Cyber-attack sweeps the globe

Companies worldwide are reporting that they have been hit by a major ransomware cyber-attack (Petya). The virus freezes the user’s computer and demands a ransom be paid in the digital Bitcoin currency.

Initial Source

Commenting on the attack, Gunnar Ugland, Head of Telenor Security Operations Center, said:

“The initial source for the malware is reported to have been a compromised update for a Ukrainian tax-software. The update was released on 22 June, so if this is proven correct the malicious software lay dormant for five days until activated the night before the Ukrainian Constitution Day on 28 June. The Ukrainian Cyberpolice is now working with the software company for analysis and forensics to determine the facts.”


Gunnar Ugland, Head of Telenor Security Operations Center at Telenor Norway

Reports state that the virus crippled computers running Microsoft’s Windows by encrypting hard drives and overwriting files, before demanding USD 300 in bitcoin payments to restore access.

The cyber extortion campaign, which began on Tuesday 27 June, emphasised mounting concerns that businesses have failed and are failing to secure their networks from increasingly aggressive hackers capable of shutting down critical infrastructure and paralyzing corporate and government networks. “While neither Telenor nor our customers have been affected,” comments Ugland, “we monitor events like this very closely. These attacks are tangible proof of the existing threats. We will continue to put security at the forefront of our business.”

“Never any guarantee”

More than 30 victims paid into the bitcoin account associated with the attack, according to a public ledger of transactions listed on blockchain.info.

There is, though, according to Ugland, “never any guarantee that you will get a decryption key after paying.” He adds that “In this case it’s even less of a chance as the email address the attackers are using has been blocked. Also, code analysis of the malware seems to indicate that the key needed to decrypt the files are actually just a random string, if this is correct the malware was actually designed to be destructive without the possibility to recover the files.”

Make sure to update anti-virus systems

“As a general precaution we advise everyone to update their operating systems, anti-virus and to be extra cautious with regards to opening e-mail links and attachments.”

While businesses will continue to focus on preventing such attacks, individuals will remain vulnerable. According to Ugland, there are steps that can be taken to mitigate the risk to personal computers and devices. “As a general precaution we advise everyone to update their operating systems, anti-virus and to be extra cautious with regards to opening e-mail links and attachments.”

Connect with the Security Operation Centre on Facebook