Global cy­ber­at­tack may have aimed for havoc, not ex­tor­tion

Lodi News-Sentinel - - Nation / World - By Raphael Satter and Jan M. Olsen

PARIS — The cy­ber­at­tack that has locked up com­put­ers around the world while de­mand­ing a ran­som may not be an ex­tor­tion at­tempt af­ter all, but an ef­fort to cre­ate havoc in Ukraine, se­cu­rity ex­perts say.

“There may be a more ne­far­i­ous mo­tive be­hind the at­tack,” Gavin O’Gor­man, an in­ves­ti­ga­tor with U.S. an­tivirus firm Sy­man­tec, said in a blog post . “Per­haps this at­tack was never in­tended to make money, rather to sim­ply dis­rupt a large num­ber of Ukrainian or­ga­ni­za­tions.”

The rogue pro­gram landed its heav­i­est blows on the East­ern Euro­pean na­tion, where the govern­ment, dozens of banks and other in­sti­tu­tions were sent reel­ing. It dis­abled com­put­ers at govern­ment agen­cies, en­ergy com­pa­nies, cash ma­chines, su­per­mar­kets, rail­ways and com­mu­ni­ca­tions providers. Many of these or­ga­ni­za­tions had re­cov­ered by Thurs­day.

The pro­gram, known by a va­ri­ety of names, in­clud­ing NotPetya, ini­tially ap­peared to be ran­somware, a type of ma­li­cious soft­ware that en­crypts its vic­tims’ data and holds it hostage un­til a pay­ment is made, usu­ally in bit­coins, the hard-to-trace dig­i­tal cur­rency of­ten used by crim­i­nals.

But O’Gor­man and sev­eral other re­searchers said the cul­prits would have been hard-pressed to make money off the scheme. They ap­pear to have re­lied on a sin­gle email ad­dress that was blocked al­most im­me­di­ately and a sin­gle bit­coin ac­count that has col­lected the rel­a­tively puny sum of $10,000.

Oth­ers, such as Rus­sian anti-virus firm Kasper­sky Lab, said clues in the code sug­gest the pro­gram’s au­thors would have been in­ca­pable of de­crypt­ing the data, fur­ther in­di­cat­ing the ran­som de­mands may have been a smoke screen.

The tim­ing was in­trigu­ing too: The at­tack came the same day as the as­sas­si­na­tion of a se­nior Ukrainian mil­i­tary in­tel­li­gence of­fi­cer and a day be­fore a na­tional hol­i­day cel­e­brat­ing the new Ukrainian con­sti­tu­tion signed af­ter the breakup of the Soviet Union.

Ten­sions have been run­ning high be­tween Rus­sia and Ukraine, with Moscow seiz­ing Crimea in 2014 and pro-Rus­sian sep­a­ratists fight­ing govern­ment forces for con­trol of east­ern Ukraine.

Rus­sia has long been sus­pected of en­gi­neer­ing ear­lier cy­ber­at­tacks against Ukraine, in­clud­ing the hack of its vot­ing sys­tem ahead of 2014 na­tional elec­tions and an as­sault that knocked its power grid off­line in 2015.

Ran­somware or not, com­puter spe­cial­ists world­wide were still wrestling with its con­se­quences, with vary­ing de­grees of suc­cess.

Dan­ish ship­ping gi­ant A.P. Moller-Maersk, one of the global com­pa­nies hit hard­est, said Thurs­day that most of its ter­mi­nals are run­ning again, though some are op­er­at­ing in a lim­ited way or more slowly than usual.

Prob­lems have been re­ported across the ship­pers’ global busi­ness, from Mo­bile, Alabama, to Mum­bai in In­dia. At Mum­bai’s Jawa­har­lal Nehru Port, sev­eral hun­dred con­tain­ers could be seen piled up at just two of the more than a dozen yards.

“The ves­sels are com­ing, the ships are com­ing, but they are not able to take the con­tainer be­cause all the sys­tems are down,” trad­ing and clear­ing agent Ra­jeshree Verma said. “We are ac­tu­ally in a fix be­cause of all this.”

Dozens of ma­jor cor­po­ra­tions and govern­ment agen­cies have been dis­rupted, in­clud­ing FedEx sub­sidiary TNT and Ukraine’s bank­ing sys­tem.

Even small busi­nesses oth­er­wise un­af­fected by the mal­ware are be­gin­ning to feel the pain.

St­ef­fan Mastek of Petersen & So­erensen, a Dan­ish ship re­pair com­pany, said he had been forced to re­order en­gine parts be­cause TNT’s track-and-trace sys­tem for parcels was down.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.