Petya at Rosneft: the oil company complained of a powerful hacker attack. Rosneft reported a powerful hacker attack on its servers
The Rosneft company commented on the hacker attack with a ransomware virus on the company’s computers.
A hacker attack could lead to serious consequences, however, due to the fact that the Company switched to a backup control system production processes, neither production nor oil preparation has been stopped, Rosneft reported. - Disseminators of false panic messages will be considered as accomplices of the organizers of the hacker attack and will bear responsibility along with them.
Thus, Bashneft, which is part of the company, also continues to operate as usual.
Let us recall that yesterday, June 27, a global ransomware attack hit the IT systems of companies in several countries around the world, mostly affecting Ukraine. Computers in oil, energy, telecommunications, pharmaceutical companies, as well as government agencies. The attack began around 13:00 Ufa time.
Method of distribution in local network similar to the WannaCry virus, RIA Novosti reports.
Yesterday, Rosneft also reported that its servers were subject to a powerful hacker attack, and therefore the company contacted law enforcement agencies. In addition, Evraz information systems were subject to a hacker attack. The Bank of Russia said it had identified hacker attacks aimed at the systems of Russian credit institutions; As a result of these attacks, isolated cases of infection of objects were recorded information infrastructure. At the same time, no disruptions to the operation of banking systems or disruptions in the provision of services to clients were recorded.
The head of Bashkiria, Rustem Khamitov, in an interview with the Rossiya 24 TV channel, said that the hacker attack in the republic did not lead to serious consequences.
“We have a normal situation at the enterprises of the republic, everything is working normally,” he said. - Enterprises do not in any way feel the effects of these hacker attacks. Maybe because preventive measures were taken at the Rosneft level.
Today RIA Novosti talked about how to protect yourself from the virus.
Russian technology investor, IT expert Denis Cherkasov told the agency that one of the most reliable methods of protection against viruses is the correct actions of company employees, namely, ignoring suspicious letters and especially requests to follow links.
Otherwise, the virus can grow like a snowball thanks to such “harmless” actions, Cherkasov emphasized.
Therefore, according to him, when thinking through business protection tactics, first of all, it is necessary to conduct training on simple cybersecurity rules for the team.
Secondly, even the most modern systems protections need to be regularly updated in order not to fall under the attack of new virus software.
Third, system integrity monitoring systems are needed to be able to detect the spread of the virus in computer network before he began his harmful action.
To ensure security, Kaspersky Lab also recommends that its users make sure that the security solution is enabled and uses up-to-date virus databases, that it is connected to the KSN cloud system and that system monitoring (System Watcher) is activated.
As an additional measure, using the AppLocker function, you can prevent the execution of a file called perfc.dat, and also block the launch of the PSExec utility from the Sysinternals package, the company advised.
The press service of Group-IB, which investigates cybercrimes, told RBC that the hacker attack on a number of companies using the Petya encryption virus was “very similar” to the attack that occurred in mid-May using the WannaCry malware. Petya blocks computers and demands $300 in bitcoins in return.
“The attack took place around 2 p.m. Judging by the photographs, this is the Petya cryptolocker. The method of distribution on the local network is similar to the WannaCry virus,” follows from the message from the Group-IB press service.
At the same time, an employee of one of the Rosneft subsidiaries, which is involved in offshore projects, says that the computers did not turn off, screens with red text appeared, but not for all employees. However, the company is collapsing and work has stopped. The interlocutors also note that all electricity was completely turned off at the Bashneft office in Ufa.
At 15:40 Moscow time, the official websites of Rosneft and Bashneft are unavailable. The fact of no response can be confirmed on server status checking resources. The website of Rosneft’s largest subsidiary, Yuganskneftegaz, is also not working.
The company later tweeted that the hack could have led to “serious consequences.” Despite this, production processes, production, and oil preparation were not stopped due to the transition to a backup control system, the company explained.
Currently, the Arbitration Court of Bashkortostan has completed a meeting at which it considered the claim of Rosneft and its controlled Bashneft against AFK Sistema and Sistema-Invest for the recovery of 170.6 billion rubles, which, according to oil company, Bashneft suffered losses as a result of reorganization in 2014.
A representative of AFK Sistema asked the court to postpone the next hearing for a month so that the parties have time to familiarize themselves with all the petitions. The judge scheduled the next meeting in two weeks - on July 12, noting that the AFC has many representatives and they will cope within this period.
The Rosneft company complained of a powerful hacker attack on its servers. The company announced this in its Twitter. “A powerful hacker attack was carried out on the company’s servers. We hope that this has nothing to do with the current legal proceedings,” the message states.
“The company contacted law enforcement agencies regarding the cyber attack,” it says in the message. The company emphasized that a hacker attack could lead to serious consequences, however, “thanks to the fact that the company switched to a backup production process control system, neither oil production nor oil preparation was stopped.” An interlocutor of the Vedomosti newspaper, close to one of the company’s structures, indicates that all computers at the Bashneft refinery, Bashneft-Dobyche and the Bashneft management “rebooted at once, after which they downloaded an unknown software and displayed the splash screen of the WannaCry virus.”
On the screen, users were asked to transfer $300 in bitcoins to a specified address, after which users would allegedly be sent a key to unlock their computers by e-mail. The virus, judging by the description, encrypted all data on user computers.
Group-IB, which prevents and investigates cybercrimes and fraud, has identified a virus that affected an oil company, the company told Forbes. It's about about the Petya encryption virus, which attacked not only Rosneft. Group-IB specialists. found out that about 80 companies in Russia and Ukraine were attacked: the networks of Bashneft, Rosneft, Ukrainian companies Zaporozhyeoblenergo, Dneproenergo and the Dnieper Electric Power System, Mondelēz International, Oschadbank, Mars, Nova Poshta, Nivea, TESA and others. The Kyiv metro was also subject to a hacker attack. Government computers of Ukraine, Auchan stores, Ukrainian operators (Kyivstar, LifeCell, UkrTeleCom), PrivatBank were attacked. Boryspil Airport was also allegedly subject to a hacker attack.
The virus spreads either as wannacry or through mailing lists - company employees opened malicious attachments in emails Email. As a result, the victim’s computer was blocked and the MFT (NTFS file table) was securely encrypted, explains a Group-IB representative. At the same time, the name of the ransomware program is not indicated on the lock screen, which complicates the process of responding to the situation. It is also worth noting that Petya uses a strong encryption algorithm and does not have the ability to create a decryption tool. The ransomware demands $300 in bitcoins. The victims have already started transferring money to the attackers’ wallet.
Group-IB specialists found that a recently modified version of the Petya ransomware, “PetrWrap,” was used by the Cobalt group to hide traces of a targeted attack on financial institutions. The Cobalt criminal group is known for successfully attacking banks around the world - Russia, Great Britain, the Netherlands, Spain, Romania, Belarus, Poland, Estonia, Bulgaria, Georgia, Moldova, Kyrgyzstan, Armenia, Taiwan and Malaysia. This structure specializes in contactless (logical) attacks on ATMs. In addition to ATM control systems, cybercriminals are trying to gain access to interbank transfer systems (SWIFT), payment gateways and card processing.
“A powerful hacker attack was carried out on the company’s servers. We hope this has nothing to do with ongoing legal proceedings. “In response to the cyber attack, the company contacted law enforcement agencies,” the company said in a statement.
A powerful hacker attack was carried out on the Company's servers. We hope this has nothing to do with ongoing legal proceedings.
— PJSC NK Rosneft (@RosneftRu) June 27, 2017
“According to our data, more than 80 companies in Russia and Ukraine were affected as a result of the attack using the Petya.A encryption virus,” said Valery Baulin, head of the Group-IB forensic laboratory.
Hackers attacked oil producers in the Khanty-Mansi Autonomous Okrug. All largest deposits“got up” because of the virus that spread on computers this morning subsidiaries"Rosneft". ALL of the company's assets came under attack, including Yuganskneftegaz, Samotlorneftegaz, and Varieganneftegaz. To understand: right at this second, the production of approximately every third ton of Russian oil is paralyzed.
Today seems to be another Internet doomsday. In addition to Rosneft/Bashneft, others were also attacked large companies. Problems have been reported at Mondelēz International, Oschadbank, Mars, Nova Poshta, Nivea, TESA and others.
The virus has been identified - it is Petya.A
