A number of Israeli companies are said to have been been hit as part of a global wave of cyberattacks that began in Russia and Ukraine on Tuesday, wreaking havoc on government and corporate computer systems, as it spread around the world.
Several multinational companies said they were targeted, including US pharmaceutical giant Merck, Russian state oil giant Rosneft, British advertising giant WPP, and the French industrial group Saint-Gobain. Three Israeli companies were also included, according to Hebrew media reports.
Some IT experts identified the virus as “Petrwrap,” a modified version of the Petya ransomware that hit last year and demanded money from victims in exchange for the return of their data. But global cybersecurity firm Kaspersky Lab said: “Our preliminary findings suggest that it is not a variant of Petya ransomware as publicly reported, but a new ransomware that has not been seen before.” Making the point, Kaspersky has named it “NotPetya.”
The company said its data points to some 2,000 attacked users so far, with organizations in Russia and the Ukraine the most affected.
“We have also registered hits in Poland, Italy, the UK, Germany, France, the US and several other countries,” the Russian firm said in a statement, adding that the current attack is a complex one.
Ido Naor, Kaspersky’s senior security researcher in Israel, told the Ynet news website that the attack had also targeted some firms in Israel, without disclosing additional details.
The firm advised all companies to update their Windows software, to check their security solutions and ensure they have back up and ransomware detection in place, the statement said.
The cyberattack came as global cybersecurity leaders have convened in Tel Aviv this week to discuss the future of cybersecurity threats at an international conference.
The first reports of trouble came from Ukrainian banks, Kiev’s main airport and Rosneft, in a major incident reminiscent of the recent WannaCry virus.
The cyberattack also recalled a ransomware outbreak last month, which hit more than 150 countries, and a total of more than 200,000 victims, with the WannaCry ransomware.
On Monday, Israel’s Shin Bet security agency head Nadav Argaman told the Cyber Week conference in Tel Aviv that it has prevented over 2,000 cyber attacks on the country since the start of 2016.
‘Spreading round the world’
The latest virus is “spreading around the world, a large number of countries are affected,” Costin Raiu, a researcher at the Moscow-based Kaspersky Lab said in a Twitter post.
In the United States, Merck was hit, as was New York law firm of DLA Piper.
“We confirm our company’s computer network was compromised today as part of a global hack. Other organizations have also been affected,” Merck said on Twitter.
We confirm our company's computer network was compromised today as part of global hack. Other organizations have also been affected (1 of 2)
— Merck (@Merck) June 27, 2017
“It seems to be done by professionals criminals, and I think money is the motivation,” said Sean Sullivan, a researcher at the Finnish cybersecurity group F-Secure.
He said that unlike the recent WannaCry attack, this “Petrwrap” attack has sophisticated elements that could make it easier to rapidly infect many more systems.
Ukrainian Prime Minister Volodymyr Groysman wrote on Facebook that the attacks in his country were “unprecedented,” but insisted that “important systems were not affected.”
However, the radiation monitoring system at Ukraine’s Chernobyl nuclear site has been taken offline, after it was targeted in the attack, forcing employees to use hand-held counters to measure levels, officials said Tuesday.
The technological systems were working “as usual” at the plant that exploded in 1986, however.
The attacks started around 2:00 p.m. Moscow time and quickly spread to 80 companies in Ukraine and Russia, said cybersecurity company Group IB.
The companies affected were hit by a type of ransomware that locks users out of the computer and demands purchase of a key to reinstate access, Group IB said.
The cryptolocker demands $300 in bitcoins and does not name the encrypting program, which makes finding a solution difficult, Group IB spokesman Evgeny Gukov said.
Ukraine’s central bank said several lenders had been hit in the country, hindering operations and leading the regulator to warn other financial institutions to tighten security measures.
Banks were experiencing “difficulty in servicing customers and performing banking operations,” due to the attacks, the bank said in a statement.
Rosneft said earlier that its servers suffered a “powerful” cyberattack, but thanks to its backup system, “the production and extraction of oil were not stopped.”
The wave of cyberattacks also impacted Maersk, a global cargo shipping company; Saint-Gobain, a French company producing glass and other construction materials; and British-based WPP.
In Amsterdam, the Dutch parcel delivery company TNT, which operates in 200 countries around the world, said its systems had been affected. “We are assessing the situation and are implementing remediation steps as quickly as possible,” the company, part of FedEx, said in a statement.
Signs of sophistication
Experts also said this latest attack could heighten fears that companies may be more vulnerable to cyberattacks than suspected, potentially putting personal data at risk.
“This will undeniably affect trust in these organisations and raise questions of competency,” said Louis Rynsard, a director at the corporate communications agency SBC London.
“The long-lasting impact of a cyberattack cannot be overstated,” he said.
The fight against cyberattacks has sparked exponential growth in global protection spending, with the cyber security market estimated at $120 billion this year, more than 30 times its size just over a decade ago.
But even that massive figure looks set to be dwarfed within a few years, experts said, after ransomware attacks crippled computers worldwide in the past week.
Shoshanna Solomon contributed to this report.