Hacker attack at a TNK gas station. Rosneft reported a powerful hacker attack on its servers
The geography of attacks by a new encryption virus that blocks computers and demands ransom continues to expand. Networks in Europe, Asia, and America are infected. The world's transport and energy giants were not immune. Experts, meanwhile, are wondering who launched the malicious protocol and why. Several cybersecurity experts immediately said that the virus spread around the world with an update to a regular accounting program created by Ukrainian programmers. This partly explains why the Internet epidemic has reached such alarming proportions in Ukraine.
We've arrived. Drivers in the Kostroma region. Many of them crawled to the nearest gas station on their last liters of gasoline. And we were met with a darkened board and confused employees. Technical failure - consequences of a virus attack. Another global cyber offensive has hit Russian oil companies. In some places gas stations have already opened, but only accept cash; in others the system has not yet been repaired.
“Yes, I wanted to refuel. Yesterday I refueled at TNK in Ryazan, it was fine, others are also open. And the TNK gas station in the Vladimir region is also still closed,” says driver Oleg Kudrov.
The main victims of the malware called Petya are energy giants, banks, airports, government agencies, and the Danish company MAERSK, known for its port and shipping business. On the main page there is a short text: Our electronic system has collapsed. We apologize and will try to fix everything as soon as possible.
“We cannot notify our employees at the terminals what containers they need to load onto ships; We are unable to receive new requests from clients. We have no access to information since all applications have been deleted. It is unclear how long it will take to restore the data,” said AP Moller-Maersk spokesman Vincent Clerc.
This is already the fourth assault on the world's cyber bastions. And again they broke through the defense as if playfully. Almost all of Europe, America, Argentina, Israel, Australia, and China were affected. According to media reports, hackers gained access to data from one of the US nuclear power plants. At the Indian international airport of Mumbai, the cargo flow management system failed - everything had to be done manually.
Ukraine suffered the most, where it all began. At the airports of Kyiv and Kharkov, passengers were also registered manually. And this is footage of the work of the Ukrainian news channel 24. While the presenters were talking live about the virus, behind the scenes journalists watched how the malware infected one computer after another. At this time, the Kyiv authorities traditionally found the last resort, blaming Russia. They stated that they had taken control of the situation and were ready to provide assistance.
“What help? Look, they can't help themselves. Please excuse me, their entire cabinet of ministers was knocked out. They are not able to help themselves. What help are they?! We will deal with this problem ourselves,” commented the editor-in-chief of the Ukrainian TV channel “24” Vitaly Kovach.
Meanwhile, analysts found out that the Petya virus is already outdated. On its basis a mutant program grew. A new wave of ransomware has hit two thousand computers around the world. Kaspersky Lab named the virus ExPetr. Only the whole family has the same roots - program codes developed by the US NSA. They were used in the predecessor of WannaCry, which hit more than 200 thousand computers in dozens of countries in May.
“The virus is called ExPetr. This malware is much more dangerous because it encrypts files that are important for corporate users and large companies: power plants, factories, and so on,” said Yuri Namestnikov, head of the Russian research center at Kaspersky Lab.
However, all attackers have the same demands - ransom. This time, $300 is in Bitcoin, a virtual currency. While analysts are understanding the true motives behind the massive attacks.
In May, the WannaCry ransomware infected more than 200 thousand computers, but the hackers got less than three thousand dollars. Now, judging by the e-wallet, only nine users across the planet have paid. So it would be hard to call them ransomware viruses. Rather, they are programs that probe the weaknesses of large companies around the planet.
Rosneft servers were subject to a “powerful hacker attack,” the company reported. She contacted law enforcement agencies with a request to investigate this.
Rosneft said its servers were subject to a “powerful hacker attack.” The company wrote about this on its Twitter.
In response to the cyber attack, the company contacted law enforcement agencies.
Rosneft press secretary Mikhail Leontyev told RBC that most of the company’s servers have reliable protection, and assured that the company is dealing with the consequences of a hacker attack on its system. He did not comment on its consequences for the operation of Rosneft gas stations.
Rosneft’s computers were infected by a virus similar in its effect to WannaCry, a law enforcement source told RBC. He added that the networks of Bashneft, controlled by Rosneft, were subjected to the same attack.
The press service of Group-IB, which investigates cybercrimes, told RBC that the hacker attack on a number of companies using the Petya encryption virus was “very similar” to the attack that occurred in mid-May using the WannaCry malware. Petya blocks computers and demands $300 in bitcoins in return.
“The attack took place around 2 p.m. Judging by the photographs, this is the Petya cryptolocker. The method of distribution on the local network is similar to the WannaCry virus,” follows from the message from the Group-IB press service.
Vedomosti sources add that all computers at the Bashneft refinery, Bashneft-Dobycha and the Bashneft management “rebooted at once, after which they downloaded uninstalled software and displayed the WannaCry virus splash screen.” The publication notes that a message appeared on the users’ screen asking them to transfer $300 in bitcoins to the specified address, after which the users would be sent a key to unlock their computers by e-mail. It is also emphasized that the virus encrypted all data on user computers.
RBC's source in Rosneft confirmed the information that a message with a virus appeared on the computer screens of company employees. At Bashneft, such a screen is displayed only on some computers. Bashneft also asked everyone to turn off their computers.
According to the company's press secretary, Rosneft and its subsidiaries are operating as normal after the attack, TASS reports.
At the same time, an employee of one of the Rosneft subsidiaries, which is involved in offshore projects, says that the computers did not turn off, screens with red text appeared, but not for all employees. However, the company is collapsing and work has stopped. The interlocutors also note that all electricity was completely turned off at the Bashneft office in Ufa.
The press service of Group-IB, which investigates cybercrimes, told RBC that the hacker attack on a number of companies using the Petya encryption virus was “very similar” to the attack that occurred in mid-May using the WannaCry malware. Petya blocks computers and demands $300 in bitcoins in return.
“The attack took place around 2 p.m. Judging by the photographs, this is the Petya cryptolocker. The method of distribution on the local network is similar to the WannaCry virus,” follows from the message from the Group-IB press service.
At the same time, an employee of one of the Rosneft subsidiaries, which is involved in offshore projects, says that the computers did not turn off, screens with red text appeared, but not for all employees. However, the company is collapsing and work has stopped. The interlocutors also note that all electricity was completely turned off at the Bashneft office in Ufa.
At 15:40 Moscow time, the official websites of Rosneft and Bashneft are unavailable. The fact of no response can be confirmed on server status checking resources. The website of Rosneft’s largest subsidiary, Yuganskneftegaz, is also not working.
The company later tweeted that the hack could have led to “serious consequences.” Despite this, production processes, production, and oil preparation were not stopped due to the transition to a backup control system, the company explained.
Currently, the Arbitration Court of Bashkortostan has completed a meeting at which it considered the claim of Rosneft and its controlled Bashneft against AFK Sistema and Sistema-Invest for the recovery of 170.6 billion rubles, which, according to the oil company, “ Bashneft suffered losses as a result of reorganization in 2014.
A representative of AFK Sistema asked the court to postpone the next hearing for a month so that the parties have time to familiarize themselves with all the petitions. The judge scheduled the next meeting in two weeks - on July 12, noting that the AFC has many representatives and they will cope within this period.
The fact that gas stations in many countries around the world are now connected to the network and will inevitably become targets of hacker attacks. Worse, even in 2015, such systems could be discovered with minimal effort, using Shodan and other similar resources.
It seems that experts' predictions that such attacks will become commonplace in the future are beginning to come true. At the end of last week, the American TV channel WJBK talked about a strange incident at a gas station in Detroit.
The incident occurred on the afternoon of June 23, 2018. The gas station employee lost control of the pump, which was distributing free fuel to everyone for more than an hour and a half, since the system did not respond to any commands. More than ten car owners managed to take advantage of the strange glitch and refueled for a total of $1,800. Afterwards, the gas station worker stopped the fuel supply using an “emergency dial” and then called the police.
Law enforcement believes that the refueling systems were deliberately compromised using a remote device. It is assumed that the device cut off gas station employees from controlling the fuel pump and activated the free supply of gasoline. Police are currently checking the cars and drivers that were caught on CCTV during the incident.
Apparently, law enforcement officers believe that the hack was carried out for the sake of free gasoline. This theory may not be far from the truth - WJBK journalists note in their report that even on YouTube you can find many detailed instructions on how to deceive modern gas stations and get free or very cheap gasoline.
The British publication, which also devoted a short article to the incident, reports that, according to information security specialists, the cause of the incident could have been a simple technical failure. However, in addition to this, the publication also provides a comment from a reader who has been providing technical support to gas stations for more than 10 years. He claims that the attackers could switch the pumps to debug mode, during which the gas station equipment actually stops reporting fuel supply to cash register terminals and actually works autonomously.
The specialist writes that he himself has a device capable of performing the same trick at most British gas stations. According to him, manufacturers began to protect their equipment from such unauthorized connections relatively recently, since this industry is not very large, and passwords and specialized equipment rarely fall into the wrong hands.
How they will make a fool out of you for your own money.
When you fill up every day at Rosneft gas stations, you don’t realize what edge of the abyss you’re walking on, hoping for the best. And so, on an ordinary day, which did not foreshadow anything unusual, I was driving home along the Moscow Ring Road. The gas tank sensor turned on the light, and it was decided to taxi to the Rosneft gas station located between Nosovikhinskoye and Ryazanskoye highways at 5 km. Moscow Ring Road There weren't many cars, so there wasn't much of a queue. After waiting in line for about five minutes, I drive up to the gas station pump, getting out of the car I hear the polite question of the gas station attendant, “Hello, what??” and for how long??” Having given the answer, I calmly go into the room to the cash registers. After waiting about four minutes, I hear the pump number spoken by the cashier, I pay, receive a check and calmly go back to the car, approaching, I show the check to the gas attendant who is filling up another car from the back of the pump, I receive an approving nod and wishes for a pleasant journey, I get into the car, start it, I start moving and... Now the dear reader will ask, what is all this for??And now the most interesting thing begins, as I’m driving away, I hear an incomprehensible sound from behind and looking in the side mirror, I understand that it’s time to become a blonde, I see a torn off hose and a sticking gun, I get out of the car in bewilderment, trying to understand what happened, at that moment the gas station attendant approaches , not much in a nervous state, frantically inspected the car for damage, there was none, to be honest, the behavior of the fuel attendant turned out to be very polite, correct and adequate, he apologized, said that it was not my fault, and if the driver had no complaints, then I can move on. After standing for a while, coming to my senses, I got into the car, at that moment the shift manager flies up demanding that I give him my documents to draw up an equipment breakdown report. When asked about my bewilderment, he said the following: “Because I destroyed everything and am trying to hide,” leaving Having inspected the cars again for damage, I told him that I had no complaints and didn’t understand what they wanted from me, I heard the remark: “Well, you broke our equipment, it’s your fault!”, after standing for a while, trying to understand situation, I say it’s like the tanker had to pull out a pistol, to which I get: “- This is not so, you are to blame because you set off without making sure that the maneuver was safe,” to my question what to do now with all this, I get the answer: “- We’ll call the traffic police and draw up a report since this is considered an accident and you are to blame for it!”, drove off, parked so as not to interfere with other cars and began to wait for the traffic police officers. I wrote a review for the book “Complaints and Suggestions.” The employees arrived after 5 hours. They gave me a certificate that I was not guilty and refused to initiate an administrative case. You know, I can’t understand for sure whether I’m guilty or not, I don’t have any complaints against the gas station attendant, since he showed himself to be good, but the actions of the “bosses” of the gas station left me in a stupor, which prompted me to write this post. Do you think I am to blame for this situation?