World counts cost of malware damage
Ex-Petr ‘now under control in Ukraine’, its point of origin
PARIS // The data-scrambling malware that paralysed computers globally is under control in Ukraine, where it probably originated, experts say. Companies and governments around the world were yesterday counting the cost of a crisis that is disrupting ports, hospitals and factories.
Ukraine’s cabinet said “all strategic assets, including those involved in protecting state security, are working normally”.
The same could not be said for India’s largest container port, where one of the terminals was stopped by the malicious soft- ware, which goes by a variety of names including ExPetr.
M K Sirkar, a manager at the Jawaharlal Nehru Port Trust in Mumbai, said no containers could yesterday be loaded or unloaded at the terminal operated by shipper Moller-Maersk.
Moller-Maersk acknowledged its APM Terminals had been affected at several ports and that systems were shut down “to contain the issue”.
At least thousands of computers worldwide have been struck by the malware, early reports by cyber-security companies say. But most of the damage remains hidden away in corporate offices.
Some names have trickled into the public domain as the disruption becomes obvious.
In Pennsylvania, laboratory and diagnostic services were closed at satellite offices of Pennsylvania’s Heritage Valley health system. In Tasmania, Australia, a Cadbury chocolate factory had stopped production after its computers crashed.
Other organisations affected include US drug maker Merck, food and drinks company Mondelez International, global law firm DLA Piper and London advertising group WPP.
As cyber-security workers were trying to cleaning up the mess, others wondered what were the attackers’ motives.
Ransomware, which scrambles computer data until a payment is made, has grown quickly over the past couple of years, powered in part by the growing popularity of digital currencies such as Bitcoin.
But some believed that this latest outbreak was less aimed at gathering money than at sending a message to Ukraine and its allies.
That notion was reinforced by the way the malware appears to have been planted using a rogue update to a piece of Ukrainian accounting software and the timing.
It came on the same day as the assassination of a senior Ukrainian military intelligence officer in the nation’s capital, and a day before a national holiday celebrating a new constitution signed after the break-up of the Soviet Union.
Suspicions were further heightened by the re- emergence of the mysterious Shadow Brokers group of hackers, whose dramatic leak of powerful US National Security Agency tools helped to power Tuesday’s outbreak, as it did the WannaCry ransomware explosion last month.
The Shadow Brokers yesterday made new threats, announced a new money-making scheme and made references to what happened the day before.
“Another global cyber attack is fitting end for first month of The Shadow Brokers’ dump service,” the group said. It was referring to a subscription service said to offer hackers early access to even more of the NSA’s digital break-in tools. “There is much The Shadow Brokers can be saying about this but what is the point and what has not already been said?”
Few take The Shadow Brokers’ threats or ostentatious demands for money seriously, but the timing of their re- emergence dropped another hint at the spy games that could be playing out behind the scenes.