LISTEN LIVE KPR - On Air: Listen Live to classical, jazz and NPR news Schedule LATEST
NEWSCAST
KPR 2 - On Air: Listen live to KPR's all talk-radio service, KPR2 Recordings

Share this page              

'Petya' Cyberattack Hits Ukraine, And Experts Say It's Spreading Globally

A message demanding money is seen on a terminal monitor at a branch of Ukraine's state-owned Oschadbank after Ukrainian institutions were hit by a wave of cyberattacks earlier Tuesday in Kiev, Ukraine.

Updated at 1:21 p.m. ET

Ransomware hit at least six countries Tuesday, including Ukraine, where it was blamed for a large and coordinated attack on key parts of Ukraine's infrastructure, from government agencies and electric grids to stores and banks.

The malware is being called "Petya" — but there is debate in the security community over whether the ransomware is new or a variant that has been enhanced to make it harder to stop.

In either case, experts warn that it could spread globally, raising fears of a widespread attack like the WannaCry outbreak that struck in May.

The Maersk shipping company, based in Denmark, confirmed that its "IT systems are down across multiple sites and business units due to a cyber attack."

In the U.S., Department of Homeland Security spokesman Scott McConnell says the agency is "monitoring reports of cyber attacks affecting multiple global entities and is coordinating with our international and domestic cyber partners."

Any requests for help from DHS are confidential, McConnell says.

Computers hit by the malware display a locked screen that demands a payment to retrieve files. The malware promises to provide a specialized key to users who pay a ransom of $300 in bitcoins — the same ploy used by the WannaCry ransomware, which affected computers in more than 150 countries.

WannaCry was based on exploits stolen from the National Security Agency — including a program called EternalBlue, which exploited a Microsoft vulnerability. Petya reportedly shares some of WannaCry's traits — but while computers that had gotten a security patch were safe from WannaCry, Petya can also infect patched machines.

Mikko Hypponen, chief research officer at F-Secure,‏ says Petya uses other exploits to spread in internal systems. "That's why patched systems can get hit."

Signs that this is a new strain led Kaspersky Lab malware analyst Vyacheslav Zakorzhevsky to say the outbreak comes from a "new ransomware we haven't seen before."

In an update, Kaspersky Labs said the attack has hit thousands of users, in Russia, Ukraine, Poland, Italy, the U.K., Germany, France and the U.S. Kaspersky is an NPR funder, and its software is used on NPR computers.

Ukraine's security experts are working to fix the problem, according to the government portal. Until the issue is resolved, the government said, Ukrainians should simply turn off their computers.

While the malware's most concentrated effects were reported in Ukraine, several companies and at least one utility in Russia were also reportedly affected.

From Moscow, NPR's Lucian Kim reports, "Ukraine has blamed Russia for cyberattacks in the past, a charge Moscow denies. A number of Russian companies, including the state oil giant Rosneft, have also reported suffering cyberattacks today."

The attack struck at 2 p.m. local time, Ukraine's government says. The country's National Bank was among the first to report a problem. In Russia, the malware hit companies such as Mars, Nivea and Mondelez International, according to the Tass news agency.

Anton Gerashchenko, a lawmaker and adviser to Ukraine's interior minister, says he believes that despite its appearance as a ransomware hack, the attack is actually the work of Russian agents waging a type of hybrid warfare to try to destabilize Ukraine.

The malware was delivered in emails that had been created to resemble business correspondence, Gerashchenko said on his Facebook page. He added that the attack took days and likely weeks to stage before being activated.

Copyright 2017 NPR. To see more, visit http://www.npr.org/.

Tower Frequencies

91.5 FM KANU Lawrence, Topeka, Kansas City
96.1 FM K241AR Lawrence (KPR2)
89.7 FM KANH Emporia
99.5 FM K258BT Manhattan
97.9 FM K250AY Manhattan (KPR2)
91.3 FM  KANV Junction City, Olsburg
89.9 FM K210CR Atchison
90.3 FM KANQ Chanute

See the Coverage Map for more details

Contact Us

Kansas Public Radio
1120 West 11th Street
Lawrence, KS 66044
Download Map
785-864-4530 (Main Line)
888-577-5268 (Toll Free)
contact@kansaspublicradio.org