Swiss advertising conglomerate Admeira and six other Swiss companies are among those who fell victim to the latest global cyberattack demanding payment in Bitcoin in exchange for the return of hacked files and computer systems.
According to Admeira Head of Communications Romi Hofer, the first sign that something was wrong was when “screens went blank” at the company on Tuesday afternoon.
“There were some letters coming up [on the screen] and it seemed like a software update or something, but then nothing happened,” she recalls. “We called our help desk and they told us we might have been hit by a cyber-attack.”
Admeira is Switzerland’s largest advertising and marketing company formed through a partnership among telecom carrier Swisscom, private media brand Ringier and the Swiss Broadcasting Corporation (swissinfo.ch’s parent company). As of Wednesday morning, Admeira’s website was down and its team had been told not to use their computers anymore while specialists “prioritise and analyse” how to react, Hofer said.
Ransom in Bitcoin
The hackers are holding the hacked companies’ computers for ransom until they receive a payment of $300 (CHF290) in Bitcoin. They demand that payment be made into a single account and that payment confirmation be sent via e-mail. However, e-mail provider Posteo revoked access to the e-mail account named in the attack, making it pointless for companies to pay ransom. As of Wednesday morning, some 40 payments had been made to the hackers’ account. Experts believe that attackers launched the virus to sow chaos and not to make a profit.
The Russian IT security firm Kaspersky reported some 2,000 incidences of the same attack, most of them in Russia and Ukraine but also in Switzerland, Poland, Italy, Britain, France and the United States.
Admeira is one of seven companies in Switzerland to have been hacked, according to the Swiss government’s Reporting and Analysis Centre for Information Assurance (MELANI), but was the only one to have publicly reported it via Twitter.
Security experts are divided over whether the attack is a variant of the so-called “Petya” virus which locks computers and demands ransom. In the past, these Trojan viruses have gained access to computers via outdated Windows software, as was also the case with the recent global “WannaCry” attack. A spokesman for MELANI said the agency is analysing the virus but cannot provide details, while Kaspersky analysts believe the virus is not Petya but a new software disguised as such.
Worldwide, companies hit by the attack include the Russian oil company Rosneft, the US pharmaceutical company MSD/Merck, the French railways SNCF, German cosmetics company Beiersdorf, Danish shipper Maersk and food company Mondelez.
Admeira spokeswoman Hofer said that her company will be able to proceed as normal for the next few days because those advertising slots have already been booked. However, after that point, they are “not sure how things will continue”.