Northwest Arkansas Democrat-Gazette
Hacking targets try to fix damage
Shipping giant among firms working to restore operations
MOSCOW — Companies worldwide struggled to recover Wednesday after wave of powerful cyberattacks crippled computer systems in Europe, Asia and the United States with a virus similar to the global ransomware assault in May that infected computers.
Researchers at Kaspersky Lab’s Global Research and Analysis Team in Russia said Wednesday that a regional Ukrainian website had been hacked and used to distribute the ransomware to visitors.
Kaspersky estimated that there had been more than 2,000 attacks, linked to a version of malware called Petya — 60 percent of them in Ukraine and 30 percent in Russia, including the country’s largest oil company.
But Kremlin spokesman Dmitry Peskov said “no serious problems” had occurred as a result of the cyberattacks. Speaking on a conference call Wednesday, Peskov also said he had no accurate information on the origin of the attacks.
But the damage was worst in Ukraine, and some Ukrainian officials had initially expressed suspicions that the attacks originated in Russia. The hacks targeted government ministries, banks, utilities and other important infrastructure and companies nationwide, demanding ransoms from government employees in the cryptocurrency bitcoin.
The virus even downed systems at the site of the former Chernobyl nuclear power plant, forcing scientists to monitor radiation levels manually.
On Wednesday, Danish shipping giant A.P. MollerMaersk said it was working to restore its operations a day after being hit by the cyberattack.
“We have contained the issue and are working on a technical recovery plan with key IT partners and global cyber security agencies,” Maersk, which handles one in every seven containers shipped world wide, said in a stock exchange announcement.
The Copenhagen- based group said its APM Terminals were affected “in a number of ports” but said its vessels with Maersk Line were “maneuverable, able to communicate and crews are safe.”
M.K. Sirkar, a manager at the Jawaharlal Nehru Port Trust in Mumbai, India, said no containers could be loaded or unloaded Wednesday at the terminal operated by Maersk.
Logistics firm FedEx said deliveries by its TNT Express subsidiary were been “slowed” by the cyberattack, which had “significantly affected” its systems.
Cyberattacks also spread as far as the United States, where the pharmaceutical giant Merck reported on Twitter that “our company’s computer network was compromised today as part of global hack.” The New Jersey-based company said it was investigating the attack.
France’s biggest bank, BNP Paribas, said Wednesday that its real estate unit, which provides services to corporations around Europe, had been hit in the attack.
“The international cyber attack hit our non-bank subsidiary, Real Estate. The necessary measures have been taken to rapidly contain the attack,” the bank said in a statement to Reuters on Wednesday.
Cyber researchers said the virus used an “exploit” developed by the National Security Agency that was later leaked onto the Internet by hackers. It is the second widespread attack in the past two months to use powerful U.S. exploits in attacks against the information technology infrastructure that supports national governments and corporations.
The onslaught of ransomware attacks may be the “new normal,” said Mark Graff, the chief executive of Tellagraff, a cybersecurity company.
“The emergence of Petya and WannaCry really points out the need for a response plan and a policy on what companies are going to do about ransomware,” he said. WannaCry was the ransomware used in the May attack. “You won’t want to make that decision at a time of panic, in a cloud of emotion.”
The attack mainly targeted eastern Europe but also hit companies in Spain, Denmark, Norway and Britain. Victims included the British advertising and marketing multinational WPP.
The scale of the hacks and the use of ransomware recalled the cyberattack in May, in which hackers possibly linked to North Korea disabled computers in more than 150 nations using a flaw that was once incorporated into the National Security Agency’s surveillance tool kit.
Cyber researchers have tied the vulnerability exploited by the virus to the one used by WannaCry — a weakness discovered by the NSA years ago that the agency turned into a hacking tool dubbed EternalBlue.
Suspicions were further heightened by the re-emergence of the mysterious Shadow Brokers group of hackers, whose dramatic leak of powerful NSA tools helped power Tuesday’s outbreak, as it did a previous ransomware explosion last month that was dubbed WannaCry.
Information for this article was contributed by David Filipov, Andrew Roth, Ellen Nakashima, Isaac Stanley- Becker, Hamza Shaban and Julie Tate of The Washington Post and by Raphael Satter and Frank Bajak of The Associated Press