Kyiv Boryspil Airport and TNT Affected by "NotPetya" Cyber Attack


The “Petya” cyber attack locks Windows users out of their computer, supposedly until they pay for a key. All Windows computers across Ukraine have been affected by the virus. In a matter of hours, the ransomware had spread worldwide.

image

“It’s believed the latest attack might be a ransomware virus called Petya and hidden in an innocuous document sent through email. It freezes a user’s computer until a “ransom” is paid in virtual currency bitcoin. It spreads apparently by having a ‘bad’ instruction — like a small piece of computer code — hidden inside a Word or PDF document. This bad instruction attacks a Windows operating system basically taking over a computer — in this case it seizes the files and encrypts them and then the bad guys ask for money to decrypt — this means you cannot open or read your own files. It’s also been suggested to have used the same tactics as the Wannacry attack last month.” - ABC

The ransomware has been confirmed to have originated in Ukraine. It started spreading on 18 June (or earlier) as an update for a popular M.E.Doc accounting software package.

“In connection with the irregular situation, some flight delays are possible,” Boryspil Airport director Yevhen Dykhne wrote in a Facebook post. Some of the airport’s departures were delayed by over 2 hours due to the attack according to this flight board: http://www.flightstats.com/go/FlightStatus/flightStatusByAirport.do?airport=KBP.

International courier company TNT said it was assessing whether the same attack was responsible for “interference” in its IT system.

“Like many other companies and institutions around the world, we are experiencing interference with some of our systems within the TNT network,” it said in a statement.

Ukrainian Deputy Prime Minister Pavlo Rozenko said the government’s computer network had gone down and posted a picture on Twitter of a computer screen with an error message.

I’m not too sure this meme was a good reaction to the attack… (click below)

Updates for Boryspil Airport and TNT:


All users affected by the attack are warned not to turn on their computers. Companies affected include:

  • Merck
  • Rosneft
  • TNT Express
  • Maersk
  • Mondelez (and Cadbury)
  • DLA Piper
  • Heritage Valley Health System
  • WPP
  • And others (this list is growing unfortunately)

image
Heat map of computers affected by Petya, detected by McAfee software (map may be inaccurate - results also depend on the amount of users of McAfee software in each country)

Full Petya run down:

Oh no! That’s horrible!!! (That’s why you go with apple 😁)

Actually Windows isn’t so bad, considering it’s running on over 90% of computers worldwide. The reality is Macs are as prone to viruses as Windows machines. Usually viruses attack a particular operating system, and in this case (with more Windows users around the world) the hacker can gain more cash. I know, it’s really bad of them to do such a thing, but it’s the harsh reality. And of course, as you say, Windows can’t survive without anti-virus and anti-malware. They have upped the security in Windows 10 though (example of Windows Defender below).

Microsoft published this: https://www.microsoft.com/en-us/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Ransom:Win32/Petya
And immediately deployed a patch to all Windows machines through Windows Defender. Now it’s up to the users to install the patch.

3 Likes

By users affected do you mean big companies?

The companies, and individuals. The companies affected are well covered by the media to dramatise the whole situation. People all around the world are getting this virus through pdfs and word documents via unknown emails. The source of the emails and the Bitcoin account(s) involved leads detectives nowhere unfortunately. I’m not totally sure about the whole situation since I’m not affected, though. Example of the email, from the Microsoft website as linked above:
image
I’m not sure why all the computers in these companies are affected by the virus since not everyone would have opened the attached documents in the email.

Apple computers are actually more secure and viruses I’m pretty sure have to be really adapted for it. This virus was developed by thre NSA so it’s pretty much going to be able to do things like this across the world. I think it’s due to them using windows XP.

1 Like

That’s why I said this. Yes, it’s not totally secure.

So this is pretty much like the wannacry ransomware but way worse…

1 Like

And as we see, Russia is clearly causing this (Or so I think)

1 Like

Is the USA in danger of the virus?

1 Like

Windows is actually affected quite severely. Including myself. I turned my computer on today to find my whole PC wiped. MS support couldn’t do anything to fix, and they didn’t comment on the cause.

Apparently my issue isn’t similar to the above. I do though think there is some sort of connection. Maybe spread through a network.

2 Likes

It’s most likely a virus that is spread via the network the computers were connected to, or something similar like that.

1 Like

Yes computers across the world have been affected by the virus

1 Like

That’s terrible. So now everyone is going to get it 😬

It is thought to have originated from Ukraine considering the amount of computers affected in the country.
#UPDATE: The attack originated in Ukraine. It started spreading on 18 June (or earlier) as an update for a popular M.E.Doc accounting software package.
It looks like the company was looking for more money than they deserve 🤔😡

2 Likes

Not necessarily. I had my firewall off for something I was doing the night before. Plus, I’m the only one in that uses windows in the house.

1 Like

Well that’s not good to wake up to. I read on a website that the virus could be removed by typing a command prompt.
Found this: http://www.2-spyware.com/remove-petya-virus.html

It’s fine. I had a backup on an external drive, but i would’ve liked to have solved it then and there on support. Thanks though.

1 Like

Does the ransomware actually remove all your files though? Are you able to access your computer normally now?

I made an edit to the post :)


Yes, I’m in the process of restoring it! :)

1 Like