Widespread Cyberattack Hits Major European Companies

A widespread cyberattack rippled across Europe on Tuesday and disrupted the computer systems of banks and major companies in Ukraine, Russia, Britain and elsewhere — mirroring a crippling ransomware assault a month ago.

Merck & Co., a U.S. pharmaceutical company, tweeted that its computer network “was compromised … as part of the global hack.” U.S.-based food giant Mondel?z International also reported a “global IT outage.”

The attack is being linked to ransomware known as Petya, which was previously advertised for sale on top-tier Russian criminal forums, according to research from New York City-based Flashpoint, a business risk intelligence firm.

“Initial reports indicate the outbreak is mainly in Ukraine and Russia, but there are other companies impacted outside of those countries,” Flashpoint said, adding that the initial means of infection remained unknown but that it had spread similarly to that of the worldwide “WannaCry” malware attack that affected about 300,000 computers in May.

Video Will Begin In…

March 16: Hackers Want to Told Your Data for Ransom: Here’s How to Stop Them3:53

Other security firms also said Petya or a modification of it was involved, although Kaspersky Lab, a Russian security software company, said its preliminary findings suggested that new ransomware may be the culprit. About 2,000 systems have been affected, said Kaspersky, which dubbed the exploit “NotPetya.”

Europol, the European law enforcement agency, tweeted that it was aware of the ransomware threat and was working with various cyber units to determine the “full nature of this attack.”

The German email provider Posteo told NBC News that it was able to cut off access to the email address provided in the ransom note before the problem became widely known. As a likely result, only about 30 ransom payments had been attempted by late Tuesday afternoon — not all of them successfully — totaling about US$7,600, according to the address’ public account record.

The downside is that anyone who tries to pay can’t get their files decrypted because the hackers have no way to communicate with victims to provide the decryption key.

Ukrainian Prime Minister Volodymyr Groysman said that the scale of the ransomware campaign on his country was “unprecedented” but that “vital systems haven’t been affected.”

Related: Ransomware: Now a Billion-Dollar-a-Year Crime and Growing

The National Bank of Ukraine warned financial institutions and related firms that they may experience difficulties in their operations. The bank said it was “confident” that the country’s banking infrastructure was “securely protected from cyberattacks and any attempts to perform hacker attacks will be efficiently warded off.”

The government’s computer network went down, as well, and Ukraine’s deputy prime minister, Pavlo Rozenko, posted a picture on Twitter of a computer screen with an error message.

Image: Payment demand
A message demanding money on a monitor of a payment terminal at Ukraine’s state-owned bank, Oschadbank, after Ukrainian institutions were hit by a wave of cyber attacks Tuesday. Valentyn Ogirenko / Reuters

A message on a cash machine for Ukraine’s state-owned bank Oschadbank demanded $300 worth of Bitcoin — and taunted victims not to “waste your time” looking for another fix.

“If you see this text, then your files are no longer accessible, because they have been encrypted,” the message read in English, according to an image taken by a Reuters photographer in Kiev. “Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our encryption service.”

The message then went on to say how to pay the ransom in Bitcoin.

Image: Kiev skyline at night
Kiev’s skyline. Robert Wallis / Corbis via Getty Images file

The number of companies and agencies reportedly affected Tuesday was piling up quickly as the electronic rampage appeared to be snowballing into a real-world crisis.

The cyberattack affected operations at the Chernobyl nuclear site in Ukraine, forcing some radiation checks to be carried out manually at the facility, which famously exploded in 1986.

Meanwhile, Britain’s WPP, the world’s biggest advertising agency, said it had been hit by a cyberattack.

In Germany, the postal and logistics company Deutsche Post said systems of its Express division in the Ukraine had been disrupted.

The global shipping company A.P. Moller-Maersk in Copenhagen, Denmark, said it had suffered a computer system outage also caused by a cyberattack.

The latest interruptions follow the WannaCry malware attack that affected about 150 countries last month. In that case, computer users inadvertently downloaded malicious software via email known as the Wanna Decryptor, or WannaCry, locking the system and requiring a ransom be paid to hackers who could reopen it.

WannaCry was halted from spreading when a 22-year-old British security researcher named Marcus Hutchins created a so-called kill-switch that experts hailed as the decisive step in slowing its progress.

Those malware attacks are especially hazardous because they can infect an entire network connected to the computer.

As of Tuesday, more than $120,000 in ransom had been paid by computer users affected by WannaCry, according to the security company Elliptic.

Payments were also being made as part of this latest ransomware attack, but any organization that heeded strongly worded warnings in recent months from Microsoft Corp. to install a security patch and take other protective measures appeared to be safeguarded.

Related: ‘WannaCry’ Malware Attack Could Just Be Getting Started: Experts

Russia’s Rosneft, one of the world’s biggest producers of crude oil by volume, said the company narrowly avoided a major crisis.

“The hacking attack could have led to serious consequences but neither the oil production nor the processing has been affected thanks to the fact that the company has switched to a reserve control system,” the company said.

The Russian metals giant Evraz said its IT systems had been affected, as well, Russia’s RIA news agency reported.

In Ukraine, Yevhen Dykhne, director of Boryspil International Airport, east of Kiev, said it had been hit by a cyberattack.

“In connection with the irregular situation, some flight delays are possible,” Dykhne said on Facebook. 

Contact Info