The wave of cyberattacks hitting Europe and North America is similar to last month’s WannaCry ransomware havoc, but appears potentially “more sophisticated”, the European police agency said on Wednesday (June 28).
A Moscow-based cyber security firm, Group-IB, said it appeared to be a coordinated attack simultaneously targeting victims in Russian Federation and Ukraine.
“There are clear similarities with the WannaCry attack, but also indications of a more sophisticated attack capability, meant to exploit a range of vulnerabilities”, Wainwright said in a statement.
More than 30 victims paid up but security experts are questioning whether extortion was the goal, given the relatively small sum demanded, or whether the hackers were driven by destructive motives rather than financial gain.
This particular variant of ransomware leaves a message with a contact email; several messages sent to the address were not immediately returned.
Among the companies reporting problems were global shipping firm Maersk, British advertising giant WPP, French industrial group Saint-Gobain and United States pharmaceutical group Merck.
Europol’s executive director Rob Wainwright said, “This is another serious ransomware attack with global impact, although the number of victims is not yet known”.
“My sense is this starts to look like a state operating through a proxy.as a kind of experiment to see what happens”, Lord told Reuters on Wednesday.
“The information system has undergone an attack, the main production continues to operate, there are no threats to the safety of enterprises and employees“, the company said.
Production at the Cadbury factory on the island state of Tasmania ground to a halt late on Tuesday after computer systems went down, said Australian Manufacturing and Workers Union state secretary John Short. To spread across devices, Petya utilises exactly the same vulnerability used in WannaCry, patched by Microsoft in March 2017.
A new, highly virulent strain of malicious software that is crippling computers globally appears to have been sown in Ukraine, where it badly hobbled much of the government and private sector on the eve of a holiday celebrating a post-Soviet constitution.
According to anti-virus vendor ESET, 80% of all infections were in Ukraine, with Germany second hardest hit with about 9%.
The threat does not have “a known, viable external spreading mechanism – such as the Internet”, so “it is possible that some infections may be associated with software update systems for a Ukrainian tax accounting package called Medoc”, according to Williams.
In a Facebook post, MEDoc confirmed it had been hacked but denied responsibility for originating the attack.
India’s government on Wednesday said operations at a terminal at the country’s largest container port in Mumbai, run by Maersk, were disrupted. But no proof of the attack was presented, and Russian companies, like the oil giant Rosneft, also complained of being hit by a “powerful hacking attack”.
Backup and recovery measures only work after an attack, and cost organisations in downtime and IT resources dealing with the attack and aftermath, he added.
The Copenhagen-based group said its APM Terminals were affected “in a number of ports”, but said that its vessels with Maersk Line were “maneuverable, able to communicate and crews are safe”.