1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

Multinationals hit in wave of cyberattacks

June 28, 2017

Companies across the world have been hit with a form of malware spreading out of Ukraine. An easy-to-use "vaccine" to the virus has been identified, but experts are still looking for a kill switch against "Petya."

Wiesbaden BKA Vorstellung Lagebericht Cybercrime 2015 PETYA
Image: DW/M. von Hein

Cyberattack spreads to major global companies

A cyberattack that crippled computer systems in Ukraine and Russia spread to companies across the world on Wednesday, as the attack sent European shares to a two-month low. Initially dubbed "Petya" or "GoldenEye," the attacks started on Tuesday around 14:00 Moscow time (11:00 UTC).

Security researchers have identified a way to stop the attack from infecting computers: security news website Bleeping Computer said the creation of a single file can stop the attack in its tracks but won't prevent the ransomware from spreading to other computers.

However, experts have been unable to locate a so-called kill switch that would disable the ransomware attack entirely.

Ukraine hit the hardest

Ukraine reported that it had managed to completely restore its computer networks after the country's central bank said that several domestic lenders - including Ukraine's largest bank Oschadbank - had been hit on Tuesday morning, hindering operations and leading the regulator to warn other financial institutions to tighten security measures. 

The radiation-monitoring facility at Ukraine's shuttered Chernobyl nuclear power plant was also affectedImage: imago/Ukrainian News

Kyiv's main airport, the national power grid, the radiation-monitoring facility at Ukraine's shuttered Chernobyl power plant, and Russian state oil giant Rosneft were also among the first to report being hit by the virus.

More than 60 percent of the victims were in Ukraine, followed by Russia with more than 30 percent, according to initial findings by researchers at the cybersecurity firm Kaspersky Lab. It listed Poland, Italy and Germany, in that order, as the next-worst affected.

Read more: What is ransomware?

Attack spreads across the world

The virus quickly spread to 80 companies in Ukraine and Russia, and the wave was followed by attacks on Danish sea transport company Maersk, British advertising giant WPP and the French industrial group Saint-Gobain. A number of hospitals in the US were also hit.

The real estate unit of France's biggest bank, BNP, was also among those hit by the Petya ransomware, it told news agency Reuters.

"The necessary measures have been taken to rapidly contain the attack," the bank said in a statement, not specifying whether it had given in to the demands of them ransomware.

Mondelez, a company that owns snack makers such as Oreos and Cadbury, reported power outages across its factories, including halting production at a Cadbury factory in Australia late Tuesday. A terminal operated by Danish shipping giant AP Moller-Maersk at Jawaharlal Nehru Port in Mumbai was also affected.

The virus "is spreading around the world, a large number of countries are affected," Costin Raiu, a researcher at the Moscow-based computer security firm Kaspersky Lab told the French news agency AFP.

Ransomware cyberattack threatens organizations worldwide

Ransomware spreading

The attacks on the Russian and Ukrainian companies involved a type of ransomware that locks users out of computers and demands the purchase of a key to reinstate access, cybersecurity company Group IB told AFP. 

The cryptolocker seeks $300 (280 euros) in bitcoin and does not name the encrypting program, which makes finding a solution difficult, Group IB spokesman Evgeny Gukov told AFP. As the ransom amount demanded - was relatively small, the real purpose for the attack remains unknown, with some speculating that it may rather serve the purpose of trying to make a political statement.

There was another similar attack in May when over 150 countries and a total of 200,000 victims were hit by WannaCry ransomware. The vulnerability in Microsoft's Windows software was initially disclosed in documents leaked from the US National Security Agency. 

Microsoft released a security patch for all platforms from Windows XP to Windows 10 (MS17-010) after tens of thousands of users were hit with the WannaCry ransomware. The MS17-010 patch is also believed to protect users from the latest cyberattack.

'Unprecedented' strikes

Ukrainian Prime Minister Volodymyr Groysman wrote on Facebook that the attacks in his country were "unprecedented." He added that important systems had not been not affected.

Rosneft said its servers had suffered a "powerful" cyberattack but thanks to its backup system "the production and extraction of oil were not stopped."

"To protect our data we have isolated our systems," Saint-Gobain told AFP.

A Maersk representative told AFP that company systems are "down across all business units due to a virus."

The fight against cyberattacks has sparked exponential growth in global protection spending, with the cyber security market estimated at $120 billion this year, more than 30 times its size just over a decade ago.

Rob Wainwright, executive director of Europol, the European Union's law enforcement agency, wrote on Twitter that "we are urgently responding to reports of another major ransomware attack on businesses in Europe."

Meanwhile, in France, prosecutors and the police's cybercrime division opened an investigation into the case, probing fraudulent access to databases and extortion.

ss,aw,/sms (AFP, dpa, AP, Reuters)