Cyberattack’s effect lingers as nations mull self-defense
As investigators continue to gather clues about the cyberattacks that hit computers around the world last week, some big companies and other organizations are still reckoning with the damage.
At Mondelez International, a giant maker of snacks, thousands of servers and computers were rendered useless and production lines at some factories ground to a halt. The company said Thursday that shipping and invoicing had been disrupted during the last four days of the most recent financial quarter, but that a “critical majority” of its systems were back up and running.
Hospitals across the United States have not been able to create electronic records for more than a week after the software maker Nuance Communications experienced significant problems with its computers. On Thursday, it was not clear when all of the company’s systems would be working properly.
Investigators were still sorting through the digital crumbs left behind after last week’s crippling cyberattacks, known as NotPetya or Nyetya. Early signs pointed toward Russia, although it was unclear who in particular may have been responsible.
The attacks initially targeted government agencies, banks and companies in Ukraine. About 2,000 organizations there were hit on the eve of Constitution Day, a Ukrainian national holiday commemorating the country’s first constitution after breaking away from the Soviet Union.
But collateral damage from the attack took down computers across the world, including major multinational companies that do business with Ukraine.
“There’s more to this story than what’s been told,” said Jaime Blasco, vice president and chief scientist at AlienVault, a cybersecurity company that has been conducting a forensic investigation of the intrusion. “Based on our analysis, this attack was really, really bad. Companies that weren’t using best security practices were wiped out.”
NATO officials last week questioned whether the attack would cause the alliance’s mutual defense clause, Article 5 of the North Atlantic Treaty, to be invoked. Jens Stoltenberg, the NATO secretary-general, told reporters that members agreed last year that such attacks could have that effect and pledged to help Ukraine bolster its cybersecurity defenses.
Officials in Britain took a harder line. Michael Fallon, the British defense secretary, said the country would consider retaliating against cyberattacks with military force.
In the United States, Thomas Bossert, the homeland security and counterterrorism adviser, said if the culprit was the Russian government or hackers working on its behalf, it was a foolish effort, because companies there — most notably Rosneft, the government-owned oil company — were also hit.