Irish offices hit as new cyber attack brings global turmoil

An employee sits next to a hacked payment terminal at a branch of Ukraine’s state-owned bank Oschadbank. Picture: Reuters

Adrian Weckler

A new global cyber attack has struck a number of Irish offices as thousands of computers were infected worldwide.

Computers at advertising group WPP, which runs PR and marketing divisions in Dublin, were taken offline while IT systems at the Irish office of the worldwide shipping company Maersk have also been affected.

A large pharmaceutical company here is also understood to have been hit by the computer malware, which is manifesting in the form of ransomware.

A number of Irish computer users have reported demands for up to €300 in Bitcoin to unlock their infected PCs.

Across the world, the cyber attack has taken out servers and PCs, hitting Eastern Europe worst. Russia's biggest oil company has been affected, as well as operations at Ukrainian banks and power utilities.

The Chernobyl nuclear power plant has been forced to check radiation levels manually after its Windows-based sensors were shut down.

Cyber security experts said those behind the attack appeared to have exploited the same type of hacking tool used in the WannaCry ransomware attack that infected hundreds of thousands of Windows computers in May before a British researcher created a kill-switch.

"It's like WannaCry all over again," said Mikko Hypponen, chief research officer with Helsinki-based cyber security firm F-Secure.

However, security experts here say the infection has not yet spread into public sector bodies such as hospitals or schools, as the previous WannaCry ransomware attack did.

"In Ireland, it seems mainly to have affected networks of global organisations," said Conor Flynn, managing director of Dublin-based Information Security Assurance Services.

"To my knowledge, it hasn't yet gotten into government departments or other public organisations."

Mr Flynn said companies that patched their systems during the WannaCry ransomware outbreak in April and May were in a strong position to fend off any attack from the new malware.

However, victims of the new attack were quick to post photos of their infected PC screens.

"If you see this text, then your files are no longer accessible, because they have been encrypted," read the text on one such infected screen from Ukrainian media firm Channel 24.

Read More:

"Perhaps you are busy looking for a way to recover your files, but don't waste your time. Nobody can recover your files without our decryption service."

The same message appeared on computers at Maersk offices in Rotterdam and at businesses affected in Norway.

Other companies that said they had been hit by a cyber attack included Russian oil producer Rosneft, French construction materials firm Saint Gobain as well as the world's biggest advertising agency, WPP, which has offices in Dublin.

Mr Flynn said the malware could be released through infected emails.

"Sometimes the email will claim to be a CV for a job ad," he said. "If opened, it can get a foothold on your machine and then tries to spread to other machines."

Cyber security firms scrambled to understand the scope and impact of the attacks, seeking to confirm suspicions hackers had leveraged the same type of hacking tool exploited by WannaCry, and to identify ways to stop the onslaught. Experts said the latest ransomware attacks, dubbed GoldenEye, were a variant of an existing ransomware family called Petya.

It uses two layers of encryption which have frustrated efforts by researchers to break the code.

Dublin Information Sec 2017, Ireland’s cyber security conference, addresses the critically important issues that threaten businesses in the information age. Tickets for the event at the RDS in Dublin can be booked here.