A new cyber virus spread from Ukraine to wreak havoc around the globe on Wednesday, crippling thousands of computers, disrupting ports from Mumbai to Los Angeles and halting production at a chocolate factory in Australia.
Eric Acuhard, Jack Stubbs and Alessandra Prentice of Reuters had the news:
The virus is believed to have first taken hold on Tuesday in Ukraine where it silently infected computers after users downloaded a popular tax accounting package or visited a local news site, national police and international cyber experts said.
More than a day after it first struck, companies around the world were still wrestling with the fallout while cyber security experts scrambled to find a way to stem the spread.
Danish shipping giant A.P. Moller-Maersk said it was struggling to process orders and shift cargoes, congesting some of the 76 ports around the world run by its APM Terminals subsidiary.
U.S. delivery firm FedEx Corp said its TNT Express division had been significantly affected by the virus, which also wormed its way into South America, affecting ports in Argentina operated by China’s Cofco.
The malicious code locked machines and demanded victims post a ransom worth $300 in bitcoins or lose their data entirely, similar to the extortion tactic used in the global WannaCry ransomware attack in May.
Sonam Sheth of Business Insider reported that the same person may be behind earlier attacks:
Ransomware attacks typically lock users out of their computer systems until they pay a ransom.
Analysts, however, have cast doubt on the notion that Tuesday’s attack was carried out in an attempt to make money, because it’s unlikely that the actor or actors behind it will recoup any investment from their efforts.
The hackers behind a crippling cyberattack carried out in May, dubbed WannaCry, made about $50,000 worth of the bitcoin cryptocurrency.
“The numbers just don’t work,” McGeorge said. WannaCry’s accumulation, he said, was “a pittance when you’re talking about nation-state levels.”
And it’s likely that Tuesday’s attack will yield even less than that.
The attack was carried out using an email address that was taken down within the first day of the infection occurring. That, McGeorge said, proved “there was never a chance that someone was going to be able to cash in on this.”
Security firm Kaspersky Lab said the attack has hit around 2,000 computers so far in around a dozen countries. The most affected organisations are located in Russia and the Ukraine, with systems in the UK, Germany, France, Italy, the US and Poland also hit.
The researchers confirmed that one of the ways the virus spread was using the Eternal Blue tool, but that there are likely other ways too.
The company added that the ransomware might not be a variation of Petya but a new strain of the virus.
“Kaspersky Lab’s analysts are investigating the new wave of ransomware attacks targeting organisations across the world. Our preliminary findings suggest that it is not a variant of Petya ransomware as publically reported, but a new ransomware that has not been seen before,” the researchers said.
