New wave of ransomware attacks leaves black screens
HACKERS have caused widespread chaos on government and business computers starting in Russia and Ukraine and quickly spreading around the globe.
In an infection reminiscent of last month's WannaCry attack, the virus is sweeping Russia, England and India, but Ukraine seems to have been hit hardest with its Central Bank, local transport and Kiev's Boryspil Airport all affected.
The source of the attacks was not immediately clear.
However a researcher for Kaspersky Lab identified the virus as Petrwrap, a strain of the Petya ransomware identified by the firm in March. One recovered sample was compiled on June 18, suggesting the virus has been infecting machines for some time.
Several multinational companies said they were targeted, including US pharmaceutical giant Merck, Russian state oil giant Rosneft, British advertising giant WPP and the French industrial group Saint-Gobain.
Robin Dargue, WPP's group chief information officer, has notified agencies that a number of companies within the group have been hit with a ransomware virus.
Danish shipping company Maersk said systems were down across multiple sites.
The British National Cyber Security Centre said it was "aware of the global ransomware incident" and is "monitoring the situation closely".
"There have been indications of late that Petya is in circulation again, exploiting the SMB (Server Message Block) vulnerability," the Swiss Reporting and Analysis Centre for Information Assurance (MELANI) said in an email.
Ukraine's prime minister says that a cyberattack affecting his country is "unprecedented," but "vital systems haven't been affected."
However, the radiation monitoring system at Ukraine's Chernobyl nuclear site has been taken offline after it was targeted in the attack, forcing employees to use hand-held counters to measure levels, officials said.
The technological systems were working "as usual" at the plant that exploded in 1986, however.
The attacks started around 2pm Moscow time (9pm AEST) and quickly spread to 80 companies in Ukraine and Russia, said cybersecurity company Group IB.
The companies affected were hit by a type of ransomware that locks users out of the computer and demands purchase of a key to reinstate access, Group IB said.
The cryptolocker demands $300 in bitcoins and does not name the encrypting program, which makes finding a solution difficult, Group IB spokesman Evgeny Gukov said.
Ukraine Prime Minister Volodymyr Groysman said on Facebook that "our IT experts are doing their job and protecting critical infrastructure ... The attack will be repelled and the perpetrators will be tracked down."
Ukrainian Deputy Prime Minister Pavlo Rozenko posted a picture of a darkened computer screen to Twitter, saying that the computer system at the government's headquarters has been shut down.
There's very little information about who might be behind the disruption, but technology experts who examined screenshots circulating on social media said it bears the hallmarks of ransomware, the name given to programs that hold data hostage by scrambling it until a payment is made.
The scale and use of ransomware has similarities to last month's cyber attack, which some experts linked to North Korea.
This hit dozens of countries and used a flaw that was once incorporated inside the National Security Agency's surveillance tool kit.
The world is still recovering from last month's WannaCry or WannaCrypt virus, which brought the UK'S NHS to its knees.