View all newsletters
Receive our newsletter – data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
June 27, 2017updated 28 Jun 2017 4:53pm

Chaos in Ukraine as ransomware cyber attack hits airports, banks & government

A massive ransomware campaign is currently unfolding worldwide.

By Ellie Burns

Key services in the Ukraine has been thrown into chaos following a suspected cyber attack on government infrastructure. The country’s national bank, state power company and largest airport are among the targets of the cyber attack, with many security experts identifying a massive ransomware campaign behind the targeted attacks.

Members of the Ukrainian government, including deputy Prime Minister Rozenko Pavlo, have reported that they are unable to access their computers. Shared images on Twitter show affected computers seemingly displaying ransomware and demanding payment of $300 (£235) in Bitcoin to re-gain access to encrypted files. According to early reports, some ransoms are already being paid, with five records paid so far totalling $1443.

The National Bank of Ukraine, meanwhile, has reported that an “unknown virus” was the cause of the attack, stating that several other banks were also affected along with financial firms. At Boryspil International Airport in Kiev, meanwhile, departure boards and computers were also down, with postal services, TV stations and transport also been hit in the attack.

This attack has been likened by many to the WannaCry ransomware attack which hit more than 230,000 computers in 150 countries last month. However, security experts believe that this latest attack is linked to the GoldenEye ransomware family.

Preliminary information from security firm Bitdefender shows that the malware sample responsible for the infection is an almost identical clone of the GoldenEye ransomware family.

“Unlike most ransomware, the new GoldenEye variant has two layers of encryption: one that individually encrypts target files on the computer and another one that encrypts NTFS structures,” explained Bitdefender.

Content from our partners
Webinar - Top 3 Ways to Build Security into DevOps
Tech sector is making progress on diversity, but advances must accelerate
How to bolster finance functions and leverage tech to future-proof operational capabilities

“This approach prevents victims computers from being booted up in a live OS environment and retrieving stored information or samples.”

“Additionally, after the encryption process is complete, the ransomware has a specialised routine that forcefully crashes the computer to trigger a reboot that renders the computer unusable until the $300 ransom is paid.”

However, other security experts believe that the attack is due to a virus dubbed Petrwrap or Petya, which works similarly to the WannaCry ransomware.

READ MORE: WannaCry is warning for everyone

“It appears to be a new ransomware campaign impacting multiple countries and some major businesses with some manufacturing reportedly stopped,” said Javvad Malik, security advocate at AlienVault.

“The ransomware appears to be a Petya variant that is spreading via EternalBlue, the NSA vulnerability that was leaked by Shadowbrokers and spreads via the SMB1 protocol.”

Cyber security experts are unanimous in the fact that the cyber attack has the potential to spread worldwide.

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU