Major cyberattack sweeps globe, cripples computers

CERT-LatestNews Malware Security News SocialEngineering ThreatsActivists ThreatsCybercrime ThreatsEconomic ThreatsStrategic

A massive cyberattack that has locked up computers around the world continued to cause chaos on Wednesday, paralysing operations at multinationals, banks and government departments.

The rapidly-spreading virus, which hit Ukraine hardest on Tuesday, crippled computers running Microsoft Corp’s Windows by encrypting hard drives and overwriting files, then demanded $300 in the digital currency bitcoin to restore access.

The malicious software appeared to be a variant of an existing ransomware family known as Petya, which also has borrowed key features from a major ransomware attack in May when a similar virus known as WannaCry or WannaCrypt spread to computers in more than 150 countries.

READ MORE: Your questions about latest ransomware attack answered

The malware that is used by the attackers is believed to be worse than in previous instances, because users are not even able to launch their computers. 

Instead, they only see a message informing them that their locked up computer is infected and telling them how to transfer the ransom payment to remove the block.

“WannaCry was simple, but effective. With this one, it’s a lot more complicated,” Gavin Millard, technical director at Tenable Network Security, a US-based cyber-security company specialising in spotting vulnerabilities in networks, told Al Jazeera.

“It’s got multiple methods of spreading, leveraging quite a few known vulnerabilities,” he added. “It is also locking systems, not just encrypting files.”

Global spread

Ukraine, which called the attack “unprecedented”, on Tuesday reported heavy disruption from the virus, with banks, companies and government agencies being affected.

But on Wednesday the Ukrainian government said the outburst of malicious software has been contained. It said in a statement that the cyberattack had been stopped and the situation now is under “full control”.

Yet, other entities around the world continued facing difficulties to get back online.

Shipping giant Maersk said the attack had caused outages at its computer systems across the world [Brendan McDermid/Reuters]

Shipping giant A.P. Moller-Maersk, which handles one in seven containers shipped worldwide and has a logistics unit in Ukraine, on Wednesday said it is not able to process new orders after being hit by the attack a day before. 

“Right now, at this hour, we’re not able to take new orders,” Maersk Line Chief Commercial Officer Vincent Clerc told the Reuters news agency.

BNP Paribas Real Estate, which provides property and investment management services, confirmed it had been hit but declined to specify how widely it had affected its business. It employed nearly 3,500 staff in 16 countries as of last year.

Security in an interconnected cyber future – Counting the Cost

“The international cyber attack hit our non-bank subsidiary, Real Estate. The necessary measures have been taken to rapidly contain the attack,” the bank told Reuters on Wednesday, after a person familiar with the matter had said that some staff computers were blocked on Tuesday due to the incident.

Production at a Cadbury chocolate plant on the island state of Tasmania in Australia ground to a halt late on Tuesday after computer systems went down, said Australian Manufacturing and Workers Union state secretary John Short.

Russia’s Rosneft, one of the world’s biggest crude producers by volume, said on Tuesday its systems had suffered “serious consequences” but said oil production had not been affected because it switched over to backup systems.

In Austria, two international companies with seats in Vienna have been affected by this week’s attack, a spokesman of the federal criminal police agency said on Wednesday. 

In Switzerland, six companies were attacked, according to the national cybersecurity agency.

In the United States, the offices of the law firm DLA Piper were affected, as were US-based pharmaceuticals giant Merck and US food giant Mondelez, maker of Milka chocolate and Oreo cookies.

Disruptions were also reported in Asia. Operations at one of the terminals of India’s largest port in Mumbai was disrupted as a fallout of the global ransomware attack, India’s Shipping Ministry said.

The private terminal, one of three at the Jawaharlal Nehru Port Trust, was operated by Maersk. Containers were being cleared manually but the terminal was operating at a fraction of its capacity, a senior official at the port said.

Other groups affected include: Russian state oil company Bashneft, British advertising agency WPP and Dutch shipping company TNT Express. Several companies that reported problems Tuesday were still grappling with the attack on Wednesday.

Radiation monitoring at the Chernobyl nuclear facility had to be performed manually due to a related systems failure.

Source: Al Jazeera and news agencies