View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
June 27, 2017updated 28 Jun 2017 4:53pm

Chaos in Ukraine as ransomware cyber attack hits airports, banks & government

A massive ransomware campaign is currently unfolding worldwide.

By Ellie Burns

Key services in the Ukraine has been thrown into chaos following a suspected cyber attack on government infrastructure. The country’s national bank, state power company and largest airport are among the targets of the cyber attack, with many security experts identifying a massive ransomware campaign behind the targeted attacks.

Members of the Ukrainian government, including deputy Prime Minister Rozenko Pavlo, have reported that they are unable to access their computers. Shared images on Twitter show affected computers seemingly displaying ransomware and demanding payment of $300 (£235) in Bitcoin to re-gain access to encrypted files. According to early reports, some ransoms are already being paid, with five records paid so far totalling $1443.

The National Bank of Ukraine, meanwhile, has reported that an “unknown virus” was the cause of the attack, stating that several other banks were also affected along with financial firms. At Boryspil International Airport in Kiev, meanwhile, departure boards and computers were also down, with postal services, TV stations and transport also been hit in the attack.

This attack has been likened by many to the WannaCry ransomware attack which hit more than 230,000 computers in 150 countries last month. However, security experts believe that this latest attack is linked to the GoldenEye ransomware family.

Preliminary information from security firm Bitdefender shows that the malware sample responsible for the infection is an almost identical clone of the GoldenEye ransomware family.

“Unlike most ransomware, the new GoldenEye variant has two layers of encryption: one that individually encrypts target files on the computer and another one that encrypts NTFS structures,” explained Bitdefender.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

“This approach prevents victims computers from being booted up in a live OS environment and retrieving stored information or samples.”

“Additionally, after the encryption process is complete, the ransomware has a specialised routine that forcefully crashes the computer to trigger a reboot that renders the computer unusable until the $300 ransom is paid.”

However, other security experts believe that the attack is due to a virus dubbed Petrwrap or Petya, which works similarly to the WannaCry ransomware.

READ MORE: WannaCry is warning for everyone

“It appears to be a new ransomware campaign impacting multiple countries and some major businesses with some manufacturing reportedly stopped,” said Javvad Malik, security advocate at AlienVault.

“The ransomware appears to be a Petya variant that is spreading via EternalBlue, the NSA vulnerability that was leaked by Shadowbrokers and spreads via the SMB1 protocol.”

Cyber security experts are unanimous in the fact that the cyber attack has the potential to spread worldwide.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.