a massive ransomware campaign that is currently unfolding worldwide.
"Preliminary information shows that the malware sample responsible for the infection is an almost identical clone of the GoldenEye ransomware family."
In reference to the attack, the State Agency of Ukraine on Exclusion Zone Management said Chernobyl's radiation monitoring system has been switched to manual and is operating normally.
Experts have raised questions around the suspected exploit, named EternalBlue, which is thought to be being used to spread the ransomware from one computer to another.
The same exploit is said to have been used in the WannaCry attack.
Marco Cova, senior security researcher at anti-malware company Lastline said: "The Petya attack looks very similar in its dynamics and techniques to the WannaCry ransomware that caused large disruption just a few weeks ago.
"In particular, like WannaCry, it seems to rely on the EternalBlue exploit to automatically spread from one machine to another.
"It's still early in the infection lifecycle, but obviously, if it is confirmed that the EternalBlue is the only spreading mechanism, there will be inevitable questions about how organisations could still fall to this attack after all the publicity and support tools (patches, scanning tools, etc.) that were produced as part of the WannaCry response."
The attack has also spread to Spain, with several multi-nationals reporting issues, according to local media.
Global law firm DLA Piper, which has offices in London and other parts of the UK, confirmed it had been affected.
A spokeswoman said: "The firm, like many other reported companies, has experienced issues with some of its systems due to suspected malware.
"We are taking steps to remedy the issue as quickly as possible."
It is understood the company has taken its email system down as a preventative measure.