Global cyber attack hits IT systems in the UK and Ireland
A massive global cyber attack which started in Ukraine has also affected companies in the UK and Ireland.
Shipping group Maersk said that its computer systems failed across multiple regions, including Ireland and the UK.
"We can confirm that Maersk IT systems are down across multiple sites and business units due to a cyber attack", the Danish group said via Twitter.
"We continue to assess the situation. The safety of our employees, our operations and customers' business is our top priority."
The world's biggest advertising firm, WPP, which has offices in Belfast and Dublin, food company Mondelez, and pharmaceutical giant Merck are also affected.
Ukranian deputy prime minister Pavlo Rozenko posted a pictured of a darkened computer screen on Twitter, saying the computer system at the government's headquarters had been shut down.
Across the world, the cyber attack has taken out servers and PCs, hitting Eastern Europe worst. Russia’s biggest oil company has been affected, as well as operations at Ukrainian airports, banks and power utilities.
Cyber security experts said those behind the attack appeared to have exploited the same type of hacking tool used in the WannaCry ransomware attack that infected hundreds of thousands of computers in May before a British researcher created a kill-switch.
“It’s like WannaCry all over again,” said Mikko Hypponen, chief research officer with Helsinki-based cyber security firm F-Secure.
However, security experts here say the infection has not yet spread into public sector bodies such as hospitals or schools, as the previous ‘WannaCry’ ransomware attack did.
“In Ireland, it seems mainly to have affected networks of global organisations,” said Conor Flynn, managing director of Information Security Assurance Services. “To my knowledge, it hasn’t yet gotten into government departments or other public organisations.”
Mr Flynn said companies which patched their systems during the WannaCry ransomware outbreak in April and May were in a strong position to fend off any attack from the new malware.
However, victims of the new attack were quick to post photos of their infected PC screens.
“If you see this text, then your files are no longer accessible, because they have been encrypted,” read the text on one such infected screen from Ukrainian media firm Channel 24. “Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service.”
The same message appeared on computers at Maersk offices in Rotterdam and at businesses affected in Norway.
Other companies that said they had been hit by a cyber attack included Russian oil producer Rosneft, French construction materials firm Saint Gobain.
Mr Flynn said the malware can be released through infected emails.
“Sometimes the email will claim to be a CV for a job ad,” he said. “If opened, it can get a foothold on your machine and then tries to spread to other machines.”
Cyber security firms scrambled to understand the scope and impact of the attacks, seeking to confirm suspicions hackers had leveraged the same type of hacking tool exploited by WannaCry, and to identify ways to stop the onslaught.
Experts said the latest ransomware attacks, dubbed GoldenEye, were a variant of an existing ransomware family called Petya. It uses two layers of encryption which have frustrated efforts by researchers to break the code, according to Romanian security firm Bitdefender. “There is no workaround to help victims retrieve the decryption keys from the computer,” the company said.
Last’s month’s fast-spreading WannaCry ransomware attack was crippled after a 22-year-old British security researcher created a so-called kill-switch. Any organisation that heeded warnings from Microsoft Corp to install a security patch appears to be protected against the latest attacks.