Moscow/Kiev/Washington - A major global
cyber attack disrupted computers at Russia's biggest oil
company, Ukrainian banks and multinational firms with a virus
similar to the ransomware that infected more than 300 000
computers last month .
The rapidly spreading cyber extortion campaign, which began
on Tuesday, underscored growing concerns that businesses have
failed to secure their networks from increasingly aggressive
hackers, who have shown they are capable of shutting down
critical infrastructure and crippling corporate and government
networks.
Businesses in the Asia-Pacific region reported some
disruptions on Wednesday with the operations of several European
companies hit, including India's largest container port,
although the impact on companies and governments across the
wider region appeared to be limited.
The ransomware virus includes code known as "Eternal Blue",
which cyber security experts widely believe was stolen from the
US National Security Agency (NSA) and was also used in last
month's ransomware attack, named "WannaCry".
"Cyber attacks can simply destroy us," said Kevin Johnson,
chief executive of cyber security firm Secure Ideas. "Companies
are just not doing what they are supposed to do to fix the
problem."
The virus crippled computers running Microsoft Corp's
Windows by encrypting hard drives and overwriting
files, then demanded $300 in bitcoin payments to restore access.
More than 30 victims paid into the bitcoin account associated
with the attack, according to a public ledger of transactions
listed on blockchain.info.
Microsoft said the virus could spread through a flaw that
was patched in a security update in March.
"We are continuing to investigate and will take appropriate
action to protect customers," a spokesman for the company said,
adding that Microsoft antivirus software detects and removes it.
AUSTRALIA, INDIA HIT
Operations at one of the three terminals of Jawaharlal Nehru
Port (JNPT) in Mumbai, India's largest container port, were
disrupted.
The impacted terminal is operated by Danish shipping giant
AP Moller-Maersk, which also reported disruptions
in Los Angeles. JNPT chairman Anil Diggikar told Reuters the
port has been trying to clear containers manually and is
operating at about a third of its capacity.
India-based employees at Beiersdorf, makers of Nivea skin
care products, and Reckitt Benckiser, which owns Enfamil
and Lysol, told Reuters the ransomware attack had affected some
of their systems.
In Australia, a Cadbury chocolate factory was hit, a trade
union official said. Production at the Hobart factory on the
island state of Tasmania ground to a halt late on Tuesday after
computer systems went down.
Cadbury owner Mondelez International Inc said in a
statement overnight staff in various regions were experiencing
technical problems but it was unclear whether this was due to a
cyber attack.
Cybersecurity firms Kaspersky Lab and FireEye Inc
told Reuters they had detected attacks in other Asia-Pacific
countries but did not provide details.
Globally, Russia and Ukraine were most affected by the
thousands of attacks, according to Kaspersky Lab, with other
victims spread across countries including Britain, France,
Germany, Italy, Poland and the United States. The total number
of attacks was unknown.
Security experts said they expected the impact to be smaller
than WannaCry because many computers had been patched with
Windows updates in the wake of the WannaCry ransom attack last
month to protect them against attacks using Eternal Blue code.
Still, the attack could be more dangerous than traditional
strains of ransomware because it makes computers unresponsive
and unable to reboot, Juniper Networks said in a blog
post analysing the attack.
Other security experts said they did not believe that the
ransomware released on Tuesday had a "kill switch", meaning that
it might be harder to stop than WannaCry was last month.
Researchers said the attack may have borrowed malware code
used in earlier ransomware campaigns known as "Petya" and
"GoldenEye".
Following last month's attack, governments, security firms
and industrial groups aggressively advised businesses and
consumers to make sure all their computers were updated with
Microsoft patches to defend against the threat.
The US Department of Homeland Security said it was
monitoring the attacks and coordinating with other countries. It
advised victims not to pay the extortion, saying that doing so
did not guarantee access would be restored.
'DON'T WASTE YOUR TIME'
The White House National Security Council said in a
statement there was currently no risk to public safety. The
United States was investigating the attack and determined to
hold those responsible accountable, it said.
The NSA did not respond to a request for comment. The spy
agency has not said publicly whether it built Eternal Blue and
other hacking tools leaked online by an entity known as Shadow
Brokers.
Several private security experts have said they believe
Shadow Brokers is tied to the Russian government, and that the
North Korean government was behind WannaCry. Both countries'
governments deny charges they are involved in hacking.
The first attacks were reported from Russia and Ukraine.
Russia's Rosneft, one of the world's biggest crude
producers by volume, said its systems had suffered "serious
consequences" but said oil production had not been affected
because it switched over to backup systems.
Ukrainian Deputy Prime Minister Pavlo Rozenko said the
government's computer network went down and the central bank
reported disruption to operations at banks and firms, including
the state power distributor.
WPP, the world's largest advertising agency, said it
was also infected. A WPP employee who asked not to be identified
said workers were told to shut down their computers. "The
building has come to a standstill," the employee said.
A Ukrainian media company said its computers were blocked
and had received the ransom demand.
"Perhaps you are busy looking for a way to recover your
files, but don't waste your time. Nobody can recover your files
without our decryption service," the message said, according to
a screenshot posted on Ukraine's Channel 24.
Russia's central bank said there were isolated cases of
lenders' IT systems being infected. One consumer lender, Home
Credit, had to suspend client operations.