Mediaboss Marketing

A ransomware demand for $300 worth of bitcoin sits on the screen of a laptop infected by the 'Petya' computer virus inside a store in Kiev, Ukraine, on June 28, 2017. Vincent MundyBloomberg/Getty Images

Ukrainian state power distributor Ukrenergo was hit by another cyber attack on Thursday which used a computer virus different from one that hit Ukraine earlier in the week, the company 's acting chief said.

The second attack did not affect Ukraine 's power network, Vsevolod Kovalchuk told a news briefing on Friday.

Ukrenergo was an early victim of a cyber attack that began in Ukraine and spread around the world on Tuesday, knocking out thousands of machines, shutting down ports, factories and offices as it hit around 60 countries.

"The virus was slightly different, of a different nature, similar to WannaCry," Kovalchuk said about the second attack . "The effect from it was insignificant, as some computers remained offline."

WannaCry was the name of a global ransomware attack that struck in May.

For more on cyber attacks, watch Fortune's video:

Speaking about Tuesday's computer virus, Kovalchuk said that, according to preliminary data, it was activated during a software upgrade.

Cyber security firms are trying to piece together who was behind the computer worm, dubbed NotPetya by some experts.

A growing consensus among security researchers, armed with technical evidence, suggests the main purpose of the attack was to install new malware on computers at government and commercial organizations in Ukraine . Rather than extortion, the goal may be to plant the seeds of future sabotage, experts said.

Go here to read the rest:
Ukraine Power Company Says It Was Hit by a Second Cyber Attack - Fortune

PARIS The cyberattack that has locked up computers around the world while demanding a ransom may not be an extortion attempt after all, but an effort to create havoc in Ukraine, security experts say.

There may be a more nefarious motive behind the attack, Gavin OGorman, an investigator with U.S. antivirus firm Symantec, said in a blog post. Perhaps this attack was never intended to make money, rather to simply disrupt a large number of Ukrainian organizations.

The rogue program landed its heaviest blows on the Eastern European nation, where the government, dozens of banks and other institutions were sent reeling. It disabled computers at government agencies, energy companies, cash machines, supermarkets, railways and communications providers. Many of these organizations had recovered by Thursday.

The program, known by a variety of names, including NotPetya, initially appeared to be ransomware, a type of malicious software that encrypts its victims data and holds it hostage until a payment is made, usually in bitcoins, the hard-to-trace digital currency often used by criminals.

But OGorman and several other researchers said the culprits would have been hard-pressed to make money off the scheme. They appear to have relied on a single email address that was blocked almost immediately and a single bitcoin account that has collected the relatively puny sum of $10,000.

Others, such as Russian anti-virus firm Kaspersky Lab, said clues in the code suggest the programs authors would have been incapable of decrypting the data, further indicating the ransom demands may have been a smoke screen.

The timing was intriguing too: The attack came the same day as the assassination of a senior Ukrainian military intelligence officer and a day before a national holiday celebrating the new Ukrainian constitution signed after the breakup of the Soviet Union.

Tensions have been running high between Russia and Ukraine, with Moscow seizing Crimea in 2014 and pro-Russian separatists fighting government forces for control of eastern Ukraine.

Russia has long been suspected of engineering earlier cyberattacks against Ukraine, including the hack of its voting system ahead of 2014 national elections and an assault that knocked its power grid offline in 2015.

Ransomware or not, computer specialists worldwide were still wrestling with its consequences, with varying degrees of success.

Danish shipping giant A.P. Moller-Maersk, one of the global companies hit hardest, said Thursday that most of its terminals are running again, though some are operating in a limited way or more slowly than usual.

Problems have been reported across the shippers global business, from Mobile, Alabama, to Mumbai in India. At Mumbias Jawaharlal Nehru Port, hundreds of containers could be seen piled up.

See the article here:
Russia may have directed cyberattack against Ukraine - The Recorder

The cyber attack that crippled computer systems in Ukraine and other countries this week employed a ruse the appearance of being ransomware that seems designed to deflect attention from the attackers true identity, security researchers said.

And many companies initially fell for it.

The first reports out of cybersecurity firms on Monday, when news of the attack hit, was that a new variant of WannaCry, a virus that encrypted data and demanded a ransom to restore it, was on the loose.

In fact, a number of researchers said this week, the malware which researchers are calling NotPetya does not encrypt data, but wipes its victims computers. If the data is not backed up, its lost, they said.

It definitely wasnt ransomware and wasnt financially motivated, said Jake Williams, founder of Rendition Infosec, a cybersecurity firm, which has analyzed the virus. The goal was to cause disruption in computer networks.

Moreover, the email address to make a payment to retrieve data is no longer accessible, said Matt Suiche, a hacker and founder of Comae Technologies, a cybersecurity firm.

He said in a blog post this week that the ransomware feint was probably a way to make people think some mysterious hacker group was behind the attack rather than a nation state.

The fact of pretending to be a ransomware while being in fact a nation-state attack ... is in our opinion a very subtle way for the attacker to control the narrative of the attack, Suiche said.

Security researchers cautioned that it is too early to know for sure who is behind it. But some say that the targeting and distribution method of the malware point to Russia.

More than half the victimized computers were in Ukraine, including banks, energy firms and an airport.

Russia, which has annexed Crimea and has backed separatists in eastern Ukraine, has carried out an aggressive campaign of cyberattacks and harassment there.

In December, Russian government hackers disrupted the power grid in Kiev. A year earlier, they knocked out power in western Ukraine.

In this case, to get into victims computers, attackers infected a financial software program in Ukraine, called MEDoc, that delivers software updates to businesses through the Internet.

Thats called a watering hole attack, which targets users who navigate to the site for updates or to browse. It is also a tactic that Russian government hackers have used in the past to compromise industrial control system networks, Williams noted.

MEDoc is one of only two software options Ukrainian businesses have to pay their taxes, noted Lesley Carhart, an information security expert.

This was a clever choice for several reasons, she noted in a blog post, including that the distribution base within the country was extremely comprehensive as many companies used the software.

NotPetya did not spread across the open Internet, she said in an email. Its tactic was to compromise a few computers inside a network once the hacker got in, say, by delivering the malware through MEDoc. Then it could rapidly spread to other computers in the same network using a variety of other methods.

While most patient zero computers were in Ukraine ... the corporate networks those computers [connect to] could potentially span the globe, and infection could also spread to any customers, partners, or vendors with whom they had unrestricted network connections and shared accounts, she said.

That might explain how U.S. pharmaceutical giant Merck, the Danish shipping firm Maerskeven and the Russian oil company Rosneft became infected.

The Rosneft infection might be an unintended consequence collateral damage, Williams said.

Valentyn Petrov, head of the information security service at Ukraines National Security and Defense Council, said that the attacks timing, on the eve of Ukraines Constitution Day, indicated this was a political attack.

We are in an interesting test phase in which Russia is using modern cyberweapons, Petrov said, and everyone is interested to see how it is working and how threats can be countered.

David Filipov in Moscow contributed to this report.

Visit link:
Ukraine's ransomware attack was a ruse to hide culprit's identity, researchers say - Washington Post

News & Observer

Ports recover, but Ukraine still disrupted by cyberattack News & Observer In a statement posted to its website , A.P. Maersk-Moller said Friday it is "pleased to report that our operations are now running close to normal again." But back in Ukraine, the pain continues. Officials have assured the public that the malware ... and more »

Read more from the original source:
Ports recover, but Ukraine still disrupted by cyberattack - News & Observer

BBC News

Eurovision: Ukraine facing fine over Russia row BBC News Eurovision Song Contest bosses are fining Ukraine over its organisation of this year's competition in Kiev. The European Broadcasting Union (EBU) said Ukraine's state broadcaster UA:PBC should pay a "substantial" fine because of "severe delays which ... Ukraine faces big fine after Russia Eurovision rowReuters Ukraine faces Eurovision finePOLITICO.eu Eurovision Song Contest: Ukraine face MASSIVE fines for 'endangering' show over Russia rowExpress.co.uk RT -esctoday.com all 15 news articles »

Read the original:
Eurovision: Ukraine facing fine over Russia row - BBC News