Irish-based firms hit by latest ransomware cyberattack

The attack started in Ukraine and has spread across the world

Irish-based firms hit by latest ransomware cyberattack

File photo

A "powerful" cyberattack that started in Ukraine has spread across the world, hitting banks, government IT systems and energy firms.

At least three multinationals based in Ireland have been hit by the worldwide 'Petya' ransomware attack.

The pharmaceutical company MSD which has operations in Cork, Carlow, Tipperary and Dublin says its network was infected.

Danish shipping giant Maersk confirmed computers at its Dublin office in Blanchardstown were down.

And the ad agency WPP, which has offices in Dublin, also fell foul of the bug.

Companies in at least six other countries were also hit, after Ukraine declared it had been struck by the biggest cyberattack in its history.

Chernobyl's radiation monitoring system is among the most serious digital networks affected. It has since been shut down, leaving employees to "go out and measure the (radiation) levels with hand-held meters".

Ukraine's interior ministry said the hack was a modified version of the Wannacry virus - a type of ransomware that crippled Britain's NHS computer systems in May.

File photo

Costin Raiu, head of global research at Kaspersky Lab, the world's biggest cybersecurity analysis firm, identified the virus as Petrwrap.

The cryptolocker demands US$300 (€264) in bitcoins to let users access their data and does not name the encrypting program, which makes finding a solution difficult.

Mike Murray, lead researcher at security firm Lookout, says: "While the NotPetya ransomware has seriously impacted businesses and infrastructure across the world, it is likely not as widespread of a problem as it would've been a decade ago.

"As the adoption of mobile in the enterprise continues to climb, many users are finding that even if infected by NotPetya, they can still maintain access to their email, calendar, text messages, social media, etc. on their mobile devices.

"Ransomware on mobile is a real threat, and if the NotPetya ransomware were on mobile, most users would be seriously impaired. Without access to a two-factor token to log onto an enterprise network, services like Google Maps and Uber/Lyft, a ransomware outbreak that spread via mobile would cause massive disruption.

"As attacks continue to evolve, a NotPetya-style attack on mobile is not a matter of "if" but "when".

Ukraine origins

Ukraine's security council secretary said an hour after the news broke: "It is possible to talk of Russian fingerprints."

News of the cyberattack emerged when Ukraine announced that its government IT network had been crippled by an "unknown virus".

The hack then spread, attacking several Ukranian banks, its state power grid, postal service and largest telephone firm. Kiev Airport was also hit.

A shopper at the Rost supermarket in Kharkiv took a photo of checkout computers hit by the attack, describing staff members' reaction as "frustration" and customers' as "confusion".

Russian oil giant Rosneft and steel manufacturer Evraz followed, reporting they were affected by the virus.

A spokesperson for international crime agency Europol said: "Europol is aware of multiple reports in the media regarding a developing ransomware attack, we are liaising with cyber units in the member states and key industry partners to establish the full nature of this attack at this time."

The disruptions follow a spate of hacking attempts on Ukrainian state websites in late-2016 and repeated attacks on the country's power grid that prompted security chiefs to call for improved cyber defences.