New Cyberattack Freezes Computers Across The Globe Jun 27, 2017

A screen of an idle virus affected cash machine in a state-run OshchadBank says 'Sorry for inconvenience/Under repair' in Kiev, Ukraine, Wednesday, June 28, 2017. The cyberattack ransomware that has paralyzed computers across the world hit Ukraine hardest Tuesday, with victims including top-level government offices, energy companies, banks, cash machines, gas stations, and supermarkets.

New Cyberattack Freezes Computers Across The Globe Jun 27 2017 Date

(AP Photo/Efrem Lukatsky) Companies and governments around the world on Wednesday counted the cost of a software epidemic that has disrupted ports, hospitals and banks. Logistics firm FedEx says deliveries by its TNT Express subsidiary have been 'slowed' by the cyberattack, which had 'significantly affected' its systems. Ports operated by the Danish shipping giant A.P. Moller-Maersk are still crippled. An Alabama port official, James K. Lyons, said crews at Maersk's APM terminal in Mobile, Alabama, have been loading and unloading containers in manual mode, without the normal computerized coordination. The company's operations were shuttered in Mumbai, India, Port Elizabeth, New Jersey, and Los Angeles, among others.

In a statement, Moller-Maersk acknowledged that its APM Terminals had been 'impacted in a number of ports' and that an undisclosed number of systems were shut down 'to contain the issue.' The company declined to provide further detail or make an official available for an interview. Ukraine, which was hardest hit and where the attack likely originated, said it had secured critical state assets—though everyday life remained affected, with cash machines out of order and airport displays operating manually. Airport employees work use a laptop computer at Boryspil airport in Kiev, Ukraine, Tuesday, June 27, 2017. A new and highly virulent outbreak of malicious data-scrambling software appears to be causing mass disruption across Europe, hitting Ukraine especially hard, with company and government officials reporting serious intrusions at the Ukrainian power grid, banks and government offices. (AP Photo/Sergei Chuzavkov) As the impact of the cyberattack that erupted Tuesday was still being measured at offices, loading docks and boardrooms, the Ukrainian Cabinet said that 'all strategic assets, including those involved in protecting state security, are working normally.' But that still left a large number of non-strategic assets—including dozens of banks and other institutions—fighting to get back online.

Cash machines in Kiev seen by an Associated Press photographer were still out of order Wednesday, and Ukrainian news reports said that flight information at the city's Boryspil airport was being provided in manual mode. A local cybersecurity expert discounted the Ukrainian government's assurances. 'Obviously they don't control the situation,' Victor Zhora of Infosafe in Kiev told the AP. At the very least, cybersecurity firms say thousands of computers worldwide have been struck by the malware, which goes by a variety of names, including ExPetr. People queue for their turn to pay at a slowly working cash desk in a building supermarket in Kiev, Ukraine, Wednesday, June 28, 2017. The cyberattack ransomware that has paralyzed computers across the world hit Ukraine hardest Tuesday, with victims including top-level government offices, energy companies, banks, cash machines, gas stations, and supermarkets. (AP Photo/Efrem Lukatsky) In Pennsylvania, lab and diagnostic services were closed at the satellite offices of the Heritage Valley Health System.

In Tasmania, an Australian official said a Cadbury chocolate factory had stopped production after computers there crashed. Other organizations affected include U.S. Drugmaker Merck, food and drinks company Mondelez International, global law firm DLA Piper, and London-based advertising group WPP. But most of the damage remains hidden away in corporate offices and industrial parks. As IT security workers turned their eye toward cleaning up the mess, others wondered at the attackers' motives. The attack has the telltale signs of ransomware, which scrambles a computer's data until a payment is made, but some experts believe this attack was less aimed at gathering money than at sending a message to Ukraine and its allies.

That hunch was buttressed by the way the malware appears to have been seeded using a rogue update to a piece of Ukrainian accounting software—suggesting an attacker focused on Ukrainian targets. And it comes on the anniversary of the assassination of a senior Ukrainian military intelligence officer and a day before a national holiday celebrating a new constitution signed after the breakup of the Soviet Union. A woman passes by cash machines that do not work in a city supermarket in Kiev, Ukraine, Wednesday, June 28, 2017. The cyberattack ransomware that has paralyzed computers across the world hit Ukraine hardest Tuesday, with victims including top-level government offices, energy companies, banks, cash machines, gas stations, and supermarkets. (AP Photo/Efrem Lukatsky) 'The threat we're talking about looks like it was specially developed for Ukraine because that was the place it created most of the damage,' said Bogdan Botezatu, of Romanian security firm Bitdefender, calling it a case of 'national sabotage.' Suspicions were further heightened by the re-emergence of the mysterious Shadow Brokers group of hackers, whose dramatic leak of powerful NSA tools helped power Tuesday's outbreak, as it did a previous ransomware explosion last month that was dubbed WannaCry.

New Cyberattack Freezes Computers Across The Globe Jun 27 2017 Philippines

In a post published Wednesday, The Shadow Brokers made new threats, announced a new money-making scheme and made a boastful reference to the recent chaos. The malware didn't appear to make a lot of money for its creators.

A bitcoin wallet used to collect ransoms showed only about $10,000. And some analysts going through the malware's code said that the ransomware may not even operate as ransomware at all; victims' data appear to be hopelessly scrambled, rather than recoverable after the payment of ransom.

New Cyberattack Freezes Computers Across The Globe Jun 27 2017 2017

Matthieu Suiche, the founder of Dubai-based Comae Technologies, said the ransom demand was merely 'a mega-diversion.' In a blog post, he wrote that the code pointed not to criminals, but 'in fact a nation state attack.' Researchers at Kaspersky Lab echoed the findings, saying in a statement, 'Our analysis indicates there is little hope for victims to recover their data.' Explore further.

A global ransomware attack slammed businesses around the world Tuesday, affecting oil companies, a major shipping line, banks and a major U.S. Pharmaceutical company, and marking the second consecutive month that such an epidemic swept the world. Tuesday’s impact spanned from India to the United States, although it hit hardest in Ukraine and Russia. Like a previous attack that affected more than 150 countries on May 12, Tuesday’s virulent outbreak appeared to be powered by a U.S. Cyber weapon stolen from the National Security Agency. The epidemic used a variant of ransomware known as Petya, and it froze hard drives of tens of thousands of computers and left screen messages demanding that owners make a payment of $300 to unlock their data. While Ukraine and Russia were hardest hit, other countries that felt the impact included France, Spain, Denmark, Poland, Italy, Germany, Brazil, Turkey, India and the United States.

One of the largest health networks in western Pennsylvania, Heritage Valley Health System, said that a “cyber security incident” had but it wasn’t clear if the incident was linked to the Petya ransomware. A number of global companies reported damage. They included Rosneft, the Russian firm that is the world’s largest publicly traded oil company; the Danish shipping and energy giant A.P. Moller-Maersk; WPP, the British advertising giant, and France’s Saint Gobain construction materials company. The outbreak appeared to spread through an update sent by a financial software company, MeDoc, in Ukraine.

“Essentially what happened is MeDoc (big financial software) was hacked and they pushed out the malware via the update feature,” posted a security researcher, Marcus Hutchins, who is credited with finding and activating a “kill switch” that put a halt to the WannaCry epidemic in May. The cyberattack slowed operations at Boryspyl International Airport near Ukraine’s capital, Kyiv, and hit several major public sector enterprises, including the central bank, before dashing across borders. There may be delays in flights due to the situation. Yevhen Dykhne, director of Kyiv’s Boryspyl International Airport “Our IT services are working together to resolve the situation. There may be delays in flights due to the situation,” airport director Yevhen Dykhne said in a statement. The radiation monitoring system at the ruins of the Chernobyl nuclear plant, site of a catastrophic nuclear accident in Ukraine in 1986, was affected by the cyberattack, the French news agency AFP reported.

The Petya ransomware was an older criminal Trojan that had been given new life and a mechanism for self-replicating through a stolen NSA tool known as EternalBlue, said Nick Bilogorskiy, senior threat director at Cyphort, a Santa Clara, California, cybersecurity firm, in an emailed statement. The initial infection occurs when a recipient opens a malicious link, he said, which then encrypts the computer’s master file. A massive hacker attack has hit the servers of the Company. We hope it has no relation to the ongoing court procedures.— Rosneft (@RosneftEN) A global law firm with headquarters in London, DLA Piper, reported extensive problems. A sign outside its offices in Washington told employees upon entering: “Please remove all laptops from docking stations & keep turned off.No exceptions.” One cyber expert said the latest attack may be a harbinger of greater disruption ahead. “The sophistication and consequences of ransomware attacks have reached a new level.

The days are near where a cyber-attack can result in a total blackout and affect the lifeblood of society,” said Matthias Maier, security expert at Splunk, a San Francisco software company. The spread of the ransomware unfolded at alarming speed. One security researcher, Dave Kennedy of TrustedSec, a Strongsville, Ohio, firm, tweeted that Petya “spreads SUPER fast,” adding that he observed the ransomware hit 5,000 networks “in under 10 minutes.” Like the perpetrators of the May 12 WannaCry attack, those behind the Petya attack raised little money from the mayhem they were causing. By late afternoon, with a value of about $8,050. “That’s one of the headscratchers of this. If it’s done for criminal means, you’d think they be better criminals,” said, deputy director of the Cyber Statecraft Initiative at the Atlantic Council, a think tank. “It could be that they are just really bad at creating malicious software or setting up criminal enterprises.” The utilized one of a handful of powerful cyber tools stolen from the NSA and leaked to the public in March by an underground group,.

The group contends it has many more tools that it will auction off to bidders. Some experts say epidemic, which they said hit 10 to 15 million computers worldwide.

The NSA has never confirmed the breach. Jonathan Pollet, founder of a Houston area industrial cybersecurity firm, said that a decade ago malware was usually constructed for a single purpose. But today, malicious code is more sophisticated and comprises tool sets that “are almost like lego bricks” and have multiple purposes.

The NSA EternalBlue tool is just one component, he said. For those angry that a government-created tool might fall into criminal hands and point back at the country of its creators, Pollet said there is little to be done. “You can’t sue a federal agency,” Pollet said. “There’s no recourse for this.”.