International cyber attack due to ‘updated version of known virus’

Companies and governments are being targeted by an updated version of a known virus, Europol said.

Its warning came as an international cyber attack caused disruption for major organisations including advertising firm WPP, European bank BNP Paribas and parts of the Ukrainian government’s computer systems.

Europol, which helps EU member states fight international crime, said the latest attack, the second in as many months, is more sophisticated than one in May that affected the NHS among others. The group is monitoring the spread of the virus.

Europol executive director Rob Wainwright said: “This is another serious ransomware attack with global impact, although the number of victims is not yet known. There are clear similarities with the WannaCry attack, but also indications of a more sophisticated attack capability, intended to exploit a range of vulnerabilities.

“It is a demonstration of how cybercrime evolves.”

While Europol says there are close links to the Petya virus, a type of malware thought to be responsible for the latest hack, global security firm Kaspersky Lab offered an alternative explanation.

Kaspersky Lab said the cyber attack was a new form of malware that shared similarities to the Petya malware but also “possesses entirely different functionality”.

The company said the virus has attacked around 2,000 users so far, with Ukraine and Russia the worst-affected, and users in Poland, Italy, the UK, Germany, France and the US also hit.

In this attack, the virus encrypts computer files then demands payment of 300 dollars (£235) ransom in the online currency bitcoin in exchange for the captured data.

Advertising giant WPP said that a day after the ransomware struck, the company was still trying to restore services that had been disrupted.

In an email, the firm said: “Having taken steps to contain the attack, the priority now is to return to normal operations as soon as possible while protecting our systems.”

A BNP Paribas spokeswoman said: “The necessary measures were taken rapidly to contain this attack.”

She would not comment on whether or not the systems of the company’s real estate arm were still down.

Two hospitals in the US were also affected, as well as pharmaceutical company Merck, and Cadbury owner Mondelez International.

Ukraine seems to be the worst affected by the ransom-demanding virus.

The malware hit on Tuesday, one day before a Ukrainian national holiday marking its independence from the Soviet Union and the creation of the country’s constitution.

Ukrainian deputy prime minister Pavlo Rozenko posted a picture of a darkened computer screen on Twitter, saying the computer system at the government’s headquarters had been shut down.

Russia’s Rosneft energy company also reported being hit, as did shipping company AP Moller-Maersk, which said every branch of its business was affected.