Order tour
Your full name
* Email address
Number of people
Type of Tour
free
 
Group tour: $85


Private tour:
one person - $450
two persons - $230
three persons - $210
four persons - $170
five persons - $140
six persons - $125

News

14 September 2017
A Terrifying Hacker and an Equally Terrifying Possibilities

When a ransomware virus “Petya” swarmed all over thousands of PCs, no one expected that it would affect even some of the most protected machines in the world. However, a report went through about a data gathering virus hitting computers on the Chernobyl power plant. Some of them were still in the process of decommissioning.

The virus is a relentless piece of malicious software that terrorized not only personal computers in Ukraine, but also a variety of well-protected government computers. The virus managed to mess up power grids, banking, administrative processes, and many other government functions.

The virus demanded a payment of $300 and then promised to decrypt corrupted files. Luckily for all of us, the computer on the power plant was not controlling anything and was off the controlling grid. While employees had to switch to manual controls, the danger was minimal.

The Chernobyl Power plant is not the sole victim of the virus. A huge Russian corporation Rosneft also reported that some of its computers were affected by the virus. This cyber-attack was truly dangerous and large in scope.

While IT specialists managed to revert some of the damage and saved the vast majority of data, the possibilities are quite frightening. There are breaches in cyber defense of modern NPPs that can be exploited and it is terrifying.

All companies and governmental institutions reported that the data was protected and nothing leaked. However, the very existence of such an incident is a reason enough to question whether our defense against hackers is robust enough.

Ukrainian deputy prime minister Pavlo Rozenko posted a picture of a darkened computer screen on Twitter, saying the computer system at the government's headquarters has been shut down.

Meanwhile British advertising agency WPP said a number of its computers had been affected, and its website appeared to be down as it made the announcement.

US pharmaceutical company Merck, law firm DLA Piper, Netherlands-based shipping company TNT and Spanish food giant Mondelez - whose brands include Oreo and Toblerone - have also been compromised as part of the global hack.

Image: Vectra Networks

There is very little information about who might be behind the disruption.

However, technology experts who examined screenshots circulating on social media said it bears the hallmarks of ransomware - the name given to programs that hold data hostage by scrambling it until a payment is made.

It appears to be spreading using the EternalBlue vulnerability in Microsoft Windows - the same vulnerability used to spread the WannaCry ransomware, which crippled the UK's National Health Service and thousands of businesses worldwide last month.

"The Petya attack looks very similar in its dynamics and techniques to the WannaCry ransomware that caused large disruption just a few weeks ago," said Marco Cova, senior security researcher at Lastline.

 

"In particular, like WannaCry, it seems to rely on the EternalBlue exploit to automatically spread from one machine to another.

"If it is confirmed that the EternalBlue is the only spreading mechanism, there will be inevitable questions about how organisations could still fall to this attack after all the publicity and support tools that were produced as part of the WannaCry response."

WannaCry spread rapidly using digital break-in tools originally created by the US National Security Agency (NSA), which recently leaked to the web.

Within a day of being released, it had infected more than 230,000 computers in over 150 countries.

Image: AFP

"Last month's WannaCry attack was largely reported as the world’s largest ransomware attack, but this latest attack indicates that, only a month on, it’s possible that the trend is only set to grow," said Dr Malcolm Murphy, technology director for Western Europe at security firm Infoblox.[1]

"While ransomware has traditionally posed a threat to consumers and their personal data, attacks such as this demonstrate that the risk to national infrastructure is far greater."

"With power grids and transport hubs at the risk of being shut down, the extent to which attacks such as these can pose a risk to national safety is abundantly clear."

[1] During the preparation of the article were used the materials of the site http://www.mirror.co.uk/tech/chernobyl-nuclear-power-plant-hit-10697960