The Ukrainian government appears to be among the worst hit by a new ransomware virus that struck across Europe on Tuesday (pictured, a supermarket in Kharkov) Read more: http://www.dailymail.co.uk/news/article-4643752/Europe-hit-new-WannaCry-virus.html#ixzz4lGdq1iuH Follow us: @MailOnline on Twitter | DailyMail on Facebook

Cyber attack hits CHERNOBYL radiation system: ‘Goldeneye’ ransomware strikes across the globe, with US drug firm Merck, advertising giants WPP and Ukrainian power grid among victims

Ugyen Dorji General Tags: ,
  • New ransomware attack hit computers around the globe on Tuesday 
  • Ukraine is worst hit so far, with Chernobyl radiation monitoring system affected
  • Country’s deputy leader said all computers are down in ‘unprecedented’ attack
  • Companies in UK, US, France, Norway, Denmark have also confirmed issues  
  • IT experts dubbed new virus GoldenEye and say it is similar to ‘WannaCry’

Hackers have unleashed a major cyber attack causing huge disruption to companies and governments across the globe including in the UK, US and Russia.

The Petya ransomware hijacks victims’ computers before encrypting their files and holding them hostage until a fee is paid.

Chernobyl’s radiation monitoring system has been hit by the attack with its sensors shut down while UK advertising giant WPP, the largest agency in the world, among dozens of firms affected.

The ransomware appears to have been spread through popular accounting software and specifically targeted at bringing down business IT systems.

The outage began in Ukraine as the country’s power grid, airport, national bank and communications firms were first to report problems, before it spread rapidly throughout Europe.

Companies in the US, Germany, Norway, Russia, Denmark and France are among those to have confirmed issues so far.

Users are being shown a message saying their data has been encrypted, with some asking for £300 in anonymous currency Bitcoin to retrieve it (pictured, an ATM in Ukraine)

It comes just weeks after the WannaCry attack which paralysed the NHS and left hundreds of thousands of users around the world unable to access their data.

More than 200,000 victims in 150 countries were infected by that software, which originated in the UK and Spain last month, before spreading globally.

But cyber security experts have warned that this time the virus is much more dangerous because it has no ‘kill switch’ and is designed to spread rapidly though networks.

Marcus Hutchins, who foiled the previous WannaCry attack by discovering a way to stop it from infecting new computers, told MailOnline that even if users pay the fee their files could now be lost forever.

Rozenko Pavlo, the Ukrainian deputy Prime Minister, tweeted this image of his computer screen – saying ‘all computers of the government’ had been affected

He said: ‘The company that hosts the email account which the ransomware asks you to contact has closed the account. There’s no way to get files back.
‘It’s early days – we don’t know if we can find a fix yet. But if it’s decryptable we will find a way.’

Hutchins, 22, continued: ‘Everyone’s looking at this right now and I’m working with other researchers.

‘I was just praying it wasn’t the Wannacry exploit again. Ideally we’ll have to find a way to decrypt the files or else people are not going to get them back.’

The ransomware targets computers using the Windows XP operating system which have not installed the latest security updates released by Microsoft.

Experts fear that could mean major infrastructure such as healthcare systems and power networks using archaic technology will be the worst affected.

One security researcher going by the name BleepingComputer told MailOnline that x-ray machines and other critical medical devices could be deactivated in hospitals, adding: ‘We’re going to see wide-scale damage.’

He continued: ‘The biggest computers that may have an issue are those running old legacy hardware or software systems such as healthcare and control systems for industrial services.

Things like that that are running on archaic operating systems simply because they don’t have the ability to upgrade.

‘There was a power plant infected by this which is really scary because those are the most vulnerable types of systems.’

Russia’s Rosneft oil company and steel firm Evraz, Danish shipping giant A.P. Moller-Maersk, and global law firm DLA Piper confirmed issues, along with French industrial group Saint-Gobain.

What is GoldenEye?

IT experts have dubbed the new virus GoldenEye, and say it appears to be a more-potent version of ransomware that started circulating recently.

GoldenEye is in turn a variant of even older code called Petya, which scrambles files on computer’s hard drive, requiring a code to unlock it.

Petya is particularly effective because, rather than scrambling files one by one, it blocks access to a whole hard drive in one go, analyst hasherezade wrote previously.

Another analyst, Bogdan Botezatu, told ABC that GoldenEye is a ‘worm’-type virus, spreading from machine to machine automatically, with no need for human interaction.

 ‘It’s like somebody sneezing into a train full of people,’ said Botezatu. ‘You just have to exist there and you’re vulnerable.’

Others said GoldenEye appears to be exploiting the same Windows weakness used by WannaCry in order to spread itself rapidly.

Radiation checks at the Chernobyl nuclear disaster site in Ukraine were being carried out manually after the wave of cyber attacks.

A spokesman said: ‘Due to the temporary disconnection of Windows systems, radiation monitoring of the industrial site is being carried out manually.’

Rozenko Pavlo, Ukraine’s deputy Prime Minister, posted an image of his locked computer, saying ‘all computers of the government’ had fallen victim to the virus.

An image he uploaded shows a black screen covered in white text which warns that ‘one of your disks contains errors and needs to be repaired’.

The screen also warns not to turn the computer off otherwise all data will be lost.

He called the attack ‘unprecedented’, though said vital services would not be affected.

Another screen with red text warns that files on the computer have been encrypted and will only be released if a payment of £300 in anonymous online currency Bitcoin is made.

Oleksandr Turchynov, head of Ukraine’s national security council, immediately pointed the finger at Moscow, saying: ‘Already on first analysis it is possible to talk of Russian fingerprints.’

Anders Rosendahl, a spokesman for Copenhagen-based AP Moller-Maersk, said: ‘We are talking about a cyberattack.’

‘It has affected all branches of our business, at home and abroad.’

There’s very little information about who might be behind the disruption, but technology experts who examined screenshots circulating on social media said it bears the hallmarks of ransomware.

Cyber security expert Daniel Gallagher told MailOnline: ‘We are still in the early stages of determining the scope of impact, though there are indications that it is rapidly spreading.

‘I think we will see a different kind of impact, since Wannacry had the side effect of forcing a lot of locations to patch their computers.

‘The areas we will likely see impacted could be some of the worst though.

‘They will be the locations that for some reason or another could not afford to patch in a timely manner.

he virus is similar in nature to the ‘WannaCry’ bug that hit computers around the world last month, and is thought to have originated in North Korea

‘Places that may have industrial controls or other critical infrastructure that can’t easily be taken offline to upgrade.’

Such viruses hold data to ransom, scrambling it until a payment is made, usually requesting virtual currency Bitcoin because it cannot be traced to a user.

The world is still recovering from a previous outbreak of ransomware, called WannaCry or WannaCrypt, which spread rapidly using digital break-in tools originally created by the U.S. National Security Agency and recently leaked to the web.

While experts cannot definitively say where that attack originated, information hidden in the code used to run in pointed to the involvement of North Korea.

 

Source: Dailymail