Global cyber attack hits UK firms as WPP reports hack

A massive cyber attack which has hit a number of institutions in Ukraine appears to be spreading across Europe.

Several firms, banks and government offices in Ukraine began to report attacks earlier today caused by ransomware named “Petya”.

London-based advertising giant WPP has reported problems with its IT systems caused by a “suspected cyber attack”, as did Danish shipping group Maersk, Cadbury’s owner Mondelez and a number of Russian businesses.

IT systems in several WPP companies have been affected by a suspected cyber attack. We are taking appropriate measures & will update asap.

— WPP (@WPP) June 27, 2017

WPP’s share price plummeted 20p following the news, although it has gradually begun to rise again.

The Petya ransomware

“The Petya ransomware seems to be spreading using EternalBlue exploit just like WannaCry. Because the WannaCry kill switch worked, the pain stopped and many organisations did not complete patching their Windows,” said Chris Wysopal, co-founder of cybersecurity firm Veracode.

Read more: WannaCry ransomware cyber attack: A final warning for banks and fintech

Josh Zelonis, senior analyst at research institute Forrester, added: “This ransomware strain is exploiting two vulnerabilities that were patched by Microsoft in March, one of which is the same EternalBlue exploit that was leveraged by WannaCry.

“While some organisations may have situations where they are unable to patch, that excuse doesn’t scale when you get a worm causing damage on this level.”

​However, other experts have said there are key differences between the new Petya ransomware and the WannaCry attack, which affected several UK organisations including the NHS.

“We had an early warning shot last month as WannaCry spread like wildfire globally. However, in actual terms, it inflicted relatively little damage,” said Graeme Newman, chief innovation officer at cyber insurance firm CFC Underwriting.

“Petya seems to be different. This new breed of ransomware looks much more dangerous, already causing chaos for businesses around the world and early indications suggest that this could cost organisations ten times more than WannaCry.

“In terms of its global impact, we’re already seeing claims coming in from the US and are bracing ourselves for claims from other countries in the next few hours.”

Today’s crisis is also an indication that the threat level is increasing.

“This latest attack reminds us of two crucial facts regarding the current state of cyber security: that attackers now have access – regardless of whether they are state-sponsored or independent – to military-grade cyber weaponry, hence the fact that the attacks are so successful,” said Jamie Graves, chief executive of Edinburgh-based software company ZoneFox.

“Secondly, that digital data is directly linked to physical assets. It’s not just computer systems shutting down – it’s energy grids losing power, ships stopping in their tracks and people not being able to access their money.”

The affected businesses

A number of Russian businesses have been affected, including oil producer Rosneft and steelmaker Evraz.

Shipping company A.P. Moller-Maersk (MAERSKb.CO) reported a computer systems outage which it said could be a global issue.

“We can confirm that Maersk IT systems are down across multiple sites and business units. We are currently assessing the situation,” Maersk said on Twitter.

A Maersk spokeswoman said the cause of the breakdown was not yet known, but that it could extend across the company’s global operations.

Dutch broadcaster RTV Rijnmond reported that seventeen shipping container terminals run by APM Terminals, a Maersk subsidiary, had also been hacked, including two in Rotterdam and 15 in other parts of the world.

Russia’s top oil producer Rosneft (ROSN.MM) said on Tuesday its servers had been hit been a large-scale cyber attack, but its oil production was unaffected.

The Russian consumer lender of Czech group Home Credit said it had noticed “non-standard network activity” on its systems and was making checks after reports of cyber attacks on other companies.

Ukraine’s central bank said a number of Ukrainian commercial banks and state and private companies had been hit by cyber attacks via an “unknown virus”.

Kiev’s main airport has been hit by a “spam attack” that could cause some flights to be delayed, according to the operator Boryspil.

“In connection with the irregular situation, some flight delays are possible,” Director Yevhen Dykhne said in a post on Facebook.

“It’s critical that businesses implement security best practice, including regular patching, application control and removing admin rights,” said Andrew Avanessian, vice president at software company Avecto.

“In our testing we found that these simple measures prevented the majority of cyber attacks, and I’d be very surprised if that wasn’t the case in this instance too.”

This breaking news story is being updated as more information emerges – please refresh the page for the most recent version.

To keep on top of the biggest news stories as they happen, follow @CityAM on Twitter. You can also sign up for our newsletter alerts for updates throughout the day.