Firms scramble to recover from wave of cyberattacks
Virus spread from Ukraine and Russia to US and computers worldwide
KIEV Thousands of computer users across the globe scrambled yesterday to reboot after a wave of ransomware cyberattacks spread from Ukraine and Russia across Europe to the US.
The virus, which locked up files at companies and government agencies including the Chernobyl nuclear site and demanded a payment worth US$300 (S$415) - in virtual currency Bitcoin - appeared similar to the WannaCry ransomware that swept the world last month, hitting more than 200,000 users in more than 150 countries.
But the new attack appeared much smaller in scale, with global cybersecurity firm Kaspersky Lab estimating the number of victims at 2,000.
There was no immediate indication of who was responsible.
The virus, dubbed NotPetya by experts, is a variant of the Petya ransomware that first surfaced in March last year.
In Ukraine, which first reported issues and appeared most heavily hit, companies and critical infrastructure operators were still struggling to cope with the virus.
Employees at the Chernobyl nuclear site were continuing to use hand-held Geiger counters to measure the levels of radiation after the monitoring system was shut down by the hack.
Online arrivals and departures information for Kiev's Boryspil airport remained down, but its director said the hub was otherwise operating normally.
The attacks started on Tuesday at around 2pm Kiev time and spread to 80 companies in Ukraine and Russia, said cybersecurity company Group IB.
In Russia, major companies including the oil giant Rosneft said that they had suffered cyberattacks at roughly the same time.
Later, multi-nationals in Western Europe and the US reported that they too had been hit by the virus.
Among the companies reporting problems were global shipping firm Maersk, British advertising giant WPP, French industrial group Saint-Gobain and US pharmaceutical group Merck.
There was no clear indication of who was behind the attack. Some experts said it looked likely to be a criminal scam, while Ukraine suggested that its arch-rival Russia could have been behind the attack. - AFP
HOW IT WORKS
- It differs from typical ransomware as it doesn’t just encrypt files, it also overwrites and encrypts the master boot record on the hard drive. This renders the entire computer inoperable.
- Older legacy systems and critical infrastructure are particularly vulnerable to this attack.
- It appears that this ransomware uses similar current vulnerabilities that were exploited during the recent Wannacry attack.
- In the latest attack, a ransom note is displayed on infected machines, demanding that US$300 in bitcoins be paid to recover files.