Key services in the Ukraine has been thrown into chaos following a suspected cyber attack on government infrastructure. The country’s national bank, state power company and largest airport are among the targets of the cyber attack, with many security experts identifying a massive ransomware campaign behind the targeted attacks.
Members of the Ukrainian government, including deputy Prime Minister Rozenko Pavlo, have reported that they are unable to access their computers. Shared images on Twitter show affected computers seemingly displaying ransomware and demanding payment of $300 (£235) in Bitcoin to re-gain access to encrypted files. According to early reports, some ransoms are already being paid, with five records paid so far totalling $1443.
The National Bank of Ukraine, meanwhile, has reported that an “unknown virus” was the cause of the attack, stating that several other banks were also affected along with financial firms. At Boryspil International Airport in Kiev, meanwhile, departure boards and computers were also down, with postal services, TV stations and transport also been hit in the attack.
This attack has been likened by many to the WannaCry ransomware attack which hit more than 230,000 computers in 150 countries last month. However, security experts believe that this latest attack is linked to the GoldenEye ransomware family.
Preliminary information from security firm Bitdefender shows that the malware sample responsible for the infection is an almost identical clone of the GoldenEye ransomware family.
“Unlike most ransomware, the new GoldenEye variant has two layers of encryption: one that individually encrypts target files on the computer and another one that encrypts NTFS structures,” explained Bitdefender.
“This approach prevents victims computers from being booted up in a live OS environment and retrieving stored information or samples.”
“Additionally, after the encryption process is complete, the ransomware has a specialised routine that forcefully crashes the computer to trigger a reboot that renders the computer unusable until the $300 ransom is paid.”
However, other security experts believe that the attack is due to a virus dubbed Petrwrap or Petya, which works similarly to the WannaCry ransomware.
“It appears to be a new ransomware campaign impacting multiple countries and some major businesses with some manufacturing reportedly stopped,” said Javvad Malik, security advocate at AlienVault.
“The ransomware appears to be a Petya variant that is spreading via EternalBlue, the NSA vulnerability that was leaked by Shadowbrokers and spreads via the SMB1 protocol.”
Cyber security experts are unanimous in the fact that the cyber attack has the potential to spread worldwide.
This article is from the CBROnline archive: some formatting and images may not be present.