Different motive
Experts believe those behind virus are not real extortionists
NotPetya designed to disrupt computer systems in Ukraine, not for extortion.
WASHINGTON: A computer virus wreaked havoc on firms around the globe as it spread to more than 60 countries, disrupting ports from Mumbai to Los Angeles and halting work at a chocolate factory in Australia.
Risk-modelling firm Cyence said economic losses from this week’s attack and one last month from a virus dubbed WannaCry would likely total US$8bil (RM34.4bil).
That estimate highlights the steep tolls businesses around the globe face from growth in cyberattacks that knock critical computer networks offline.
“When systems are down and can’t generate revenue, that really gets the attention of executives and board members,” said George Kurtz, chief executive of security software maker CrowdStrike.
“This has heightened awareness of the need for resiliency and better security in networks.”
The virus, which researchers are calling NotPetya, began its spread on Tuesday in Ukraine.
It infected machines of visitors to a local news site and computers downloading tainted updates of a popular tax accounting package, according to national police and cyber experts.
It shut down a cargo booking system at Danish shipping giant AP Moller-Maersk, causing congestion at some of the 76 ports around the world run by its APM Terminals subsidiary.
Maersk said late on Wednesday that the system was back online.
The malicious code encrypted data on machines and demanded US$300 (RM1,290) ransoms for recovery, similar to the extortion tactic used in the global WannaCry ransomware attack in May.
Security experts believe the goal is to disrupt computer systems across Ukraine, not extortion, saying the attack used powerful wiping software that made it impossible to recover lost data.
“It was a wiper disguised as ransomware. They had no intention of obtaining money from the attack,” said Tom Kellermann, chief executive of Strategic Cyber Ventures.
Brian Lord, a former official with Britain’s Government Communications Headquarters who is now managing director at private security firm PGI Cyber, believes the campaign is an “experiment” in using ransomware to cause destruction.
“This starts to look like a state operating through a proxy,” he said.
The malware appeared to leverage code known as Eternal Blue believed to have been developed by the US National Security Agency. Eternal Blue was part of a trove of hacking tools stolen from the NSA and leaked online in April by a group that calls itself Shadow Brokers, which security researchers believe is linked to the Russian government.
US Representative Ted Lieu, a Democrat, called on the NSA to immediately disclose any information it may have about Eternal Blue.
“If the NSA has a kill switch for this new malware attack, the NSA should deploy it now,” Lieu wrote in a letter to NSA director Mike Rogers.