Blitz raises concerns about future assaults
Governments, firms around world hit with ransomware.
Governments and organizations around the world grappled on Wednesday to contain a cyberattack that struck parts of Europe, the United States and Asia, the second time in two months that hackers have tried to shake down computer users, threatening to delete their data unless they paid up.
The worldwide cyberattack, which began and was most prevalent in Ukraine, has raised concerns that similar attempts will become more widespread as hackers mimic the techniques in future digital assaults.
Experts said the most recent attack was less severe than a similar one in May, when software called WannaCry introduced the term “ransomware” to much of the world. The attack forced the temporary closure of hospitals in Britain, and it disrupted other vital infrastructure, mostly in Europe.
Yet as law enforcement, governments and companies from the United States to India assessed the damage of the new attack, many cautioned that people should be prepared for such events to become a regular danger as criminals worldwide look to take advantage of vulnerabilities in organizations’ digital infrastructure.
“It’s pretty clear that this attack was inspired by WannaCry,” said Gavin O’Gorman, an intelligence analyst at Symantec, a cybersecurity company. “We’ll likely see more of these types of attacks in the future.”
Like the WannaCry attack last month, computers struck by the virus displayed a message that their data had been encrypted and demanded a ransom — in this case, $300 — to decrypt it. Experts initially said the malware that began to strike computers on Tuesday was similar to a virus called Petya, first identified last year. But Kaspersky Lab, a cybersecurity firm based in Moscow, later said that it was a type of ransomware that had never been seen before.
The scope of the attack underlines the power of a cache of National Security Agency hacking tools that were leaked to the public. Hackers made use of the same NSA tools that were used during the WannaCry episode, along with two other methods to promote its spread, according to Symantec.
The reason the cyberattack was less widespread was not immediately clear, though experts expressed doubt that the world had learned its lesson and prepared properly. So far, the hacking has generated more than $10,000 in ransom payments, a figure that is likely to rise.
Security researchers said the attack originated in Ukraine, seemingly timed to hit a day before a holiday marking the adoption in 1996 of Ukraine’s first constitution. More than 12,500 machines in that country were targeted, according to Microsoft, though the online attack quickly spread to 64 other countries.
While law enforcement officials struggled to determine who was behind the attack, Microsoft said the assailants initially focused on supply-chain software run by M.E.Doc, a Ukrainian company specializing in tax accountancy. In a Facebook post, M.E.Doc denied that it was the source of the attack.
The attack targeted businesses in Ukraine, Russia and Poland, according to a post from Kaspersky Lab. According to the report, those three countries, as well as Italy and Germany, were most affected.
“The rapid spread of the Petya ransomware is unfortunate yet unsurprising,” said Michela Menting, a cybersecurity expert at ABI Research in Geneva. “The WannaCry attack should have been a wake-up call for organizations worldwide.”
In Russia, Home Credit, one of the country’s biggest lenders, was paralyzed when all of its offices closed after the attack struck. It said in a statement on Wednesday that it had suspended all of its IT systems at the time, but they would return to operation quickly.