A computer virus wreaked havoc on firms around the globe on Wednesday as it spread to more than 60 countries, disrupting ports from Mumbai to Los Angeles and halting work at a chocolate factory in Australia.
Risk-modeling firm Cyence said economic losses from this week's attack and one last month from a virus dubbed WannaCry would likely total $8 billion. That estimate highlights the steep tolls businesses around the globe face from growth in cyber-attacks that knock critical computer networks offline.
"When systems are down and can't generate revenue, that really gets the attention of executives and board members," said George Kurtz, chief executive of security software maker CrowdStrike. "This has heightened awareness of the need for resiliency and better security in networks."
The virus, which researchers are calling GoldenEye or Petya, began its spread on Tuesday in Ukraine. It infected machines of visitors to a local news site and computers downloading tainted updates of a popular tax accounting package, according to national police and cyber experts.
It shut down a cargo booking system at Danish shipping giant A.P. Moller-Maersk (MAERSKb.CO), causing congestion at some of the 76 ports around the world run by its APM Terminals subsidiary
Maersk said late on Wednesday that the system was back online: "Booking confirmation will take a little longer than usual but we are delighted to carry your cargo," it said via Twitter.
U.S. delivery firm FedEx said its TNT Express division had been significantly affected by the virus, which also wormed its way into South America, affecting ports in Argentina operated by China's Cofco.
The malicious code encrypted data on machines and demanded victims $300 ransoms for recovery, similar to the extortion tactic used in the global WannaCry ransomware attack in May.
Security experts said they believed that the goal was to disrupt computer systems across Ukraine, not extortion, saying the attack used powerful wiping software that made it impossible to recover lost data.
"It was a wiper disguised as ransomware. They had no intention of obtaining money from the attack," said Tom Kellermann, chief executive of Strategic Cyber Ventures.
Brian Lord, a former official with Britain's Government Communications Headquarters (GCHQ) who is now managing director at private security firm PGI Cyber, said he believed the campaign was an "experiment" in using ransomware to cause destruction.
"This starts to look like a state operating through a proxy," he said.
ETERNAL BLUE
The malware appeared to leverage code known as "Eternal Blue" believed to have been developed by the U.S. National Security Agency.
Eternal Blue was part of a trove of hacking tools stolen from the NSA and leaked online in April by a group that calls itself Shadow Brokers, which security researchers believe is linked to the Russian government.
That attack was noted by NSA critics, who say the agency puts the public at risk by keeping information about software vulnerabilities secret so that it can use them in cyber operations.
U.S. Representative Ted Lieu, a Democrat, on Wednesday called for the NSA to immediately disclose any information it may have about Eternal Blue that would help stop attacks.
“If the NSA has a kill switch for this new malware attack, the NSA should deploy it now,” Lieu wrote in a letter to NSA Director Mike Rogers.
The NSA did not respond to a request for comment and has not publicly acknowledged that it developed the hacking tools leaked by Shadow Brokers.
The target of the campaign appeared to be Ukraine, an enemy of Russia that has suffered two cyber-attacks on its power grid that it has blamed on Moscow.
ESET, a Slovakian cyber-security software firm, said 80 percent of the infections detected among its global customer base were in Ukraine, followed by Italy with about 10 percent.
Ukraine has repeatedly accused Moscow of orchestrating cyber attacks on its computer networks and infrastructure since Russia annexed Crimea in 2014.
The Kremlin, which has consistently rejected the accusations, said on Wednesday it had no information about the origin of the attack, which also struck Russian companies including oil giant Rosneft (ROSN.MM) and a steelmaker.
"Unfounded blanket accusations will not solve this problem," said Kremlin spokesman Dmitry Peskov.
Austria's government-backed Computer Emergency Response Team (CERT) said "a small number" of international firms appeared to be affected, with tens of thousands of computers taken down.
Microsoft, Cisco Systems Inc and Symantec Corp (SYMC.O) said they believed the first infections occurred in Ukraine when malware was transmitted to users of a tax software program.
Russian security firm Kaspersky said a news site for the Ukraine city of Bakhumut was also hacked and used to distribute the ransomware.
A number of the victims were international firms with have operations in Ukraine.
They include French construction materials company Saint Gobain (SGOB.PA), BNP Paribas Real Estate (BNPP.PA), and Mondelez International Inc (MDLZ.O), which owns Cadbury chocolate.
Production at the Cadbury factory on the Australian island state of Tasmania ground to a halt late on Tuesday after computer systems went down.
Reuters
Thu Jun 29 2017
The virus, which researchers are calling GoldenEye or Petya, began its spread on Tuesday in Ukraine. - FILEpic
Lisa BLACKPINK beli rumah ‘tersorok’ di Beverly Hills, harga RM19 juta
Tidak ada yang mengejutkan apabila Lisa BLACKPINK telah menambah satu lagi aset berbentuk kediaman.
[TERKINI] Letusan Gunung Ruang: Indonesia keluar amaran tahap tertinggi
Pihak berkuasa Indonesia meningkatkan amaran keselamatan ke tahap tertinggi selepas Gunung Ruang yang meletus beberapa kali di Kepulauan Sangihe kelmarin, mengeluarkan asap setinggi lebih 1.6 kilometer (km) sehingga memaksa ratusan penduduk dipindahkan.
Mengenang sumbangan dan jasa Joseph Kurup
Pensyarah Kanan Universiti Malaysia Sabah, Dr Romzi Ationg berkongsi pandangan dan memperingati sumbangan dan jasa mendiang Joseph Kurup.
Ronaldo digantung dua perlawanan kerana berkelakuan ganas
Cristiano Ronaldo digantung dua perlawanan kerana menyiku lawan dan mengancam menyerang pengadil selepas Al Nassr tewas kepada Al Hilal.
PBAPP akan lepas air dari EMD jika Sungai Muda terus menyusut
PBAPP boleh melepaskan maksimum 600 juta liter air mentah sehari (JLH) dari EMD yang berfungsi sebagai sumber sokongan kemarau apabila Sungai Muda terus menyusut berikutan cuaca kering.
TikTok mulakan ujian untuk aplikasi perkongsian gambar dan teks
TikTok Notes akan memudahkan perkongsian perkembangan harian dengan lebih mudah dan kreatif menggunakannya.
Amir Hamzah ketuai delegasi Malaysia ke mesyuarat IMF, Bank Dunia di Washington
Amir Hamzah mengetuai delegasi Malaysia ke Washington, Amerika Syarikat bagi menghadiri Mesyuarat Musim Bunga IMF dan Kumpulan Bank Dunia.
Misi Flotila ke Gaza bermula hari ini
Seramai 20 aktivis Malaysia akan menyertai Misi Flotila ke Gaza yang dijangka berlepas pada Ahad ini di mana misi ini akan bermula di Istanbul Turki pada Khamis sebagai persediaan akhir dan dijangka berlepas ke Gaza nanti.
[TERKINI] Kerajaan setuju pertimbang salur peruntukan kepada wakil rakyat Pembangkang – Fadillah
Kerajaan Persekutuan bersetuju untuk mempertimbang penyaluran peruntukan kepada wakil rakyat pembangkang, kata Timbalan Perdana Menteri II Datuk Seri Fadillah Yusof.
Dalam satu kenyataan media pada Khamis, beliau yang juga Ketua Whip Kerajaan Perpaduan berkata, perkara itu dipersetujui dalam Mesyuarat Majlis Pimpinan Tertinggi Sekretariat Kerajaan Perpaduan di Putrajaya pada Rabu.
Dalam satu kenyataan media pada Khamis, beliau yang juga Ketua Whip Kerajaan Perpaduan berkata, perkara itu dipersetujui dalam Mesyuarat Majlis Pimpinan Tertinggi Sekretariat Kerajaan Perpaduan di Putrajaya pada Rabu.
Pekerja kilang belacan dituduh membunuh
Seorang pekerja kilang belacan didakwa di Mahkamah Majistret Teluk Intan atas tuduhan membunuh seorang lelaki, awal bulan ini.