Rosneft's servers underwent a "powerful hacker attack," the company said. With a request to investigate this, she turned to law enforcement agencies.
Rosneft said that its servers were subjected to "powerful hacker attack." The company wrote about this on its Twitter.
On the fact of the cyberattack, the company turned to law enforcement agencies.
Rosneft spokesman Mikhail Leontyev told RBC that most of the company's servers have reliable protection and assured that the company is dealing with the consequences of a hacker attack on its system. He did not comment on its consequences for the operation of Rosneft filling stations.
Rosneft's computers were hit by a virus similar in effect to WannaCry, a law enforcement source told RBC. He added that the networks of Bashneft, controlled by Rosneft, were subjected to the same attack.
The press service of the Group-IB company, which investigates cybercrimes, told RBC that the hacker attack on a number of companies using the Petya ransomware virus is "very similar" to the attack that took place in mid-May using the WannaCry malware. Petya blocks computers and demands $ 300 in bitcoins in return.
“The attack took place at about 14.00. Judging by the photos, this is a Petya cryptolocker. The method of spreading in the local network is similar to the WannaCry virus, "- follows from the message of the press service of Group-IB.
Sources of Vedomosti add that all computers in the Bashneft refinery, Bashneft-Dobycha and Bashneft management "rebooted at once, after which they downloaded the uninstalled software and displayed the WannaCry virus splash screen." The publication notes that a message appeared on the screen of users with a proposal to transfer $ 300 in bitcoins to the specified address, after which a key to unlock computers will be sent to users by e-mail. It is also emphasized that the virus has encrypted all data on user computers.
RBC's source in Rosneft confirmed the information that a message with a virus appeared on the computer screens of the company's employees. In Bashneft, such a screen is displayed only on some computers. Bashneft also asked everyone to turn off their computers.
According to the company's press secretary, Rosneft and its subsidiaries are operating normally after the attack, TASS reports.
At the same time, an employee of one of the subsidiaries of Rosneft, which is engaged in offshore projects, said that computers were not turned off, screens with red text appeared, but not all employees. Nevertheless, the company collapsed, work was stopped. The interlocutors also note that all electricity was completely turned off at the Bashneft office in Ufa.
The fact that gas stations in many countries of the world are now connected to the network and will inevitably become objects of hacker attacks. Even worse, even in 2015, such systems could be discovered with minimal effort, using Shodan and other similar resources.
It seems that experts' predictions that such attacks will become commonplace in the future are beginning to come true. At the end of last week, the American television channel WJBK talked about a strange incident at a gas station in Detroit.
The incident took place on the afternoon of June 23, 2018. A pump came out of the control of a petrol station employee, which distributed free fuel to everyone for more than an hour and a half, since the system did not respond to any commands. More than ten car owners managed to take advantage of the strange glitch, refueling for a total of $ 1,800. After that, the gas station worker cut off the fuel supply using an "emergency kit" and then called the police.
Law enforcement agencies believe that the refueling systems were deliberately compromised using some kind of remote device. It is assumed that the device cut off the gas station employees from the control of the fuel pump and activated the free supply of gasoline. Currently, the police are checking cars and drivers who were caught in the lenses of CCTV cameras during the incident.
Apparently, law enforcement officers believe that the hacking was carried out for the sake of free gasoline. This theory may not be far from the truth, - WJBK journalists note in their report that even on YouTube you can find many detailed instructions on how to cheat modern gas stations and get free or very cheap gasoline.
The British edition, which also devoted a small note to the incident, reports that, according to information security specialists, a simple technical failure could have caused the incident. However, in addition to this, the publication also cites a commentary from a reader who has been engaged in technical support of gas stations for more than 10 years. He claims that the attackers could switch the pumps to debug mode, during the activation of which the gas station equipment really ceases to report the supply of fuel to the cash registers and actually works autonomously.
The specialist writes that he himself has a device capable of performing the same trick at most UK gas stations. According to him, manufacturers began to protect their equipment from such unauthorized connections relatively recently, since this industry is not very large, and passwords and specialized equipment rarely fall into the wrong hands.
The geography of attacks by the new ransomware virus that blocks computers and demands a ransom continues to expand. Networks in Europe, Asia, America are infected. The world's transport and energy giants were not insured. Experts, meanwhile, are wondering who launched the malicious protocol and why. Several cybersecurity experts said at once that the virus spread around the world with the update of the usual accounting program created by Ukrainian programmers. This partly explains why the Internet epidemic in Ukraine has taken on such a threatening scale.
Have arrived. Drivers in the Kostroma region. Many of them, on the last liters of gasoline, crawled to the nearest gas station. And we met a blank board and confused employees. Technical failure - the consequences of a virus attack. Another global cyber attack hit the Russian oil companies. Somewhere gas stations have already opened, but they only accept cash, somewhere the system has not yet been repaired.
“Yes, I wanted to refuel. I refueled at TNK in Ryazan yesterday, it was normal, others are also open. And TNK-ovskaya gas station in the Vladimir region is also closed, ”says driver Oleg Kudrov.
The main victims of the Petya malware are energy giants, banks, airports, government agencies, and the Danish company MAERSK, known for its port and shipping business. On the main page, a short text: Our electronic system has collapsed. We apologize and will try to fix everything as soon as possible.
“We cannot notify our employees at the terminals which containers they need to load on the ships; we cannot receive new applications from clients. We have no access to the information, as all applications have been removed. How long the data recovery will take is unclear, ”said Vincent Clerk, a spokesman for AP Moller-Maersk.
This is the fourth assault on the world's cyber bastions. And again the defense was broken through as if playfully. Almost all of Europe, America, Argentina, Israel, Australia, China were affected. According to media reports, hackers gained access to data from one of the US nuclear power plants. At the Indian international airport of Mumbai, the traffic control system went out of order - everything had to be done manually.
Most of all went to Ukraine, where it all began. In the air harbors of Kiev and Kharkov, passengers were also checked in manually. And this is footage of the Ukrainian news channel 24. While the hosts were talking about the virus live, the journalists watched behind the scenes as the malware infects one computer after another. At this time, the Kiev authorities traditionally found the extreme, accusing Russia. They stated that they took control of the situation and were ready to provide assistance.
“What kind of help? Look, they can't help themselves. They have, excuse me, please, the entire cabinet of ministers was knocked out. They are not able to help themselves. What help from them ?! We will deal with this problem ourselves, ”Vitaliy Kovach, editor-in-chief of the Ukrainian TV channel“ 24, ”commented on the situation.
Meanwhile, analysts have found out that the Petya virus is already outdated. On its basis, a mutant program has grown. A new wave of ransomware has infected two thousand computers around the world. Kaspersky Lab called the virus ExPetr. Only the roots of the whole family are the same - program codes developed by the US NSA. They were used in its predecessor, WannaCry, which hit more than 200,000 computers in dozens of countries in May.
“The virus is called ExPetr. This malware is much more dangerous because it encrypts files that are important for corporate users and for large companies: power plants, factories, and so on, ”said Yuri Namestnikov, head of the Russian research center at Kaspersky Lab.
However, the requirements for all attackers are the same - ransom. This time, 300 dollars in bitcoins, virtual currency. While analysts understand the true motives of massive attacks.
In May, the WannaCry ransomware infected more than 200,000 computers, but the hackers got less than $ 3,000. Now, judging by the e-wallet, only nine users across the planet have paid. So the language will not turn to call it ransomware viruses. Rather, they are programs that probe the weaknesses of large companies around the planet.
How will they make a fool of you for your own money.
Refueling every day at Rosneft gas stations, you do not realize which edge of the abyss you are walking on in the hope of the best. And so, on an ordinary day, which did not foreshadow anything unusual, he drove home along the Moscow Ring Road. The gas tank sensor lit a light bulb, and it was decided to taxi to the Rosneft gas station, which is located 5 km between Nosovikhinskoye and Ryazanskoye highways. MKAD. There were not many cars, so there was no special queue. After waiting in line for about five minutes, I drive up to the gas station, getting out of the car I hear the polite question of the refueller on duty “-Hello, which one ?? and how much ?? " Having given the answer, I calmly go into the room to the cash desks. After waiting for about four minutes, I hear the dispenser number from the cashier, pay, receive the check and calmly go back to the car, approaching, showing the check to the refueling tanker from the other side of the dispenser, receiving an approving nod and wishes for a pleasant road, getting into the car, starting it up, I get under way and ... Now the dear reader will ask what is all this for?And now the most interesting thing begins, moving away, I hear an incomprehensible sound from behind and looking in the side mirror, I understand that it's time to become a blonde, I see a torn off hose and a pistol sticking out, I get out of the car in bewilderment, I try to understand what happened, at this moment a refueller comes up , not much in a nervous state, convulsively inspecting the car for damage, well there were none, to be honest, the refueller's behavior turned out to be very polite, correct and adequate, he apologized, said that it was not my fault, and if the driver has no complaints, then I can go further. After standing for a while, coming to my senses, I got into the car, at this moment the senior of the shift flies up with demands to give him my documents for registration of the equipment breakdown act, when asked about my bewilderment, he said the following “-Since I smashed everything and try to hide”, leaving Having examined the cars again for damage, I told him that I had no complaints and did not understand what they wanted from me, I heard the reply: “Well, you broke our equipment, you are to blame for this!” the situation, I say it seems like the tanker had to pull out the pistol, to which I get: “- This is not so, you are to blame because you set off without making sure of the safety of the maneuver”, to my question what to do with all this, I get the answer: “- We will call the traffic police and draw up a protocol because it is considered an accident and you are to blame for this! ”, drove off, parked so as not to interfere with other cars and waited for the traffic police officers. I wrote a review for the book “Complaints and Suggestions”. The staff arrived 5 hours later. They gave a certificate that it was not my fault and to refuse to initiate an administrative case. You know, I can’t understand for sure whether I’m guilty or not, I have no complaints about the refueller, because he showed himself on the good side, but the actions of the “chiefs” of the gas station led me to a stupor, which prompted me to write this post. Do you think I am to blame for this situation?
The press service of the Group-IB company, which investigates cybercrimes, told RBC that the hacker attack on a number of companies using the Petya ransomware virus is "very similar" to the attack that took place in mid-May using the WannaCry malware. Petya blocks computers and demands $ 300 in bitcoins in return.
“The attack took place at about 14.00. Judging by the photos, this is a Petya cryptolocker. The method of spreading in the local network is similar to the WannaCry virus, "- follows from the message of the press service of Group-IB.
At the same time, an employee of one of the subsidiaries of Rosneft, which is engaged in offshore projects, said that computers were not turned off, screens with red text appeared, but not all employees. Nevertheless, the company collapsed, work was stopped. The interlocutors also note that all electricity was completely turned off at the Bashneft office in Ufa.
At 15:40 Moscow time, the official websites of Rosneft and Bashneft are inaccessible. The fact of the absence of a response can be confirmed on the resources for checking the server status. The website of the largest subsidiary of Rosneft, Yuganskneftegaz, also does not work.
The company later wrote on Twitter that the hacker attack could lead to "serious consequences." Despite this, production processes, production, oil treatment were not stopped due to the transition to a backup control system, the company explained.
At present, the Arbitration Court of Bashkiria has completed a meeting at which it considered the claim of Rosneft and its controlled Bashneft against AFK Sistema and Sistema-Invest for the recovery of 170.6 billion rubles, which, according to the oil company, “ Bashneft incurred losses as a result of the reorganization in 2014.
The representative of AFK Sistema asked the court to postpone the next meeting for a month so that the parties could get acquainted with all the petitions. The judge appointed the next meeting in two weeks - on July 12, noting that AFC has many representatives and they will cope within this period.
