Ukraine’s government has been hit by a huge cyberattack, along with several banks, energy firms, an airport, and the country’s Metro network.
Ukrainian state-run aircraft manufacturer Antonov and state power distributor Ukrenergo were hit by the attack. Furthermore, the National Bank of Ukraine said an “unknown virus” hit their servers, saying several unnamed Ukrainian banks were affected. Oschadbank, one of Ukraine’s largest state-owned lenders, said some of its services had been affected by a “hacking attack”, however, they were able to guarantee that their customer’s data was safe.
The virus has also hit Russian companies Rosneft, Bashneft, Mars and Nivea. Massive Danish business conglomerate Maersk also confirmed they were hit by the attack.
A number of Ukrainian banks and companies, including the state power distributor, were hit by a cyber attack on Tuesday that disrupted some operations, the Ukrainian central bank said.
The latest disruptions follow a spate of hacking attempts on state websites in late-2016 and repeated attacks on Ukraine’s power grid that prompted security chiefs to call for improved cyber defenses. The central bank said an “unknown virus” was to blame for the latest attacks, but did not give further details or say which banks and firms had been affected.
Oschadbank, one of Ukraine’s largest state-owned lenders, said some of its services had been affected by a “hacking attack” but guaranteed that customer data was safe. Ukrainian state power distributor Ukrenergo said its IT system had been hit by a cyber attack, but the disruption had no impact on power supplies or its broader operations.
Rozenko Pavlo, Ukraine’s Deputy Prime Minister, tweeted an image of the virus, saying he and other members of the cabinet were unable to access their computers.
Та-дам! Секретаріат КМУ по ходу теж "обвалили". Мережа лежить. pic.twitter.com/B74jMsT0qs
— Rozenko Pavlo (@RozenkoPavlo) June 27, 2017
What Is Petya Ransomware?
“Petya is different from the other popular ransomware these days. Instead of encrypting files one by one, it denies access to the full system by attacking low-level structures on the disk. This ransomware’s authors have not only created their own boot loader but also a tiny kernel, which is 32 sectors long.
Petya’s dropper writes the malicious code at the beginning of the disk. The affected system’s master boot record (MBR) is overwritten by the custom boot loader that loads a tiny malicious kernel. Then, this kernel proceeds with further encryption. Petya’s ransom note states that it encrypts the full disk, but this is not true. Instead, it encrypts the master file table (MFT) so that the file system is not readable.”