The Petya virus, which was blamed for disrupting systems in 2016, has apparently returned to hit a number of targets across Europe, with Ukraine being the hardest hit.

Dispatchers are seen inside control room of Ukraine's national power company Ukrenergo in Kiev.
Dispatchers are seen inside control room of Ukraine's national power company Ukrenergo in Kiev.

Ransomware known as Petya seems to have re-emerged to affect computer systems across Europe, causing issues primarily in Ukraine, Russia, England and India, a Swiss government information technology agency said on Tuesday.

"There have been indications of late that Petya is in circulation again, exploiting the SMB (Server Message Block) vulnerability," the Swiss Reporting and Analysis Centre for Information Assurance (MELANI) said in an e-mail.

TRT World spoke to Sarah Firth, who explained the impact of the cyberattack.

Ukraine thus far seems to be the hardest hit. Ukrainian Deputy Prime Minister Pavlo Rozenko said on Tuesday that the government's computer network was down, and posted a picture on Twitter of a computer screen showing an error message.

Ukrainian institutions were hit by a wave of cyber attacks earlier in the day, including banks, the state energy distributor and Kiev's main airport.

"We also have a network 'down'," Rozenko said on Facebook. "This image is being displayed by all computers of the government," he said.

Та-дам! Якщо що, то у нас теж мережа "лягла", по ходу! Таку картинку показують всі компи КМУ )))

Posted by on Tuesday, June 27, 2017

There's very little information about who might be behind the disruption, but technology experts who examined screenshots circulating on social media said it bears the hallmarks of ransomware, the name given to programmes that hold data hostage by scrambling it until a payment is made.

Ukraine under attack

Flight operator Boryspil said Kiev's main airport was hit by a "spam attack" that could cause some flights to be delayed.

"In connection with the irregular situation, some flight delays are possible," Director Yevhen Dykhne said in a post on Facebook.

Earlier, Ukrainian national power distributor Ukrenergo said that its IT system had been hit by a cyberattack on Tuesday, but the disruption had no impact on power supplies or its broader operations.

"There is no effect on power supplies," a Ukrenergo spokesman said.

The country's central bank also said that a number of Ukrainian commercial banks and state and private firms had been hit by cyber-attacks via an "unknown virus."

"As a result of these cyber-attacks these banks are having difficulties with client services and carrying out banking operations," the central bank said in a statement that did not name any of the lenders affected.

"The central bank is confident that the banking infrastructure's defence against cyber-fraud is properly set up and attempted cyberattacks on banks' IT systems will be neutralised," it said.

Ukrenergo said that the disruption had no impact on power supplies or its broader operations. (Reuters)
Ukrenergo said that the disruption had no impact on power supplies or its broader operations. (Reuters)

Widespread disruption across Europe

Hackers caused widespread disruption across Europe, hitting Britain, Netherlands, Russia, Denmark and Norway as well.

Seventeen shipping container terminals run by APM Terminals have been hacked, including two in Rotterdam and 15 in other parts of the world, Dutch broadcaster RTV Rijnmond reported.

The RTV report said computers were infected by ransomware that encrypted their hard drives.

The broadcaster published an image of the screen of an affected machine with a message demanding a $300 payment.

Britain's WPP, the world's biggest advertising agency, said that it had been hit by a cyberattack, one of many major corporations to face major disruption.

A spokesman confirmed it had been affected without giving any further details. The company's website was not available.

Meanwhile, Russia's Rosneft energy company also reported falling victim to hacking, as did Russian steelmaker Evraz, which said that its information systems had been hit by a cyberattack.

Copenhagen-based shipping company A P Moller-Maersk also reported an attack, saying every branch of its business was affected.

"We are talking about a cyberattack," said Anders Rosendahl, a company spokesman said. "It has affected all branches of our business, at home and abroad."

The world is still recovering from a previous outbreak of ransomware, called WannaCry or WannaCrypt, which spread rapidly using digital break-in tools originally created by the US National Security Agency and recently leaked to the web.

Chain of cyberattacks in Ukraine

In May this year, Ukrainian President Petro Poroshenko's official website was hit by an "organised" cyberattack allegedly from Russia.

In February 2017, Ukraine accused Russian hackers of targeting its power grid, financial system and other infrastructure with a new type of virus that attacks industrial processes.

In January 2016, Ukraine also alleged that a cyberattack on its power grid was carried out by Russia.

Prykarpattyaoblenergo, a power provider based in western Ukraine, blame failures in its grid on December 23, 2015 on "interference."

Russia neither denied nor accepted that accusation.

Again in January, Germany accused Russia of targeting international peace monitors in Ukraine.

Russia often rejects such allegations.

Source: TRTWorld and agencies