Ransomware Reaches Asia-Pacific, Though Focus Remains on Europe


The global scope of the attack underlines the power of a cache of National Security Agency hacking tools that were leaked to the public. The new attack makes use of the same N.S.A. tools that were used during the WannaCry episode, along with two other methods to promote its spread, according to researchers at the computer security firm Symantec.

A fuller picture of the impact could still emerge in coming days. But local companies and government offices appeared less affected, notably in places like China, which were harder hit by the WannaCry outbreak in May. Reports from Asia suggested that many of the companies hit were the local arms of European and American companies struck on Tuesday.

So far, the cyberattacks have generated just over $9,000 in ransom payments, a figure that is likely to steadily rise over the coming days.

In Mumbai, the terminal that shut down was operated by A.P. Moller-Maersk, the Danish shipping giant, which said on Tuesday that it had been hit by the malware. In a statement, the Indian port authorities said they were taking steps to relieve congestion, such as finding places to park stranded cargo. The attack shut the terminal down on Tuesday afternoon.

On the Australian island of Tasmania, computers in a Cadbury chocolate factory owned by Mondelez International, the American food company, displayed the ransomware message, according to the local news media.

“We continue to work quickly to address the current global I.T. outage across Mondelez International and to contain any further exposure to our network,” said a spokeswoman for the company, adding that it was not clear when the company’s systems would be back up.

The virus also spread to the Australian branches of DLA Piper, a law firm with offices around the world. The law firm warned clients it was dealing with a “serious global cyber incident” and said it had taken down its communications as a precaution.

The Australian government urged companies to install security updates and isolate any infected computers from their main networks.

“This ransomware attack is a wake-up call to all Australian businesses to regularly back up their data and install the latest security patches,” said Dan Tehan, the minister for cybersecurity, who added that the Australian government was working to confirm whether two Australian businesses had been affected by the attack.

Asia most likely avoided major difficulties not because computers there are frequently updated, but because the attack itself targeted businesses in Ukraine, Russia and Poland, according to a post from the cybersecurity firm Kaspersky Lab. According to the report, Ukraine, Russia, Poland, Italy and Germany were the countries most affected by the attack.

Security researchers said that the attack originated in Ukraine, where the hackers had intended it to hit a day before the holiday marking the adoption in 1996 of Ukraine’s first Constitution after its break from the former Soviet Union. More than 12,500 machines were targeted in the country, according to Microsoft, though the online attack quickly spread to 64 countries.

While law enforcement officials struggled to determine who had caused the hack, Microsoft said the assailants initially focused their illegal activities on supply-chain software run by M.E.Doc, a Ukrainian company specializing in tax accountancy. That attack then spread quickly throughout Ukraine, Russia and into other countries around the globe. In a Facebook post, M.E.Doc denied that it was the source of the attack.

“The rapid spread of the Petya ransomware is unfortunate yet unsurprising,” said Michela Menting, a cybersecurity expert at ABI Research in Geneva. “The WannaCry attack should have been a wake-up call for organizations worldwide.”

In China, where last month’s WannaCry attack had major effects, there were only scattered reports of the malware spreading. Qihoo 360, a Chinese computer security company, said far fewer companies and government offices were hit than by WannaCry. Without giving a specific total, Qihoo’s chief security engineer, Zheng Wenbin, said that the number of discrete incidences of the malware trying to infect a computer was only a tenth of what was seen during WannaCry.

“It’s not a widespread outbreak,” he said, adding that many of the affected networks in the country were associated with companies involved in international trade or transnational communications.

Across Asia many computers run outdated or pirated versions of Windows and are particularly vulnerable to malware. During the WannaCry attack, both India and China were hard hit because many computer systems had not been upgraded.

So unwilling are companies in China to pay for security software that Qihoo 360 uses a business model that offers free security software, and then makes money off advertising. The company used the newest attack as a marketing opportunity: It said it was offering a worldwide anti-ransomware service, and if it failed to stop an attack, it would pay the ransom.

Experts caution that paying the ransom may not help restore the computer.

Continue reading the main story

Source link