This Wednesday, May 20, 2015 photo shows server banks inside a data center at AEP headquarters in Columbus, Ohio. Like most big utilities, AEP's power plants, substations and other vital equipment are managed by a network that is separated from the company's business software with layers of authentication, and is not accessible via the Internet. Creating that separation, and making sure that separation is maintained, is among the most important things utilities can do to protect the grid's physical assets. (AP Photo/John Minchillo) (AP)

Ransomware attack spreads across Europe, Russia and U.S.

The ransomware attack spread quickly across the globe, and even affected radiation monitoring at Chernobyl


Charlie May
June 27, 2017 11:13PM (UTC)

Computer systems across the globe were hit with a massive ransomware attack on Tuesday, extending from Russia to the U.S., which had similarities to an international cyber attack in May that impacted tens of thousands of computers, according to the New York Times.

The Ukrainian government said that "several of its ministries, radiation monitoring at the Chernobyl nuclear facility, local banks and metro systems had been affected," the Times reported. Danish shipping-giant Maersk, Russian energy company Rosneft, French construction materials company Saint-Gobain and British advertising agency WPP also claimed to have been targeted.

Advertisement:

U.S. Big Pharma company Merck and multinational law firm DLA Piper "confirmed that its global computer networks had been hit," according to the Times.

It is not yet known who is responsible for the cyber-attack; indeed, the perpetrators of May 2017's WannaCry attacks have not been found yet, either. "We are urgently responding to reports of another major ransomware attack on businesses in Europe,” Rob Wainwright, executive director of Europe's police agency Europol, tweeted.

Ransomware attacks lock users out of their system and force them to pay a ransom fee to unlock their computers and files. Tuesday's ransomware attack gave victims this message on their screen: "Oops, your important files have been encrypted. If you see this text then your files are no longer accessible because they have been encrypted. Perhaps you are busy looking to recover your files but don’t waste your time."

Cybersecurity researchers believe this attack may be a variation of a ransomware strain called Petya. As the New York Times reported today:

One researcher from the Moscow-based cybersecurity firm Kaspersky Lab reported the new ransomware was a strain of Petya first identified in March 2016. Kaspersky found evidence that the latest strain had been created on June 18, suggesting it has been hitting victims for more than a week. But Kaspersky also said it was still investigating the attack and that it could be a new type of ransomware that has never been seen before.

According to Kaspersky, roughly 2,000 computers had been infected. The Times reported that Symantec, a Silicon Valley cybersecurity firm, confirmed one of the exploits used was known as "Eternal Blue" — leaked last April by the Shadow Brokers "who have previously released hacking tools used by the National Security Agency," according to the Times.

Advertisement:

Notable whistleblower Edward Snowden pointed out on Twitter that the NSA had "kept open the hole" for nearly five years, without notifying Microsoft. The NSA-linked tools appear to have been used in both Tuesday's attack, as well as the attack in May.

 


Charlie May

Charlie May is a news writer at Salon. You can find him on Twitter at @charliejmay

MORE FROM Charlie May

Related Topics ------------------------------------------

Chernobyl Cyber Attacks External Blue Maersk National Security Agency Nsa Ransomware Wannacry




BROWSE SALON.COM
COMPLETELY AD FREE,
FOR THE NEXT HOUR

Read Now, Pay Later - no upfront
registration for 1-Hour Access

Click Here
7-Day Access and Monthly
Subscriptions also available
No tracking or personal data collection
beyond name and email address

•••


Fearless journalism
in your inbox every day

Sign up for our free newsletter

• • •