Published: Wed, June 28, 2017
Electronics | By Jesus Weaver

Ad group WPP is still working to resolve Petya attack

Ad group WPP is still working to resolve Petya attack

Ukraine, along with Russian Federation and companies across Europe, was hit Tuesday in a wave of cyberattacks which IT experts identified as a modified version of the Petya ransomware that struck past year.

Ukraine's central bank, Kiev's main airport, the Chernobyl nuclear disaster site, and a string of multinational companies, including USA pharmaceutical giant Merck, Russian state oil giant Rosneft, British advertising giant WPP and French industrial group Saint-Gobain, were among the victims.

The "Petya" cyberattack that has now struck computers in at least 65 countries can be traced to a Ukrainian company's tax accounting software, Microsoft says.

They include big global brands like snack maker Mondelez (MDLZ), British advertising giant WPP (WPPGF) and the real estate division of French bank BNP Paribas. And law firm DLA Piper said it had taken down its systems in response to "a serious global cyber incident".

Tech experts say Petya, the new ransomware cyber attack, has the potential to be more severe than the WannaCry Virus we reported on last month.

"This unsafe combination may be the reason why this outbreak has spread globally and rapidly, even after the previous outbreaks have generated media headlines and hopefully most vulnerabilities have been patched". It demands a $300 ransom in the anonymous digital currency Bitcoin. WannaCry also leveraged the EternalBlue exploit, which was leaked as part of a trove of hacking tools believed to belong to the NSA.

After the WannaCry scourge in May, Microsoft urged users to protect machines with the MS17-010 patch.

Experts also said this latest attack could heighten fears that companies may be more vulnerable to cyberattacks than suspected, potentially putting personal data at risk. "We stand ready to support any requests for assistance". The US was investigating the attack and determined to hold those responsible accountable, it said.

Petya was first discovered in 2016 - it is ransomware that encrypts MFT (Master File Tree) tables and overwrites the MBR (Master Boot Record), dropping a ransom note and leaving victims unable to boot their computer.

There was speculation, however, among some experts that once the new virus had infected one computer it could spread to other machines on the same network, even if those devices had received a security update. Reports said the Kiev metro system stopped accepting payment cards while several chains of petrol stations suspended operations.

Ukraine's vice prime minister, Pavlo Rozenko, tweeted a screenshot of his malfunctioning computer saying computers at the Cabinet of Ministers have been affected.

Shipping giant A.P. Moller-Maersk, which handles one in seven containers shipped worldwide and has a logistics unit in Ukraine, is not able to process new orders after being hit by the attack on Tuesday, it told Reuters. The computers of the company went down, said Australian Manufacturing and Workers Union state secretary John Short. However, the radiation monitoring system at Ukraine's Chernobyl nuclear disaster site was taken offline.

Ransomware victims are always advised not to pay ransom to get their files back because it encourage the attackers.

Like this: