Maersk, Rosneft hit by cyberattack
A ransomware cyberattack named Petya, or NOTPetya according to Kaspersky Labs, has hit organizations around the globe, including the Ukraine government, Denmark’s Maersk Group, and the Russian oil company Rosneft.
According to several news reports screens around the world are receiving a ransomware message, informing the owners their files were encrypted, and seeking $300 worth of Bitcoin in exchange for the decryption key.
In an update on Wednesday morning Maersk, a company specializing in shipping and oil and gas exploration and production, said it was forced to shut down a number of systems to contain the issue.
“We can confirm that Maersk has been hit as part of a global cyber-attack named Petya on the 27 June 2017. IT systems are down across multiple sites and select business units. We have contained the issue and are working on a technical recovery plan with key IT-partners and global cyber security agencies.”
“We have shut down a number of systems to help contain the issue. At this point our entities Maersk Oil, Maersk Drilling, Maersk Supply Services, Maersk Tankers, Maersk Training, Svitzer and MCI are not operationally affected. Precautionary measures have been taken to ensure continued operations.”
“Maersk Line vessels are maneuverable, able to communicate and crews are safe. APM Terminals is impacted in a number of ports. Damco has limited access to certain systems.
We continue to assess and manage the situation to minimize the impact on our operations, customers and partners from the current situation.”
Reuters has reported that several other organizations have been hit, including the Russian oil giant Rosneft, and some Russian banks.
Rosneft production not affected
Rosneft has tweeted saying: “A massive hacker attack has hit the servers of the company. We hope it has no relation to the ongoing court procedures.”
Through several subsequent tweets, Rosneft said on Tuesday that company had contacted the law enforcement authorities regarding the cyberattack.
Additionally, Rosneft said:”The cyber attack could lead to serious consequences, however, due to the fact that the Company has switched to a reserve control system neither oil production nor preparation processes were stopped.
On Wednesday afternoon, Rosneft tweeted:”The large scale hacker attack has not affected the company production processes. There are particular issues, that are resolved promptly. The company works as usual. The situation is under control. It is premature to evaluate the cyber attack impact.”
Malwarebytes Lab, an antivirus company, describes Petya as different from the other popular ransomware these days.
“Instead of encrypting files one by one, it denies access to the full system by attacking low-level structures on the disk. This ransomware’s authors have not only created their own boot loader but also a tiny kernel, which is 32 sectors long.”
However, Kaspersky Labs, another famous antvirus company, thinks this latest ransomware is something new, never seen before.
“Kaspersky Lab’s analysts are investigating the new wave of ransomware attacks targeting organizations across the world. Our preliminary findings suggest that it is not a variant of Petya ransomware as publically reported, but a new ransomware that has not been seen before. That is why we have named it NotPetya.
In an update on Tuesday, Kaspersky Labs said: “The company’s telemetry data indicates around 2,000 attacked users so far. Organizations in Russia and the Ukraine are the most affected, and we have also registered hits in Poland, Italy, the UK, Germany, France, the US and several other countries. This appears to be a complex attack which involves several attack vectors. We can confirm that a modified EtcrnalBlue exploit is used for propagation at least within the corporate network.
The latest from @kaspersky researchers on #Petya: it’s actually #NotPetya pic.twitter.com/uTVBUul8Yt
— Kaspersky Lab (@kaspersky) June 27, 2017
Researcher’s tactic for #Petya/#NotPetya: cut power to halt the reboot that initiates final encryption, so files can be rescued off-disk/box https://t.co/cDWrqWRnRj
— Edward Snowden (@Snowden) June 27, 2017
Offshore Energy Today Staff