Ukraine is Ground Zero in a New Global Malware Attack

A woman stands at an ATM that doesn't work outside a Ukrainian bank in Donetsk, eastern Ukraine, Tuesday, Nov. 25, 2014.

Balint Szlanko/AP

AA Font size + Print

A woman stands at an ATM that doesn't work outside a Ukrainian bank in Donetsk, eastern Ukraine, Tuesday, Nov. 25, 2014.

The quick infection of nearly 300,000 computers worldwide is reportedly due to two software exploits released in April by the hacking group called the Shadow Brokers.

A sweeping set of cyber attacks hit critical services in Ukraine this morning, and have so far shown no signs of slowing down. The attacks appear to be related to a new strain of the ransomware known as Petya, which Costin Raiu, director of global research and analysis at Kaspersky Lab, says is already spreading worldwide.

In the space of hours, Ukraine’s government, top energy companies, private and state banks, main airport, and Kyiv’s metro system all reported hits on their systems. The attacker was not immediately clear—Wired, in a recent story, described Russia as using its neighbor as a “test lab for cyber war,” but Moscow denies any part in past attacks. Its own state oil giant Rosneft also reported being hit by a cyberattack today; Rosneft’s website was unresponsive at time of writing. It’s unclear if the attacks are linked. Another Russian oil firm, Bashneft, has been hit too.

Ukraine’s deputy prime minister, Pavlo Rozenko, said government computers had been taken over with the screen below appearing:

So far, it’s unclear whether Petya is using the same tools that made the WannaCry ransomware attack on May 12 so successful. The quick proliferation of that attack, which infected nearly 300,000 computers worldwide within a day, was due entirely to its use of two powerful software exploits that were released to the public in April by an anonymous hacker group calling itself the Shadow Brokers, which said the exploits were developed by the US National Security Agency (NSA). Governments and experts have generally come to the conclusion that the North Korean government was behind the WannaCry attack.

Ukraine’s central bank was tight-lipped about the attack, declining to say which banks had been hit but acknowledging they were “having difficulties with client services and banking operations.” It told Reuters it was confident in its defenses against cyber fraud. Meanwhile, state energy provider Ukrenergo said an attack on its IT system had not affected service.

The deputy director of Kyiv’s Borispol airport wrote on Facebook (link in Russian) that it had come under a “spam attack” and flights might be delayed. At the time of writing, the airport’s website was down. Kyiv’s metro system said its card payment system was down (link in Ukrainian), blaming a hack.

The Ukrainian government’s official Twitter account said there was “no need to panic,” with a GIF suggesting the very opposite:

Close [ x ] More from DefenseOne