Global virus hits computers
Disrupts banks, multinationals
AMAJOR global cyber attack yesterday disrupted computers at Russia’s biggest oil company, Ukrainian banks and multinational firms with a virus similar to the ransomware that last month infected more than 300 000 computers.
The extortion campaign underscored concerns that businesses had failed to secure their networks from hackers.
It included code known as “Eternal Blue”, which cyber security experts believe was stolen from the US National Security Agency (NSA) and was also used in last month’s attack, named “WannaCry”.
The virus crippled computers running Microsoft Corp’s Windows by encrypting hard drives, then demanded $300 (R3 896) in bitcoin payments to restore access.
The NSA did not respond to a request for comment. The spy agency has not publicly said whether it built Eternal Blue and other hacking tools leaked online by an entity known as Shadow Brokers.
Several private security experts have said they believe Shadow Brokers is tied to the Russian government, and that the North Korean government was behind WannaCry. Both countries’ governments deny they are involved in hacking.
The first attacks were reported from Russia and Ukraine. Russia’s Rosneft, one of the world’s biggest crude producers by volume, said its systems had suffered “serious consequences”, but added oil production had not been affected because it switched over to back-up systems.
Down
Ukrainian Deputy Prime Minister Pavlo Rozenko said the government’s computer network went down and the central bank reported disruption to operations. Danish shipping giant AP Moller-Maersk said it was among the victims.
WPP, the world’s largest advertising agency, said it was also infected. A Ukrainian media company said its computers were blocked and it was asked to pay $300 in the crypto-currency bitcoin to regain access.
“Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service,” the message said, according to a screenshot posted on Ukraine’s Channel 24.
Russia’s central bank said there were isolated cases of lenders’ IT systems being infected. Other companies that identified themselves as victims included French construction materials firm Saint Gobain, US drugmaker Merck & Co and Mars Inc’s Royal Canin pet food business.
India-based employees at Beiersdorf, makers of Nivea skin-care products, and Reckitt Benckiser, which owns Enfamil and Lysol, said the attack had impacted on some of their systems in the country.
The WannaCry ransomware attack was crippled after British security researcher Marcus Hutchins, 22, created a so-called “kill switch” that experts hailed as the decisive step in slowing the attack. Security experts said they did not believe that the ransomware released yesterday had a kill switch.
Ukraine’s cyber police said on Twitter that a vulnerability in software used by MEDoc, a Ukrainian accounting firm, might have been an initial source of the virus, which researchers said could have infected victims via an illegitimate software update. MEDoc confirmed it had been hacked, but denied responsibility for originating the attack.
An adviser to Ukraine’s interior minister said that the virus got into computer sys- tems via “phishing” e-mails written in Russian and Ukrainian designed to lure employees into opening them. – Reuters