Worldwide ransomware attack raises worries over future assaults
Governments and organizations around the world grappled on Wednesday to contain a cyberattack that struck parts of Europe, the U.S. and Asia, the second time in two months that hackers have tried to shake down computer users, threatening to delete their data unless they paid up.
The global cyberattack, which began and was most prevalent in Ukraine, has raised concerns that similar attempts will become more widespread as hackers mimic the techniques.
Experts said that the most recent attack was less severe than a similar hacking in May, when software called WannaCry introduced the term “ransomware” to much of the world. The attack forced the closing of hospitals in Britain, and it disrupted other vital infrastructure, mostly in Europe.
Yet as law enforcement, governments and companies from the United States to India assessed the damage of the new attack, many cautioned that people should be prepared for such events to become a regular danger as criminals worldwide look to take advantage of vulnerabilities in organizations’ digital infrastructure.
“It’s pretty clear that this attack was inspired by WannaCry,” said Gavin O’Gorman, an intelligence analyst at Symantec, a cybersecurity company. “We’ll likely see more of these types of attacks in the future.”
Like the WannaCry attack last month, computers struck by the virus displayed a message that their data had been encrypted and demanded a ransom — in this case, $300 — to decrypt it. Experts initially said the malware that began to strike computers on Tuesday was similar to a virus called Petya, first identified last year. But Kaspersky Lab, a cybersecurity company based in Moscow, later said that it was a type of ransomware that had never been seen before.
The scope of the attack underlines the power of a cache of National Security Agency hacking tools that were leaked. Hackers made use of the same NSA tools that were used during the WannaCry episode, along with two other methods to promote its spread, according to Symantec.
The reason the cyberattack was less widespread was not immediately clear, though experts expressed doubt that the world had learned its lesson and prepared properly. So far, the hacking has generated more than $10,000 in ransom payments, a figure that is likely to rise.
Security researchers said the attack originated in Ukraine, seemingly timed to hit a day before a holiday marking the adoption in 1996 of Ukraine’s first constitution. Over 12,500 machines in the country were targeted, according to Microsoft, though the online attack quickly spread to 64 other countries.
While law enforcement officials struggled to determine who was behind the attack, Microsoft said the assailants initially focused on supply-chain software run by M.E.Doc, a Ukrainian company specializing in tax accountancy. In a Facebook post, M.E.Doc denied that it was the source of the attack.