Cyberattack spreads across globe to the U.S.
Ukrainian government hit first; assault may have been intended to land day before a national holiday
A new and virulent outbreak of data-scrambling software causes disruption across the world, paralyzing some hospitals, government offices and corporations.
Computer systems from Ukraine to the United States were struck on Tuesday in an international cyberattack that was like a recent assault that crippled tens of thousands of machines worldwide.
In Kiev, the capital of Ukraine, ATMs stopped working. About 80 miles away, workers were forced to manually monitor radiation at the old Chernobyl nuclear plant when their computers failed. And tech managers at companies around the world, from Maersk, the Danish shipping conglomerate, to Merck, the drug giant in the United States, were scrambling to respond.
It was unclear who was behind this cyberattack, and the extent of its effect was still hard to gauge Tuesday.
It started as an attack on Ukrainian government and business computer systems — an assault that appeared to have been intended to hit the day before a holiday marking the adoption in 1996 of Ukraine’s first constitution after breaking away from the Soviet Union. It spread from there, causing collateral damage around the world.
This outbreak is the latest and perhaps the most sophisticated in a series of attacks that make use of dozens of hacking tools that were stolen from the National Security Agency and leaked online in April by a group called the Shadow Brokers.
Like the WannaCry attacks in May, the latest global hacking took control of computers and demanded digital ransom from
their owners to regain access. The new attack used the same NSA hacking tool, Eternal Blue, that was used in the WannaCry incident and two other methods to promote its spread, according to researchers at the computer security company Symantec.
The NSA has not acknowledged its tools were used in WannaCry or other attacks. But computer security specialists are demanding that the agency help the rest of the world defend against the weapons it created.
“The NSA needs to take a leadership role in working closely with security and operating system platform vendors such as Apple and Microsoft to address the plague that they’ve unleashed,” said Golan Ben-Oni, the global chief information officer at IDT, a Newark, N. J.-based conglomerate hit by a separate attack in April that used NSA hacking tools. Ben-Oni warned federal officials that more serious attacks were probably on the horizon.
The vulnerability in Windows software used by Eternal Blue was patched by Microsoft in March, but as the WannaCry attacks demonstrated, hundreds of thousands of organizations around the world failed to properly install the fix.
“Just because you roll out a patch doesn’t mean it’ll be put in place quickly,” said Carl Herberger, vice president of security at Radware. “The more bureaucratic an organization is, the higher chance it won’t have updated its software.”
Because the ransomware used at least two other ways to spread on Tuesday, even those who used the Microsoft patch could be vulnerable, according to researchers at F-Secure, the Finnish cybersecurity firm.
A Microsoft spokesman said the company’s latest anti-virus software should protect against the attack.
The Ukrainian government said several of its ministries, local banks and metro systems had been affected. A number of other European companies, including Rosneft, the Russian energy giant; Saint-Gobain, the French construction materials company; and WPP, the British advertising agency, also said they had been targeted.
Ukrainian officials pointed a finger at Russia on Tuesday, though Russian companies were also affected. Home Credit bank, one of Russia’s top 50 lenders, was paralyzed, with all of its offices closed, according to the RBC news website. The attack also affected Evraz, a steel manufacturing and mining company that employs about 80,000 people, the RBC website reported.
In the United States, DLA Piper, the multinational law firm, also reported being hit. Hospitals in Pennsylvania were being forced to cancel surgeries after the attack hit computers at Heritage Valley Health Systems, a Pennsylvania health care provider, and its hospitals in Beaver and Sewickley, Penn., and satellite locations across the state.
A spokesman for the NSA referred questions about the attack to the Department of Homeland Security. “The Department of Homeland Security is monitoring reports of cyberattacks affecting multiple global entities and is coordinating with our international and domestic cyberpartners,” Scott McConnell, spokesman for DHS, said in a statement.
Computer specialists said the ransomware was very similar to a virus that first emerged last year called Petya. Petya means “Little Peter,” in Russian, leading some to speculate the name referred to Sergei Prokofiev’s 1936 symphony “Peter and the Wolf.”
“The NSA needs to take a leadership role ... to address the plague that they’ve unleashed.” Golan Ben-Oni, global chief information officer at IDT