WPP has been subject to an apparent global cyber attack with reports of systems crashing and ransom demands.
Several of WPP’s agencies including GroupM, MediaCom, JWT and Y&R are thought to be affected by the attack, which began this afternoon (27 June).
Mary Heather, senior director at WPP-owned agency Burson-Marsteller, confirmed the attack on Twitter saying the agency had “no access to technology”.
In an email sent to WPP agencies, seen by The Drum, staff have been told that it is affecting all "Windows servers, PCs and laptops" and all Windows machines "must be turned off and disconnected immediately until further notice" while it investigates.
The Drum has attempted to contact a number of WPP representatives but was awaiting comment at the time of writing. WPP confirmed via Twitter that an attack had taken place and said it will update ASAP.
A spokesperson later provided The Drum with a statement to the same effect: "IT systems in several WPP companies have been affected by a suspected cyber attack. We are assessing the situation, taking appropriate measures and will update as soon as possible."
WPP’s main website has also been affected and is currently down at the time of writing this article.
WPP is not the only company thought to be impacted. The Ukrainian central bank, Russian oil producer Rosneft and Danish shipping company Maersk have all reported disruption as a result of a ransomware attack earlier today. Mondelez International also may have been affected by the same attack. Spokesperson for the company, Heidi Hauer, said: "I can confirm that our employees are experiencing difficulties in various geographies. We are investigating the issue."
Cyber security firm Symanec confirmed that the attack is a new strain of 'Petya' ransomware that was used in last month's WannaCry attack that affected more than 230,000 computers in over 150 countries, including the NHS.
Symantec analysts have confirmed #Petya#ransomware, like #WannaCry, is using #EternalBlue exploit to spread — Security Response (@threatintel) June 27, 2017
Andrew Stuart, managing director EMEA of Datto, a disaster recovery business, said: “As details emerge from this latest outbreak, we see again that preventative security measures are continuing to fail at stopping ransomware before it can cripple business networks.
"Although vulnerability scanning and anti-virus is an important measure in catching and blocking known strains, new ones – in this case rumoured to be related to ‘Petya’ – can pass through defences undetected before wreaking havoc.
"The only way to truly mitigate the impact of ransomware is by having a multi-layered approach that includes data backup. Organisations should take regular snapshots of their systems in order to quickly return them to a ‘healthy’ point before the ransomware took hold. This has a twofold benefit of reducing any downtime, while meaning that firms don’t have to give in to the attackers’ demands."
“Organisations of all sizes need to educate users about the dangers of phishing emails – which is the typical ransomware infection method – helping them to spot and contain malicious emails before outbreaks can spread.”
More information will be posted here as the story unfolds.