Updated: 28/06/17 : 06:38:55
Printable Version   Bookmark and Share Share This

national

Global cyber attack hits Irish-based international companies

Widespread disruption has hit organisations across the world in the second major cyber attack to strike in as many months.

Computer systems at a number of Irish offices of international companies are among those infected by the latest cyber attack.

RTÉ reports that the Irish operations of Danish shipping firm Maersk and pharmaceutical company MSD are among those whose IT systems have been disrupted.

A hospital in the US and pharmaceutical company Merck also fell victim, and Cadbury owner Mondelez International said it had experienced a "global IT outage" which it was working to resolve.

Officials reported major disruption to the power grid, banks and government offices in Ukraine, where news of the attack first emerged yesterday.


The latest virus comes just weeks after ransomware - the name given to programmes that hold data hostage by scrambling it until a payment is made - downed systems across the globe.

More than 200,000 victims in around 150 countries were infected by the WannaCry or Wanna Decryptor ransomware, which originated in the UK and Spain last month, before spreading globally.

WPP, the world's biggest advertising business, confirmed it had been hit, while DLA Piper has taken its email system down as a preventative measure.

Russia's Rosneft energy company also reported being hit, as did shipping company AP Moller-Maersk, which said every branch of its business was affected.

Ukrainian deputy prime minister Pavlo Rozenko posted a picture of a darkened computer screen on Twitter, saying the computer system at the government's headquarters had been shut down.

In reference to the attack, the State Agency of Ukraine on Exclusion Zone Management said Chernobyl's radiation monitoring system has been switched to manual and is operating normally.

An email address posted at the bottom of ransom demands was blocked by Berlin-based host Posteo, which said it had contacted German authorities after realising the account was associated with the malware.

The current ransomware is known as GoldenEye, according to Bogdan Botezatu, a senior e-threat analyst at Bitdefender.

Warning not to pay ransom

Victims of the malware are asked to pay a $300 ransom after their hard drive is encrypted, crashing their computer.

Mr Botezatu, who warned against paying any money, said last night that the malware operators received 27 payments totalling almost $7,000 in digital currency in around five hours.

He said: "I would strongly advise against paying the ransom, because this keeps this vicious circle in which hackers get enough money to fuel even more complex malware and this is why ransomware has become so popular in just three years.

"It's a billion-dollar business and the more customers they have, the more advanced the future ransomware attacks will be."

The ransomware is believed to be spreading from one computer to another using the exploit EternalBlue, which was also used in the WannaCry attack.

Mr Botezatu said GoldenEye, a more advanced version of the malware Petya, may have a number of exploits, meaning even those who patched their systems against EternalBlue after the WannaCry attack may still be vulnerable to the latest hack.

He said experts will work on trying to find a flaw in the ransomware in order to create a decryption tool, but there is no guarantee victims will get their information back.

Following last month's WannaCry incident some of the blame was directed at US intelligence agencies the CIA and the National Security Agency (NSA) who were accused of "stockpiling" software code which could be exploited by hackers.