A new cyberattack similar to WannaCry reached parts of Asia after hitting businesses, port operators and government systems in Europe, U.S. and South America.
A terminal operated by A.P. Moller-Maersk at the Jawaharlal Nehru Port Trust, a facility near Mumbai which is India’s biggest container port, was unable to load or unload because of the attack. With the Gateway Terminal India facility unable to identify which shipment belongs to whom, the port is clearing cargo manually, Chairman Anil Diggikar said in a phone interview.
After wreaking havoc in Europe, the attackers behind the Petya virus have had a limited impact in Asia so far as they demand users pay $300 in cryptocurrency per infected computer to unlock their systems. About 2,000 users had been attacked as of midday Tuesday in North America, according to Kaspersky Lab analysts, with organizations in Russia and Ukraine the most affected.
“With there being no global kill switch for this one, we’ll continue to see the numbers rise in different parts of the world as more vulnerable systems become more exposed,” said Beau Woods, deputy director of the Cyber Statecraft Initiative at the Atlantic Council in Washington.
There are signs the virus is starting to spread in China but no large-scale outbreak has been detected, according to Zheng Wenbin, chief security engineer at Qihoo 360 Technology Co.
After the WannaCry outbreak earlier this year, ransomware is becoming a routine risk for businesses around the world. While banks and retailers have strengthened defenses against certain types of attacks, such as those targeting credit card data, many others are still catching up in building their defenses.
The attack popped up in government systems in Kiev, then disabled operations at companies including Rosneft PJSC, advertiser WPP Plc and the Chernobyl nuclear facility. More than 80 companies in Russia and Ukraine were initially affected, Moscow-based cybersecurity company Group-IB said. The hack quickly spread from Russia and Ukraine, through Europe and into the U.S.
Kremlin-controlled Rosneft, Russia’s largest crude producer, said it avoided “serious consequences” from the “hacker attack” by switching to a backup system for managing production processes.
U.K. media company WPP’s website was knocked offline, and employees were told to turn off their computers and not use Wi-Fi, according to a person familiar with the matter. Sea Containers, the London building that houses WPP and agencies including Ogilvy & Mather, has been shut down, another person said. Law firm DLA Piper took down its systems as a “precautionary measure,” meaning clients couldn’t contact its team by email or land-line, according to a notice on its website.
The most vulnerable places are “where the operators are a lot of the times at the mercy of manufacturers and providers of those technologies and there’s a long time between existence of a fix and implementation of a fix,” Woods said.
Maersk said its customers can’t use online booking tools and its internal systems are down. Diggikar said 75 Maersk group terminals were hit by the attack.
APM Terminals, owned by Maersk, experienced system issues at multiple terminals, including the Port of New York and New Jersey, the largest port on the U.S. East Coast, and Rotterdam in The Netherlands, Europe’s largest harbor. APM Terminals at the Port of New York and New Jersey will be closed for the rest of the day “due to the extent of the system impact,” the Port said.
Cie de Saint-Gobain, a French manufacturer, said its systems had also been infected, though a spokeswoman declined to elaborate. Mondelez International Inc. said it was also experiencing a global IT outage and was looking into the cause. Merck & Co. Inc., based in Kenilworth, New Jersey, reported that its computer network was compromised due to the hack.
The strikes follow the global ransomware assault involving WannaCry virus that affected hundreds of thousands of computers in more than 150 countries as extortionists demanded bitcoin from victims. Ransomware attacks have been soaring and the number of such incidents increased by 50 percent in 2016, according to Verizon Communications Inc.
“While this attack directly impacts IT systems, we must consider how the ransomware threat will evolve in the near future to also impact IoT devices and connected cars,” said Mark Hearn, who is director of Internet of things security at Irdeto.
Analysts at Symantec Corp., have said the new Petya virus uses an exploit called EternalBlue to spread, much like WannaCry. EternalBlue works on vulnerabilities in Microsoft Corp.’s Windows operating system.
The new virus has a fake Microsoft digital signature appended to it and the attack is spreading to many countries, Costin Raiu, director of the global research and analysis team at Moscow-based Kaspersky Lab, said on Twitter.
The attack has hit Ukraine particularly hard and the intrusion is “the biggest in Ukraine’s history,” Anton Gerashchenko, an aide to the Interior Ministry, wrote on Facebook. Kyivenergo, a Ukrainian utility, switched off all computers after the hack, while another power company, Ukrenergo, was also affected, the Interfax news service reported.