A major global cyber attack dubbed “GoldenEye” or “Petya” has caused mass disruption in Europe and the United States.
Computers at Russia’s biggest oil company had been affected, along with Ukrainian banks and multinational firms, by a virus similar to the ransomware that last month infected more than 300,000 computers.
The attack underscores growing concerns that businesses have failed to secure their networks from increasingly aggressive hackers, who have shown they are capable of shutting down critical infrastructure and crippling corporate and government networks.
“Cyber attacks can simply destroy us,” said Kevin Johnson, chief executive of cyber security firm Secure Ideas. “Companies are just not doing what they are supposed to do to fix the problem.
* UK Parliament targeted in cyber attack
* Global cyber attack similar to North Korean hacks
* How to protect yourself from global ransomware attack
* CERT NZ receives ‘unconfirmed’ reports WannaCry in NZ
* Worse cyber attacks to come
* No NZ reports yet of cyber attack Petya Ransomware
The ransomware virus crippled computers running Microsoft Corp’s Windows by encrypting hard drives and overwriting files, then demanded US$300 in bitcoin payments to restore access.
Analysis of the Bitcoin wallet listed on the ransom demand shows that at least some victims have paid up in order to unlock their files, but many experts are now advising users and businesses against sending the money. Berlin-based email provider Posteo says it has disabled the email address attackers were using to receive the Bitcoins, meaning they may now have no way of restoring encrypted files to their victims.
It included code known as “Eternal Blue,” which cyber security experts widely believe was stolen from the U.S. National Security Agency and was also used in last month’s ransomware attack, named “WannaCry.”
Victims could have protected themselves from attack by updating computers with security patches from Microsoft and configuring their networks to stop viruses targeting a widely used Windows networking protocol, said Symantec Corp researcher Eric Chien.
“This shouldn’t be that big a deal because people should have already patched,” he said.
Some 2000 attacks were observed as of midday in New York on Tuesday (Wednesday NZT), according to Kaspersky Lab. Russia and Ukraine were most affected, with other victims spread across countries including Britain, France, Germany, Italy, Poland and the United States, the security software maker said.
Security experts said they expected the impact to be smaller than WannaCry since many computers had been patched with Windows updates in the wake of WannaCry last month to protect them against attacks using Eternal Blue code.
Following last month’s attack, governments, security firms and industrial groups aggressively advised businesses and consumers to make sure all their computers were updated with Microsoft patches to defend against the threat.
A Microsoft spokesman said the company was investigating the attacks.
The US Department of Homeland Security said it was monitoring the attacks and coordinating with other countries. It advised victims not to pay the extortion, saying that doing so does not guarantee access will be restored.
The NSA did not respond to a request for comment. The spy agency has not publicly said whether it built Eternal Blue and other hacking tools leaked online by an entity known as Shadow Brokers.
Several private security experts have said they believe Shadow Brokers is tied to the Russian government, and that the North Korean government was behind WannaCry. Both countries’ governments deny charges they are involved in hacking.
‘DON’T WASTE YOUR TIME’
The first attacks were reported from Russia and Ukraine.
Russia’s Rosneft, one of the world’s biggest crude producers by volume, said its systems had suffered “serious consequences,” but added oil production had not been affected because it switched over to backup systems.
Ukrainian Deputy Prime Minister Pavlo Rozenko said the government’s computer network went down and the central bank reported disruption to operations at banks and firms including the state power distributor.
Danish shipping giant AP Moller-Maersk said it was among the victims, reporting outages at facilities including its Los Angeles terminal.
WPP, the world’s largest advertising agency, said it was also infected. A WPP employee who asked not to be named said that workers were told to shut down their computers: “The building has come to a standstill.”
A Ukrainian media company said its computers were blocked and it was asked to pay US$300 in the crypto-currency bitcoin to regain access.
“Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service,” the message said, according to a screenshot posted on Ukraine’s Channel 24.
Russia’s central bank said there were isolated cases of lenders’ IT systems being infected. One consumer lender, Home Credit, had to suspend client operations.
In Australia, local arms of international companies that have been affected are scrambling to stop the infection spreading.
Other companies that identified themselves as victims included French construction materials firm Saint Gobain , US drugmaker Merck & Co and Mars Inc’s Royal Canin pet food business.
India-based employees at Beiersdorf, makers of Nivea skin care products, and Reckitt Benckiser, which owns Enfamil and Lysol, told Reuters the ransomware attack had impacted some of their systems in the country.
The BBC is reporting that even the Chernobyl nuclear power plant has been hit, with staff being forced to monitor radiation levels manually after the computers that run the plant’s sensors were impacted.
Last’s month’s fast-spreading WannaCry ransomware attack was crippled after a 22-year-old British security researcher Marcus Hutchins created a so-called “kill-switch” that experts hailed as the decisive step in slowing the attack.
Security experts said they did not believe that the ransomware released on Tuesday had a kill switch, meaning that it might be harder to stop.
Cyber intelligence firm Flashpoint said it believed the outbreak began in Ukraine, where attackers loaded the ransomware onto computers when they requested updates of a widely used accounting software program.
An adviser to Ukraine’s interior minister said earlier in the day that the virus got into computer systems via “phishing” emails written in Russian and Ukrainian designed to lure employees into opening them.
According to the state security agency, the emails contained infected Word documents or PDF files as attachments.