Merck hit by cyberattack


Several multinational companies said they were targeted, including USA pharmaceutical giant Merck, Russian state oil giant Rosneft, British advertising giant WPP and the French industrial group Saint-Gobain.

Yevhen Dykhne, director of the Ukrainian capital's Boryspil Airport, said it had been hit. "IT systems in several WPP companies have been affected", the company said in emailed statement. And while the target primarily appears to be European countries, the ransomware is also reported to be making inroads in countries like India.

The Russian oil giant Rosneft and a subsidiary, Bashneft, were also hit, as was the British advertising and marketing multinational WPP.

Merck, an American pharmaceutical company, tweeted that its computer network "was part of the global hack".

Russia's central bank said there were isolated cases of lenders' IT systems being infected.

SAINT GOBAIN: The French construction materials company Saint Gobain said it had been a victim of a cyberattack.

Ukrainian Prime Minister Volodymyr Groysman said the potential ransomware campaign affecting his country is "unprecedented", but "vital systems haven't been affected".

METRO: The German retailer said its wholesale stores in the Ukraine had been hit by a cyberattack.

Russian oil giant Rosneft and steel manufacturer Evraz followed, reporting they were affected by the virus.

Zhora said the current ransomware, which propagates across networks, demands $300 in Bitcoin.

"Last month was just the EternalBlue", he said.

"The self-spreading "WannaCry" internet worm, which ripped through 160,000 computers and crippled hospitals and other businesses, is now being linked to a North Korean cyber gang", reports Kevin Poulsen at Daily Beast. Under attack are the state and corporate sector: "post offices, banks, transport infrastructure, the main office of the railway station, and other facilities".

Ukraine's central bank said several lenders had been hit in the country, hindering operations and leading the regulator to warn other financial institutions to tighten security measures.

The Last Jedi BTS Images
The forthcoming film in the Star Wars saga is one of the most anticipated movies of the year. Information leaks are few and far between, and trailers are even scarcer.

A cyberattack was also reported by the Kyivenergopower company in the capital.

"But that doesn't mean that we won't be", he told ABC radio on Wednesday.

The world is still recovering from a previous outbreak of ransomware, called WannaCry or WannaCrypt, which spread rapidly using digital break-in tools originally created by the U.S. National Security Agency and recently leaked to the web.

He added: "Looking through some of the forensic data, it is actually leveraging the same vulnerability as WannaCry to spread the violence".

A Moscow-based cyber security firm, Group-IB, said it appeared to be a coordinated attack simultaneously targeting Russian Federation and Ukraine. "It has affected all branches of our business, at home and overseas".

Russian oil producer Rosneft and Danish shipping company Maersk also say they face disruption, including the latter's offices in the United Kingdom and Ireland.

Officials said the Kenilworth, New Jersey-based company was investigating the incident but provided no further details.

Hackers launched blistering attacks Tuesday against companies and agencies across the world. The company's website was not available.

In a message sent using its verified Twitter account, Merck confirmed Tuesday that its computer network was "compromised" as part of a global attack.

Attacks were also reported by the power company in Kiev, Kyivenergo.

The BSI agency did not name the companies affected, although German postal and logistics company Deutsche Post earlier said its systems in Ukraine had been affected. Petya reportedly shares some of WannaCry's traits - but while computers that had gotten a security patch were safe from WannaCry, Petya can also infect patched machines.

We asked Bitdefender how the ransomware is spreading, and the company confirmed that it has a wormable component - ie: EternalBlue or a varient of it.

"A massive ransomware campaign is now unfolding worldwide", said Romanian cybersecurity company Bitdefender, where analyst Bogdan Botezatu said that it appeared to be almost identical to GoldenEye, one of a family of hostage-taking programs that has been circulating for months.