Home Security Huge ransomware attack hits Europe and spreads

Huge ransomware attack hits Europe and spreads

Another big Windows ransomware attack has hit Europe and is spreading to other parts of the world, with security firms yet to reach consensus on the causative agent.

While some anti-virus companies say it may be a new strain of the Petya ransomware, others are not so sure.

Among the big names to be hit were the US pharmaceutical company Merck, Russia's state oil company Rosneft, the shipping conglomerate Maersk and the UK-based advertising and public relations firm WPP.

Also badly hit were the banking, electric and gas sectors in Ukraine, with the malware spreading to the UK, Denmark and Spain.

The Russian security firm Global-IB said in Ukraine, large banks and enterprises, namely, Oschadbank, Ukrgasbank, Pivdenny Bank, OTP Bank, TASKombank, The Epicenter chain store, Kovalska industrial and construction group, three major Ukrainian telecom operators, Kyivstar, LifeCell, Ukrtelecom, were among those affected.

Ransomware.

The notice appearing on Windows computers that were hit by ransomware overnight.

State enterprises Ukrtelecom, Ukrzaliznytsia, Ukrposhta, Kievvodokanal, and state-run aircraft manufacturer Antonov all had also been attacked, it said, adding that The Boryspil international airport, Kiev subway, computer networks of the cabinet and the website of the Ukrainian government were also hit.

Researchers from Cisco said early reports of an email vector could not be confirmed. "Based on observed in-the-wild behaviours, the lack of a known, viable external spreading mechanism and other research we believe it is possible that some infections may be associated with software update systems for a Ukrainian tax accounting package called MeDoc. This appears to have been confirmed by MeDoc."

They said that there appeared to be three vectors once a device was infected: EternalBlue – the same exploit used by WannaCry; PsExec – a legitimate Windows administration tool; and WMI – Windows Management Instrumentation, a legitimate Windows component.

Another security firm, Trend Micro, said it believed the ransomware was using both the EternalBlue exploit — which was used by WannaCry — and the PsExec tool as infection vectors.

The PsExec tool is a light-weight replacement for telnet that lets a user execute processes on other systems.

The Trend Micro researchers advised: "Users and organisations are thus advised to perform the following mitigation steps immediately in order to prevent and avoid infection:

  • "Apply the security patch MS17-010;
  • "Disable TCP port 445;
  • "Restrict accounts with administrator group access."

Microsoft issued a patch for the vulnerability that was taken advantage of by EternalBlue, an exploit created by the NSA and leaked online in April by a group known as Shadow Brokers.

Graphics: courtesy Kaspersky Lab.

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

RECOVERING FROM RANSOMWARE

Ransomware is a type of malware that blocks access to your files and systems until you pay a ransom.

The first example of ransomware happened on September 5, 2013, when Cryptolocker was unleashed.

It quickly affected many systems with hackers requiring users to pay money for the decryption keys.

Find out how one company used backup and cloud storage software to protect their company’s PCs and recovered all of their systems after a ransomware strike.

DOWNLOAD THE REPORT!

Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.

 

Popular News

 

Telecommunications