Another Massive Ransomware Outbreak Has Battered Ukraine And Is Spreading Fast

Ukraine’s government, National Bank and biggest power companies all warned of cyberattacks Tuesday. Airports and metro services in the country were also reportedly affected, though it appears they’re victims of another massive ransomware outbreak that’s spreading across the world fast and hitting a significant number of critical infrastructure providers.Whispers of WannaCry abound, though security experts said a different breed, named Petya, is to blame. “[We’re seeing] several thousands of infection attempts at the moment, comparable in size to Wannacry’s first hours,” said Kaspersky Lab’s Costin Raiu. “We are seeing infections from many different countries.”This morning saw major Danish transport and energy company Maersk report a cyber attack, noting on its website: “We can confirm that Maersk IT systems are down across multiple sites and business units due to a cyber attack.” And Russian oil industry giant Rosnoft said it was facing a “powerful hacker attack.” Neither said what kind of attack they were under.The impact currently appears to be most severe in Ukraine, including major energy companies such as the state-owned Ukrenergo and Kiev’s main supplier Kyivenergo. Government officials have reportedly sent images of their infected computers, including this from deputy prime minister Pavlo Rozenko:

A Ukrenergo spokesperson told Forbes  power systems were unaffected, adding: “On June 27, a part of Ukrenergo’s computer network was cyberattacked. Similarly, as it is already known with the media, networks and other companies, including the energy sector, were attacked.Our specialists take all the necessary measures for the complete restoration of the computer system, including the official [website].” The site remains down at the time of publication.The National Bank blamed an “unknown virus” as the culprit, hitting several Ukrainian banks and some commercial enterprises. “As a result of cyber attacks, these banks have difficulties with customer service and banking operations,” a statement on the organization’s website read.The deputy general director of Kiev’s Borispol Airport, Eugene Dykhne, said in a Facebook post: “Our IT services are working together to resolve the situation. There may be delays in flights due to the situation… The official Site of the airport and the flight schedules are not working.”

Kiev Metro, meanwhile, said today in a Twitter alert that it wasn’t able to accept bank card payments as a result of a ransomware infection.It’s currently unclear whether the attacks are purely ransomware, or if myriad attacks are currently hitting various parts of Ukraine. Attacks on Ukraine’s power grid in 2015 and 2016 were believed to have been perpetrated by Russia, though the country denies all cyberattacks on foreign soil.Though ransomware is typically used by cybercriminals, with WannaCry it was alleged a nation state was likely responsible for spreading the malware: North Korea. Cyber intelligence companies and the NSA believe with medium confidence that the nation used leaked NSA cyber weapons to carry out the attacks that took out hospitals in the U.K and infected hundreds of thousands of others.