How Rosneft gas stations will make a fool out of you. Rosneft reported a powerful hacker attack on its servers Hacker attack on gas stations rosneft
How they will make a fool out of you for your own money.
Refueling every day at Rosneft gas stations, you don’t realize which edge of the abyss you are walking on in the hope of the best. And so, on an ordinary day, which did not portend anything unusual, he drove home along the Moscow Ring Road. The gas tank sensor turned on the light, and it was decided to taxi to the Rosneft gas station, located between Nosovikhinsky and Ryazan highways for 5 km. mkad. There weren't many cars, so there wasn't much of a queue. After waiting in line for about five minutes, I drive up to the gas station column, getting out of the car I hear the polite duty question of the tanker “- Hello, what ?? and for how much??” having given the answer, I calmly go to the room to the cash registers. After waiting about four minutes, I hear the dispenser number from the cashier, I pay, I receive a check and calmly go back to the car, coming up, I show the check to the gas station attendant who fills up another car from the back of the dispenser, I receive an approving nod and wishes for a pleasant road, I get into the car, start it up, I get under way and… Now the dear reader will ask what is all this for??And now the fun begins, starting off, I hear an incomprehensible sound from behind and looking in the side mirror, I understand that it's time to become a blonde, I see a torn hose and a protruding gun, I get out of the car in bewilderment, I try to understand what happened, at that moment a tanker comes up , not much in a nervous state, convulsively examining the car for damage, well, there were none, to be honest, the behavior of the tanker turned out to be very polite, correct and adequate, he apologized, said that it was not my fault, and if the driver had no complaints, then I can go further. After standing for a while, coming to my senses, I get into the car, at that moment the shift supervisor flies up with demands to give him my documents for processing the act of equipment breakdown, when asked about my bewilderment, he said the following “-Since I smashed everything and try to hide”, leaving having inspected the machines again for damage, I told him that I had no complaints and did not understand what they wanted from me, I heard a remark: “Well, you broke our equipment, you are to blame for this!”, after standing for a while, trying to understand situation, I say it seems like the tanker should have pulled out a pistol, to which I get: “- This is not so, you are to blame because you set off without making sure that the maneuver was safe”, to my question what to do with all this now, I get the answer: “We will call the traffic police and draw up a protocol since this is considered an accident and you are to blame for this!”, drove off, parked so as not to interfere with other cars and began to wait for the traffic police. Wrote a review in the book "Complaints and Suggestions". The staff arrived 5 hours later. They gave me a certificate that I was not guilty and refused to initiate an administrative case. You know, I can’t understand for sure whether I’m guilty or not, I have no complaints about the tanker, because he showed himself on the good side, but the actions of the “heads” of the gas station led me into a stupor, which prompted me to write this post. Do you think I am to blame for this situation?
Rosneft's servers were subjected to a "powerful hacker attack," the company said. She asked law enforcement agencies to investigate this.
Rosneft said that its servers were subjected to a "powerful hacker attack." The company wrote about this on its Twitter.
Upon the fact of the cyber attack, the company turned to law enforcement agencies.
Rosneft spokesman Mikhail Leontiev told RBC that most of the company's servers have reliable protection, and assured that the company is dealing with the consequences of a hacker attack on its system. He did not comment on its consequences for the operation of Rosneft filling stations.
Rosneft computers were hit by a virus similar in action to WannaCry, a law enforcement source told RBC. He added that the networks of Rosneft-controlled Bashneft were subjected to the same attack.
The press service of the Group-IB company, which investigates cybercrime, told RBC that a hacker attack on a number of companies using the Petya encryption virus is “very similar” to the attack that occurred in mid-May using the WannaCry malware. Petya blocks computers and demands $300 in bitcoins in return.
“The attack took place around 2:00 pm. Judging by the photos, this is a Petya cryptolocker. Distribution method in local network similar to the WannaCry virus,” follows from the press service of Group-IB.
Vedomosti sources add that all computers in the Bashneft refinery, Bashneft-Dobycha and Bashneft management "rebooted at once, after which they downloaded an uninstalled software and displayed the splash screen of the WannaCry virus. The publication notes that a message appeared on the screen of users with a proposal to transfer $ 300 in bitcoins to the specified address, after which a key to unlock computers will be sent to users by e-mail. It is also emphasized that the virus encrypted all data on user computers.
RBC's source in Rosneft confirmed the information that a message with a virus appeared on the computer screens of the company's employees. In Bashneft, such a screen is displayed only on a part of the computers. Bashneft also asked everyone to turn off their computers.
According to a spokesman for the company, Rosneft and its subsidiaries are operating normally after the attack, TASS reports.
At the same time, an employee of one of the "daughters" of Rosneft, which is engaged in offshore projects, says that computers were not turned off, screens with red text appeared, but not all employees. Nevertheless, the company collapsed, work was stopped. The interlocutors also note that all electricity was completely turned off at the Bashneft office in Ufa.
The geography of attacks by a new encryption virus that blocks computers and demands a ransom continues to expand. Networks in Europe, Asia, America are infected. The world giants of transport and energy were not insured. Meanwhile, experts are wondering who launched the malicious protocol and why. Several cybersecurity experts immediately stated that the virus spread around the world with an update to the usual accounting program created by Ukrainian programmers. This partly explains why the Internet epidemic in Ukraine has taken on such rampant proportions.
We've arrived. Drivers in the Kostroma region. Many of them on the last liters of gasoline crawled to the nearest gas station. And they met an extinguished scoreboard and confused employees. Technical failure - the consequences of a virus attack. Another global cyber offensive has hit Russian oil companies. Some gas stations have already opened, but they only accept cash, somewhere the system has not yet been fixed.
“Yes, I wanted to refuel. I refueled at TNK in Ryazan yesterday, it was fine, others are also open. And the TNK gas station in the Vladimir region is also still closed,” says driver Oleg Kudrov.
The main victims of the malware called Petya are energy giants, banks, airports, government agencies, the Danish company MAERSK, known for its port and shipping business. Short text on the main page: Our electronic system collapsed. We apologize and will try to fix it as soon as possible.
“We cannot notify our employees at the terminals which containers they need to load onto ships; can't get new orders from customers. We do not have access to the information as all applications have been removed. It is not clear how long data recovery will take,” said Vincent Klerk, a spokesman for AP Moller-Maersk.
This is the fourth assault on the world's cyberbastions. And again, the defense was broken as if effortlessly. Almost all of Europe, America, Argentina, Israel, Australia, China suffered. According to media reports, hackers gained access to the data of one of the US nuclear power plants. At the Indian Mumbai International Airport, the cargo flow control system failed - everything had to be done manually.
Most of all went to Ukraine, where it all began. In the air harbors of Kyiv and Kharkov, passengers were also registered manually. And this is footage from the Ukrainian news channel 24. While the hosts were talking about the virus live, behind the scenes, journalists watched the malware infect one computer after another. At this time, the Kiev authorities have traditionally found the extreme, blaming Russia. They said they had the situation under control and were ready to help.
“What kind of help? Look, they can't help themselves. Excuse me, please, they have the entire Cabinet of Ministers knocked out. They are unable to help themselves. What help do they have? We will deal with this problem ourselves,” Vitaliy Kovach, editor-in-chief of the Ukrainian TV channel 24, commented on the situation.
Meanwhile, analysts have found out that the Petya virus is already outdated. On its basis, a mutant program has grown. New wave ransomware hit 2,000 computers worldwide. Kaspersky Lab named the virus ExPetr. Only the roots of the whole family are the same - program codes developed by the US NSA. They were used in the predecessor of WannaCry, which hit more than 200,000 computers in dozens of countries in May.
“The virus is called ExPetr. This malware is much more dangerous because it encrypts files that are important for corporate users and large companies: power plants, factories, and so on,” said Yury Namestnikov, head of the Russian research center at Kaspersky Lab.
However, the demands of all attackers are the same - a ransom. This time $300 in bitcoin, the virtual currency. While analysts understand the true motives of massive attacks.
In May, the WannaCry ransomware infected more than 200,000 computers, but the hackers got less than $3,000. Now, judging by the e-wallet, only nine users across the planet have paid. So the language will not turn to call it ransomware. Rather, programs that probe the weaknesses of large companies around the planet.
The fact that gas stations in many countries of the world now have a network connection and will inevitably become targets of hacker attacks. Worse, even in 2015, such systems could be discovered with minimal effort, with the help of Shodan and other similar resources.
It seems that experts' predictions that such attacks will become commonplace in the future are starting to come true little by little. At the end of last week, the American TV channel WJBK told about a strange incident at a gas station in Detroit.
The incident took place on the afternoon of June 23, 2018. The pump went out of control of the gas station employee, which distributed free fuel to everyone for more than an hour and a half, since the system did not respond to any commands. More than ten car owners managed to take advantage of a strange failure, who refueled a total of 1,800 US dollars. After that, the gas station worker still stopped the fuel supply using the "emergency dial" and then called the police.
Law enforcement believes that the fueling systems were deliberately compromised by some remote device. It is assumed that the device cut off the control of the fuel pump by the employees of the gas station and activated the free supply of gasoline. Police are currently checking cars and drivers who were caught on CCTV cameras during the incident.
Apparently, law enforcement officers believe that the break-in was carried out for the sake of free gasoline. This theory may not be far from the truth - WJBK journalists note in their report that even on YouTube you can find many detailed instructions to cheat modern gas stations and get free or very cheap gasoline.
The British publication, which also devoted a short note to the incident, reports that, according to information security specialists, a simple technical failure could also be the cause of the incident. However, in addition to this, the publication also provides a comment from a reader who has been engaged in technical support for gas stations for more than 10 years. He claims that the attackers could switch the pumps to debug mode, during which the gas station equipment really stops reporting the fuel supply to the cash terminals and actually works autonomously.
The specialist writes that he himself has a device capable of performing the same trick at most British gas stations. According to him, manufacturers have begun to protect their equipment from such unauthorized connections relatively recently, since this industry is not very large, and passwords and specialized equipment rarely fall into the wrong hands.
The press service of the Group-IB company, which investigates cybercrime, told RBC that a hacker attack on a number of companies using the Petya encryption virus is “very similar” to the attack that occurred in mid-May using the WannaCry malware. Petya blocks computers and demands $300 in bitcoins in return.
“The attack took place around 2:00 pm. Judging by the photos, this is a Petya cryptolocker. The method of distribution in the local network is similar to the WannaCry virus, ”the Group-IB press service says.
At the same time, an employee of one of the "daughters" of Rosneft, which is engaged in offshore projects, says that computers were not turned off, screens with red text appeared, but not all employees. Nevertheless, the company collapsed, work was stopped. The interlocutors also note that all electricity was completely turned off at the Bashneft office in Ufa.
As of 15:40 Moscow time, the official websites of Rosneft and Bashneft are unavailable. The fact of the absence of a response can be confirmed on the resources of checking the status of the server. The site of the largest subsidiary of Rosneft, Yuganskneftegaz, is also not working.
The company later wrote on its Twitter that the hacker attack could have led to "serious consequences." Despite this, production processes, production, oil preparation were not stopped due to the transition to a backup control system, the company explained.
Currently, the Arbitration Court of Bashkiria has completed a meeting at which it considered the claim of Rosneft and Bashneft controlled by it against AFK Sistema and Sistema-Invest for the recovery of 170.6 billion rubles, which, according to the oil company, " Bashneft suffered losses as a result of reorganization in 2014.
The representative of AFK Sistema asked the court to postpone the next meeting for a month so that the parties could familiarize themselves with all the petitions. The judge appointed the next meeting in two weeks - on July 12, noting that the AFC has many representatives and they will cope within this period.