A new cyberattack similar to WannaCry is
spreading from Europe to the U.S., hitting port operators in New York and
Rotterdam, disrupting government systems in Kiev, and disabling operations at
companies including Rosneft PJSC and advertiser WPP Plc., says Bloomberg.
More than 80 companies in Russia and
Ukraine — and the Chernobyl nuclear plant — were initially affected by the
Petya virus that disabled computers Tuesday and told users to pay $300 in
cryptocurrency to unlock them. Telecommunications operators and retailers were
also affected and the virus is spreading in a similar way to the WannaCry
attack in May, Moscow-based cybersecurity company Group-IB said.
Rob Wainwright, executive director at
Europol, said the agency is “urgently responding” to reports of the new cyber
attack. In a separate statement, Europol said it’s in talks with “member states
and key industry partners to establish the full nature of this attack at this
Kremlin-controlled Rosneft, Russia’s
largest crude producer said in a statement that it avoided “serious consequences”
from the “hacker attack” by switching to “a backup system for managing
U.K. media company WPP’s website is
down, and employees have been told to turn off their computers and not use
WiFi, according to a person familiar with the matter. Sea Containers, the
London building that houses WPP and agencies including Ogilvy & Mather, has
been shut down, another person said. “IT systems in several WPP companies have
been affected,” the company said in emailed statement.
The hack has quickly spread from Russia
and the Ukraine, through Europe and into the U.S. A.P. Moller-Maersk, operator
of the world’s largest container line, said its customers can’t use online booking tools
and its internal systems are down. The attack is affecting multiple sites and units,
which include a major port operator and an oil and gas producer, spokeswoman
Concepcion Boo Arias said by phone.
APM Terminals, owned by Maersk, is
experiencing system issues at multiple terminals, including the Port of New
York and New Jersey, the largest port on the U.S. East Coast, and Rotterdam in
The Netherlands, Europe’s largest harbor. APM Terminals at the Port of New York
and New Jersey will be closed for the rest of the day “due to the extent of the
system impact,” the Port said.
Cie de Saint-Gobain, a French
manufacturer, said its systems had also been infected, though a spokeswoman
declined to elaborate, and the French national railway system, the SNCF, was
also affected, according to Le Parisien. Mondelez International Inc. said it
was also experiencing a global IT outage and was looking into the cause. Merck
& Co. Inc., based in Kenilworth, New Jersey, reported that its computer network
was compromised due to the hack.
The strikes follow the global ransomware
assault involving the WannaCry virus that affected hundreds of thousands of
computers in more than 150 countries as extortionists demanded $300 in bitcoin
from victims. Ransomware attacks have been soaring and the number of such
incidents increased by 50 percent in 2016, according to Verizon Communications
Analysts at Symantec Corp., have said
the new virus, called Petya, uses an exploit called EternalBlue to spread, much
like WannaCry. EternalBlue works on vulnerabilities in Microsoft Corp.’s
Windows operating system.
The new virus has a fake Microsoft
digital signature appended to it and the attack is spreading to many countries,
Costin Raiu, director of the global research and analysis team at Moscow-based
Kaspersky Lab, said on Twitter.
The attack has hit Ukraine particularly
hard. The intrusion is “the biggest in Ukraine’s history,” Anton Gerashchenko,
an aide to the Interior Ministry, wrote on Facebook. The goal was “the
destabilization of the economic situation and in the civic consciousness of
Ukraine,” though it was “disguised as an extortion attempt,” he said.
Kyivenergo, a Ukrainian utility,
switched off all computers after the hack, while another power company,
Ukrenergo, was also affected, though “not seriously,” the Interfax news service
Ukrainian delivery network Nova Poshta
halted service to clients after its network was infected, the company said on
Facebook. Ukraine’s Central Bank warned on its website that several banks had
been targeted by hackers.