The press service of the Group-IB company, which investigates cybercrime, told RBC that a hacker attack on a number of companies using the Petya encryption virus is “very similar” to the attack that occurred in mid-May using malware WannaCry. Petya blocks computers and demands $300 in bitcoins in return.
“The attack took place around 2:00 pm. Judging by the photos, this is a Petya cryptolocker. Distribution method in local network similar to the WannaCry virus,” follows from the press service of Group-IB.
At the same time, an employee of one of the "daughters" of Rosneft, which is engaged in offshore projects, says that computers were not turned off, screens with red text appeared, but not for all employees. Nevertheless, the company collapsed, work was stopped. The interlocutors also note that all electricity was completely turned off at the Bashneft office in Ufa.
As of 15:40 Moscow time, the official websites of Rosneft and Bashneft are unavailable. The fact of the absence of a response can be confirmed on the resources of checking the status of the server. The site of the largest subsidiary of Rosneft, Yuganskneftegaz, is also not working.
The company later wrote on its Twitter that the hacker attack could have led to "serious consequences." Despite this, production processes, production, oil treatment were not stopped due to the transition to a backup control system, the company explained.
Currently, the Arbitration Court of Bashkiria has completed a meeting at which it considered the claim of Rosneft and Bashneft controlled by it against AFK Sistema and Sistema-Invest for the recovery of 170.6 billion rubles, which, according to oil company, Bashneft suffered losses as a result of the reorganization in 2014.
The representative of AFK Sistema asked the court to postpone the next meeting for a month so that the parties could familiarize themselves with all the petitions. The judge appointed the next meeting in two weeks - on July 12, noting that the AFC has many representatives and they will cope within this period.
As for oil refineries, especially those of Bashneft, the degree of automation there is very high, and a hacker attack can indeed certain conditions bring trouble. Considering that Bashneft was moving beyond Lately twice from hand to hand, apparently, the degree of protection there is not too high now. As for the other divisions of Rosneft, the production divisions, of course, got some trouble because of this hacker attack, but here the situation is such that the degree of automation is not yet too high. In this situation, server crashes are not very pleasant, but on technological process almost no effect. I would say in the words of a famous hero from an ancient cartoon: "It's even good that we are still feeling bad." Because at the moment the hacker attack did not bring much harm, but it showed very clearly that this direction, I mean the protection of networks, is very important. And this importance will certainly progress, and in situations where we, that is, Russia, find ourselves in some kind of crisis, this can turn out to be very critical. Therefore, for Rosneft, this can be seen as a very timely and useful test.
It is very difficult to say who is behind the hacker attack. By the nature of my work, I encounter quite a lot of hackers, and I can tell you that half of hackers are unpredictable people, and it makes no sense to look for any serious reasons for their attacks, because it's all connected with what people call "The roof has gone." As for the other half, indeed, this direction of activity is becoming ever larger every year, and the legislation will have to think about this topic, be more prescribed and cruel than it is now. But, as I understand it, a serious professional manager who occupies the highest levels in some company of a close profile should understand that this kind of attack does not make any sense. The only point could be that the company pays more attention to data protection in the future. Here it is necessary to take into account the psychology of managers. Still, the top management in our oil companies is very far from IT technologies, and the degree of their motivation to engage in this or that type of protection could be reduced. Again, I think this attack was rather useful.
We do not share our assumptions, it is not ethical. This is the task of law enforcement agencies - to establish, so our assumptions are of no interest to anyone. Rosneft and its subsidiaries are operating normally, we have switched to a backup system. Thanks to this, damage that could have been very serious was avoided. Production divisions, production, preparation and processing of oil - everything is working normally, there were no failures.
The rampant hysteria of the general public regarding "hacker attacks" is very amusing. Either Russia allegedly influenced the US elections, or WannaCry haunts everyone. Now, someone has “dishonored” Rosneft. Stop looking for depth where there is none. You will be surprised, but schoolchildren of the 80th level, who have been “rubbed” on the corresponding forums for a year or two, are capable of all this. An average person based on the same ZeuS "a on specialized sites will cost at least $ 10,000. For 50,000 there will already be a very decent extortionist on a self-written engine. On the same sites, you can easily find performers who will drive traffic to your, for example, phishing land ( if you “promote” like that) or those who competently spam the new virgin database of addresses of the country you are interested in. If the schoolchildren are hardened and know exactly what they want, they take into the team several people who “diall” the file by phone, posing as contractors or employees of the attacked organization, if we are talking about targeted attacks.If schoolchildren are smart, in addition to all this, they bribe a person or two in the attacked organization and then the chances increase significantly.This is not difficult to do.
Thought can be developed and developed. It's not about the technical part, which today, if desired, is available to absolutely everyone. The fact is that people on the ground are too relaxed and do not expect that they can be attacked. The success of any attack is always the stupidity of the person on the other end.
Stupidity and greed. Behind today's attack on Rosneft and everyone else, including the government of Ukraine, is nothing but stupidity and greed.
The stupidity of low-level clerks who:
- disable antivirus because "yahochunzhat aonnedaet"
- do not even update licensed windows, because "I have to work, not wait for updates" And "How is it not to turn off the computer at night? What if someone climbs to look at my browser history?"
- sabotage any attempt to migrate offices to Linux because: "I have already unlearned my own, there is nothing for me to learn how to use new programs".
And the greed of top-level employees, because of which unlicensed Windows was installed in the offices en masse. Because these crooks talk like this: "fuck it, we spent millions of dollars on computers alone, and you want us to workplace spent, in addition to 500 bucks for hardware, another 500 bucks for Windows + MS Office, or, moreover, 700 bucks for retraining staff on Linux? Ah, Linux also requires the expansion of the staff of administrators? - No, go to work! I'm sure if you work right, no virus will get through. Moreover, we pay you such grandmas. And in general, when I was selling computers during perestroika, no one bought any software, and everything worked!"
These two factors, and only they led to the fact that all these post-Soviet " effective managers"They got in so well. And so they need it!
The Rosneft company complained about a powerful hacker attack on its servers. The company announced this in its Twitter. “A powerful hacker attack was carried out on the company's servers. We hope that this has nothing to do with the current judicial procedures,” the message says.
“In fact of the cyber attack, the company turned to law enforcement agencies,” says in the message. The company emphasized that a hacker attack could lead to serious consequences, however, “due to the fact that the company switched to a backup management system production processes, neither the extraction nor the preparation of oil has been stopped.” An interlocutor of the Vedomosti newspaper, close to one of the company's structures, indicates that all computers in the Bashneft refinery, Bashneft-Dobycha and Bashneft management "rebooted at once, after which they downloaded an unidentified software and displayed the splash screen of the WannaCry virus.
On the screen, users were asked to transfer $300 in bitcoins to the specified address, after which users would supposedly be sent a key to unlock computers by e-mail. The virus, judging by the description, encrypted all data on user computers.
Group-IB, which focuses on preventing and investigating cybercrime and fraud, has identified a virus that hit an oil company, the company told Forbes. It's about about the Petya encryption virus, which attacked not only Rosneft. Group-IB specialists. found out that about 80 companies in Russia and Ukraine were attacked: the networks of Bashneft, Rosneft, the Ukrainian companies Zaporozhyeoblenergo, Dneproenergo and the Dnieper electric power system, Mondelēz International, Oschadbank, Mars, " New Mail”, Nivea, TESA and others. The Kyiv metro was also subjected to a hacker attack. Ukrainian government computers, Auchan stores, Ukrainian operators (Kyivstar, LifeCell, UkrTeleCom), PrivatBank were attacked. Boryspil Airport is also believed to have been hacked.
The virus spreads either as WannaCry or through a mailing list - company employees opened malicious attachments in emails Email. As a result, the victim's computer was blocked and the MFT (NTFS file table) was securely encrypted, a Group-IB representative explains. At the same time, the name of the encryptor program is not indicated on the lock screen, which complicates the process of responding to the situation. It is also worth noting that Petya uses a strong encryption algorithm and there is no way to create a decryption tool. The ransomware demands $300 in bitcoins. The victims have already begun to transfer money to the purse of the attackers.
Group-IB specialists found that a recently modified version of the Petya ransomware - "PetrWrap" was used by the Cobalt group to hide traces of a targeted attack on financial institutions. The criminal group Cobalt is known for having successfully attacked banks around the world - Russia, Great Britain, the Netherlands, Spain, Romania, Belarus, Poland, Estonia, Bulgaria, Georgia, Moldova, Kyrgyzstan, Armenia, Taiwan and Malaysia. This structure specializes in contactless (logical) attacks on ATMs. In addition to ATM management systems, cybercriminals are trying to gain access to interbank transfer systems (SWIFT), payment gateways and card processing.
Loading...