Cyberattack hits Europe
Ransomware spreads more slowly in U.S.
PARIS — A new and highly virulent outbreak of datascrambling software — apparently sown in Ukraine — caused disruption across the world Tuesday. Following a similar attack in May, the fresh cyberassault paralyzed some hospitals, government offices and major multinational corporations in a dramatic demonstration of how easily malicious programs can bring daily life to a halt.
Ukraine and Russia appeared hardest hit by the new strain of ransomware — malicious software that locks up computer files with all-but-unbreakable encryption and then demands a ransom for its release. In the United States, the malware affected companies such as the drugmaker Merck and Mondelez International, the owner of food brands such as Oreo and Nabisco.
Its pace appeared to slow as the day wore on, in part because the malware appeared to require direct contact between computer networks, a factor that may have limited its spread in regions with fewer connections to Ukraine.
The malware’s origins remain unclear. Researchers picking the program apart found evidence its creators had borrowed from leaked National Security Agency code, raising the possibility that the digital havoc had spread using U.S. taxpayer-funded tools.
“The virus is spreading all over Europe and I’m afraid it can harm the whole world,” said Victor Zhora, the chief executive of Infosafe IT in Kiev, where reports of the malicious software first emerged early afternoon local time Tuesday.
The virus hit the radiationmonitoring at Ukraine’ s shuttered Chernobyl power plant, site of the world’s worst nuclear accident, forcing it into manual operation.
In the U.S, two hospitals in western Pennsylvania were hit; patients reported on social media that some surgeries had to be rescheduled. A spokeswoman for Heritage Valley Health System would say only that operational changes had to be made.
Security experts said Tuesday’s global cyberattack shares something in common with last month’s outbreak of ransomware, dubbed WannaCry. Both spread using digital lock picks originally created by the NSA and later published to the web by a stillmysterious group known as the Shadowbrokers.
The motives of those behind the malware remain unknown. Emails sent Tuesday to an address posted to the bottom of ransom demands went unreturned. That might be because the email provider hosting that address, Berlin-based Posteo, pulled the plug on the account before the infection became widely known.
In an email, a Posteo representative said it had blocked the email address “immediately” after learning that it was associated with ransomware.”