Petya in Rosneft: the oil company complained about a powerful hacker attack. The hacker attack did not lead to serious consequences - “Rosneft Rosneft was subjected to hacker

The Rosneft company complained about a powerful hacker attack on its servers. The company announced this in its Twitter. “A powerful hacker attack was carried out on the company's servers. We hope that this has nothing to do with the current judicial procedures,” the message says.

“In fact of the cyber attack, the company turned to law enforcement agencies,” says in the message. The company emphasized that a hacker attack could have led to serious consequences, but "due to the fact that the company switched to a backup process control system, neither production nor oil preparation was stopped." An interlocutor of the Vedomosti newspaper, close to one of the company's structures, indicates that all computers at the Bashneft refinery, Bashneft-Dobycha and the Bashneft administration "rebooted at once, after which they downloaded uninstalled software and displayed the virus splash screen WannaCry.

On the screen, users were asked to transfer $300 in bitcoins to the specified address, after which users would supposedly be sent a key to unlock computers by e-mail. The virus, judging by the description, encrypted all data on user computers.

Group-IB, which focuses on preventing and investigating cybercrime and fraud, has identified a virus that hit an oil company, the company told Forbes. We are talking about the Petya encryption virus, which attacked not only Rosneft. Group-IB specialists. found out that about 80 companies in Russia and Ukraine were attacked: the networks of Bashneft, Rosneft, the Ukrainian companies Zaporozhyeoblenergo, Dneproenergo and the Dnieper Electric Power System, Mondelēz International, Oschadbank, Mars, New Post, Nivea, TESA and others. The Kyiv metro was also subjected to a hacker attack. Ukrainian government computers, Auchan stores, Ukrainian operators (Kyivstar, LifeCell, UkrTeleCom), PrivatBank were attacked. Boryspil Airport is also believed to have been hacked.

The virus spreads either as wannacry or via mailing list - company employees opened malicious attachments in e-mails. As a result, the victim's computer was blocked and the MFT (NTFS file table) was securely encrypted, a Group-IB representative explains. At the same time, the name of the encryptor program is not indicated on the lock screen, which complicates the process of responding to the situation. It is also worth noting that Petya uses a strong encryption algorithm and there is no way to create a decryption tool. The ransomware demands $300 in bitcoins. The victims have already begun to transfer money to the purse of the attackers.

Group-IB experts have determined that a recently modified version of the Petya ransomware, PetrWrap, was used by the Cobalt group to hide traces of a targeted attack on financial institutions. The criminal group Cobalt is known for having successfully attacked banks around the world - Russia, Great Britain, the Netherlands, Spain, Romania, Belarus, Poland, Estonia, Bulgaria, Georgia, Moldova, Kyrgyzstan, Armenia, Taiwan and Malaysia. This structure specializes in contactless (logical) attacks on ATMs. In addition to ATM management systems, cybercriminals are trying to gain access to interbank transfer systems (SWIFT), payment gateways and card processing.

“A powerful hacker attack was carried out on the company's servers. We hope this has nothing to do with the current legal proceedings. Upon the fact of the cyber attack, the company turned to law enforcement agencies,” the company said in a statement.

“According to our data, more than 80 companies in Russia and Ukraine suffered as a result of the attack using the Petya.A encryption virus,” said Valery Baulin, head of the Group-IB forensic laboratory.

Hackers attacked oil producers in Khanty-Mansi Autonomous Okrug. All the largest oilfields have "stood up" because of the virus that spread this morning on the computers of Rosneft subsidiaries. ALL assets of the company fell under the attack, including Yuganskneftegaz, Samotlorneftegaz, Varyoganneftegaz. For understanding: right at this second, the production of approximately every third ton of Russian oil is paralyzed.

Today seems to be another doomsday of the Internet. In addition to Rosneft/Bashneft, other large companies were also attacked. Problems are reported at Mondelēz International, Oschadbank, Mars, Nova Poshta, Nivea, TESA and others.

Virus identified - it's Petya.A

The Rosneft company commented on a hacker attack with a ransomware virus on the company's computers.

A hacker attack could lead to serious consequences, however, due to the fact that the Company switched to a backup production process control system, neither production nor oil treatment was stopped, Rosneft reported. - Spreaders of false panic messages will be considered as accomplices of the organizers of the hacker attack and will be held liable together with them.

Thus, Bashneft, which is part of the company, also continues to operate as usual.

Recall that the global attack of the ransomware virus yesterday, June 27, hit the IT systems of companies in several countries around the world, affecting Ukraine to a greater extent. The computers of oil, energy, telecommunications, pharmaceutical companies, as well as government agencies were attacked. The attack began at about 13.00 Ufa time.

The distribution method in the local network is similar to the WannaCry virus, RIA Novosti reports.

Yesterday, Rosneft also reported that its servers were subjected to a powerful hacker attack, in connection with which the company turned to law enforcement agencies. In addition, Evraz information systems were subjected to a hacker attack. The Bank of Russia stated that it had identified hacker attacks aimed at the systems of Russian credit institutions; as a result of these attacks, single cases of infection of information infrastructure objects were recorded. At the same time, there were no violations of the operation of banks' systems and violations of the provision of services to customers.

The head of Bashkiria, Rustem Khamitov, in an interview with the Rossiya 24 TV channel, said that the hacker attack did not lead to serious consequences in the republic.

We have a regular situation at the enterprises of the republic, everything is working fine,” he said. - Businesses do not feel the effects of these hacker attacks in any way. Maybe because preventive measures were taken at the Rosneft level.

Today RIA Novosti spoke about how to protect yourself from the virus.

Russian technology investor, IT expert Denis Cherkasov told the agency that one of the most reliable methods of protection against viruses is the correct actions of company employees, namely, ignoring suspicious letters and especially requests to click on links.

Otherwise, the virus can grow like a snowball, thanks to such “harmless” actions, Cherkasov emphasized.

Therefore, according to him, when thinking over the tactics of protecting a business, first of all, it is necessary to conduct trainings on simple cybersecurity rules for the team.

Secondly, even the most modern protection systems need regular updates in order not to be hit by new virus software.

Thirdly, system integrity monitoring systems are needed to be able to detect the spread of a virus in a computer network before it begins its malicious action.

To ensure security, Kaspersky Lab also recommends that its users make sure that the security solution is enabled and uses up-to-date virus databases, that it is connected to the KSN cloud system and system monitoring (System Watcher) is activated.

As an additional measure, using the AppLocker function, you can prohibit the execution of a file called perfc.dat, as well as block the launch of the PSExec utility from the Sysinternals package, the company advised.

The press service of Group-IB, which investigates cybercrime, told RBC that a hacker attack on a number of companies using the Petya encryption virus is “very similar” to the attack that occurred in mid-May using the WannaCry malware. Petya blocks computers and demands $300 in bitcoins in return.

“The attack took place around 2:00 pm. Judging by the photos, this is a Petya cryptolocker. The method of distribution in the local network is similar to the WannaCry virus, ”the Group-IB press service says.

At the same time, an employee of one of the "daughters" of Rosneft, which is engaged in offshore projects, says that computers were not turned off, screens with red text appeared, but not for all employees. Nevertheless, the company collapsed, work was stopped. The interlocutors also note that all electricity was completely turned off at the Bashneft office in Ufa.

As of 15:40 Moscow time, the official websites of Rosneft and Bashneft are unavailable. The fact of the absence of a response can be confirmed on the resources of checking the status of the server. The site of the largest subsidiary of Rosneft, Yuganskneftegaz, is also not working.

The company later wrote on its Twitter that the hacker attack could have led to "serious consequences." Despite this, production processes, production, oil treatment were not stopped due to the transition to a backup control system, the company explained.

Currently, the Arbitration Court of Bashkiria has completed a meeting at which it considered the claim of Rosneft and Bashneft controlled by it against AFK Sistema and Sistema-Invest for the recovery of 170.6 billion rubles, which, according to the oil company, " Bashneft suffered losses as a result of reorganization in 2014.

The representative of AFK Sistema asked the court to postpone the next meeting for a month so that the parties could familiarize themselves with all the petitions. The judge appointed the next meeting in two weeks - on July 12, noting that the AFC has many representatives and they will cope within this period.