Daily Management Review

Researchers See 'Wannacry' Link As Another Cyber Attack Sweeps Globe


Researchers See 'Wannacry' Link As Another Cyber Attack Sweeps Globe
A virus similar to the ransomware that infected more than 300,000 computers last month impacted computers at Russia's biggest oil company, Ukrainian banks and multinational firms in a major global cyber attack.
In recent times, hackers have been increasingly aggressive and have shown they are capable of shutting down critical infrastructure and crippling corporate and government networks and the growing concerns that businesses have failed to secure their networks was underscored by the rapidly spreading cyber extortion campaign, which began on Tuesday.
Even though the impact on companies and governments across the wider region appeared to be limited, the operations of several European companies were hit, including India's largest container port, as businesses in the Asia-Pacific region reported some disruptions on Wednesday.
Cyber security experts widely believe that a code known as "Eternal Blue" used in last month's ransomware attack, named "WannaCry" and was probably stolen from the U.S. National Security Agency (NSA) and was part of the latest ransomware virus.
"Cyber attacks can simply destroy us," said Kevin Johnson, chief executive of cyber security firm Secure Ideas. "Companies are just not doing what they are supposed to do to fix the problem."
The virus demanded $300 in bitcoin payments to restore access after it crippled computers running Microsoft Corp's Windows by encrypting hard drives and overwriting files. According to a public ledger of transactions listed on blockchain.info, more than 30 victims paid into the bitcoin account associated with the attack.
A flaw that was patched in a security update in March could have been the path for the spread of the virus, Microsoft said.
"We are continuing to investigate and will take appropriate action to protect customers," a spokesman for the company said, adding that Microsoft antivirus software detects and removes it.
Operations were disrupted at one of the three terminals of India's largest container port  - Jawaharlal Nehru Port (JNPT) in Mumbai.
Danish shipping giant AP Moller-Maersk, which also reported disruptions in Los Angeles, was incharge of operating the impacted terminal. The port has been trying to clear containers manually and is operating at about a third of its capacity, said JNPT chairman Anil Diggikar.
The ransomware attack had affected some of their systems, said Reckitt Benckiser and India-based employees at Beiersdorf, makers of Nivea skin care products.
A trade union official said a Cadbury chocolate factory was hit in Australia. After computer systems went down late on Tuesday, production ground to a halt at the Hobart factory on the island state of Tasmania.
Overnight staff in various regions were experiencing technical problems, Cadbury owner Mondelez International Inc said in a statement.
They had detected attacks in other Asia-Pacific countries but did not provide details, cybersecurity firms Kaspersky Lab and FireEye Inc said.
With victims spread across countries including Britain, France, Germany, Italy, Poland and the United States, according to Kaspersky Lab, globally, Russia and Ukraine were most affected by the thousands of attacks. The total number of attacks was unknown.
In order to protect them against attacks using Eternal Blue code, in the wake of the WannaCry ransom attack last month, because many computers had been patched with Windows updates, they expected the impact to be smaller than WannaCry, security experts said.
Still, Juniper Networks said in a blog post analysing the attack that because it makes computers unresponsive and unable to reboot, the attack could be more dangerous than traditional strains of ransomware.
malware code used in earlier ransomware campaigns known as "Petya" and "GoldenEye" could have been borrowed by the attack, researchers said.
Businesses and consumers were aggressively advised to make sure all their computers were updated with Microsoft patches to defend against the threat, following last month's attack, by governments, security firms and industrial groups.
It was monitoring the attacks and coordinating with other countries, said the U.S. Department of Homeland Security. Saying that doing so did not guarantee access would be restored, it advised victims not to pay the extortion.
There was currently no risk to public safety, the White House National Security Council said in a statement. It said that the United States was determined to hold those responsible accountable.
The North Korean government was behind WannaCry and Shadow Brokers is tied to the Russian government, several private security experts have said they believe. Both countries' governments deny charges they are involved in hacking.
The first attacks were reported from Russia and Ukraine.
oil production had not been affected because it switched over to backup systems even though its systems had suffered "serious consequences", said Russia's Rosneft, one of the world's biggest crude producers by volume.
the central bank reported disruption to operations at banks and firms, including the state power distributor and the government's computer network went down, said Ukrainian Deputy Prime Minister Pavlo Rozenko.
Its computers were blocked and had received the ransom demand, said a Ukrainian media company.
"Perhaps you are busy looking for a way to recover your files, but don't waste your time. Nobody can recover your files without our decryption service," the message said, according to a screenshot posted on Ukraine's Channel 24.