Ukraine’s government, National Bank, its transportation services and largest power companies are bearing the brunt of what appears to be a massive ransomware outbreak that’s fast spreading across the world and hitting a significant number of critical infrastructure providers.
Whispers of WannaCry abound, though some security experts said on Tuesday that a different breed, named Petya, was to blame. “[We’re seeing] several thousands of infection attempts at the moment, comparable in size to WannaCry’s first hours,” said Kaspersky Lab’s Costin Raiu, who added that the infections are occurring in many different countries. Another firm, BitDefender, said it believed a similar strain called GoldenEye was responsible. Later, security firms, including Kaspersky and Avast, said the malware responsible was actually an entirely new ransomware that had borrowed Petya code.
Regardless of the malware, the attacks are now global. Danish shipping and energy company Maersk reported a cyberattack on Tuesday, noting on its website: “We can confirm that Maersk IT systems are down across multiple sites and business units due to a cyberattack.” Russian oil industry giant Rosnoft said it was facing a “powerful hacker attack.” Major British advertiser WPP said on Facebook it was also hit by an attack, while law firm DLA Piper also confirmed it had been targeted by hackers. None of the companies offered specifics on the nature of those hacks.
Attacks on the U.S. pharmaceuticals company Merck extended to its to global offices, sources told Forbes. Both phones and PCs were out of action at Merck’s Ireland offices, and employees were sent home. Merck Sharp & Dohme (MSD), the U.K. subsidiary of Merck, confirmed its network was compromised. “We’re trying to understand the level of impact,” a spokesperson said. “We’re trying to operate as normally as possible.”
Ukraine the main target
The impact initially appeared to be most severe in Ukraine, with very few instances in the U.S., according to Kaspersky. The government organization managing the zone of the Chernobyl disaster fallout saidit had to switch radiation monitoring services on industrial sites to manual as they had to shut down all Windows computers. Automated systems for the rest of the zone operated normally. The main Chernobyl plant website has also been closed.
Other victims included major energy companies such as the state-owned Ukrenergo and Kiev’s main supplier Kyivenergo. Government officials have reportedly sent images of their infected computers, including this from deputy prime minister Pavlo Rozenko, who later said the whole government network was down: