Cyberattack continues to clog up port systems, major networks
(Bloomberg) -- A cyberattack similar to WannaCry entered its second day, hitting businesses, port operators and government systems across the globe, with companies struggling to retake control of their networks.
A.P. Moller-Maersk A/S shut down systems across its operations to contain the cyberattack against its computer network, as it assesses the full impact. BNP Paribas SA’s non-banking Real Estate unit was also hit, while a number of WPP Plc companies continue to be affected by the cyberattack, Chief Executive Officer Martin Sorrell and John Seifert, CEO of the ad giant’s Ogilvy & Mather unit, said in memo to staff.
Hamburg-based Beiersdorf AG, the maker of Nivea and Labello lip balm, said its central office and all worldwide sites were affected.
The cyberattack began in Ukraine Tuesday, infecting computer networks and demanding $300 in cryptocurrency to unlock their systems. As of Midday Tuesday in North America, Kaspersky Lab analysts said about 2,000 users had been attacked, with organizations in Russia and Ukraine the most affected.
“Our portal is down and we are not able to take on new orders until we get it back up,” Maersk Line Chief Commercial Officer Vincent Clerc said by phone, declining to say when systems would return to normal. “We’re being very cautious to ensure that as we bring the applications back up, the attack is contained and rolled back. It limits the accessibility we have at the moment.”
A terminal operated by Maersk at the Jawaharlal Nehru Port Trust, a facility near Mumbai, which is India’s biggest container port, was unable to load or unload shipments because of the attack. With the Gateway Terminal India facility unable to identify which shipment belongs to whom, the port is clearing cargo manually, Chairman Anil Diggikar said.
“With there being no global kill switch for this one, we’ll continue to see the numbers rise in different parts of the world as more vulnerable systems become more exposed,” said Beau Woods, deputy director of the Cyber Statecraft Initiative at the Atlantic Council in Washington.
The attacks had a limited impact in Asia. While there were early signs the virus was starting to spread in China, no large-scale outbreak was detected, according to Zheng Wenbin, chief security engineer at Qihoo 360 Technology Co.
After the WannaCry outbreak earlier this year, ransomware is becoming a routine risk for businesses around the world. While banks and retailers have strengthened defenses against certain types of attacks, such as those targeting credit card data, many others are still catching up in building their defenses.
However, unlike traditional forms of ransomware, which often provide secure forms of payment in order to release control of networks, the new hack has seemingly concentrated on crippling systems, rather than obtaining a ransom. The email address posted on users’ locked screen, used by victims to receive decryption keys, was easily and swiftly shut down by the email provider.
"If it is a ransomware campaign to make money it doesn’t add up," Raj Samani, chief scientist at McAfee, a cybersecurity company owned by Intel Corp., said. He said there were many elements of the attack that made it look like the perpetrators did not actually care all that much about receiving payments.
Read more: A QuickTake Q&A on how ransomware works
Kremlin-controlled Rosneft, Russia’s largest crude producer, said it avoided “serious consequences” from the “hacker attack” by switching to a backup system for managing production processes, however some cash registers failed due to the attacks.
U.K. media company WPP’s website was knocked offline, and employees were told to turn off their computers and not use Wi-Fi, according to a person familiar with the matter. Sea Containers, the London building that houses WPP and agencies including Ogilvy & Mather, was been shut down Tuesday, another person said, and workers Wednesday were encouraged to work from home and avoid logging into the central network.
Law firm DLA Piper took down its systems as a “precautionary measure,” meaning clients couldn’t contact its team by email or land-line, according to a notice on its website.
The most vulnerable places are “where the operators are a lot of the times at the mercy of manufacturers and providers of those technologies and there’s a long time between existence of a fix and implementation of a fix,” Woods said.
Maersk said its customers can’t use online booking tools and its internal systems are down. Diggikar said 75 Maersk group terminals were hit by the attack.
APM Terminals, owned by Maersk, at the Port of New York and New Jersey closed Tuesday “due to the extent of the system impact,” the Port said.
Cie de Saint-Gobain, a French manufacturer, said its systems had also been infected, though a spokeswoman declined to elaborate. Mondelez International Inc. said it was also experiencing a global IT outage and was looking into the cause. Merck & Co. Inc., based in Kenilworth, New Jersey, reported that its computer network was compromised due to the hack.
At BNP Paribas, the attack was stopped from spreading outside the property development and management unit, a spokeswoman for the French banking group said.
The strikes follow the global ransomware assault involving WannaCry virus that affected hundreds of thousands of computers in more than 150 countries as extortionists demanded bitcoin from victims. Ransomware attacks have been soaring and the number of such incidents increased by 50 percent in 2016, according to Verizon Communications Inc.
The attack popped up in government systems in Kiev, then disabled operations at companies including Rosneft PJSC and the Chernobyl nuclear facility. More than 80 companies in Russia and Ukraine were initially affected, Moscow-based cybersecurity company Group-IB said Tuesday. The hack quickly spread through Europe and into the U.S.
Microsoft Corp., cybersecurity analysts, and Ukrainian police said the global hack could be traced to a Ukrainian accounting software producer.
“While this attack directly impacts IT systems, we must consider how the ransomware threat will evolve in the near future to also impact IoT devices and connected cars,” said Mark Hearn, who is director of Internet of Things security at Irdeto.
Analysts at Symantec Corp., have said the new virus -- initially branded Petya -- uses an exploit called EternalBlue to spread, much like WannaCry. EternalBlue works on vulnerabilities in Microsoft’s Windows operating system.
--With assistance from Volodymyr Verbyany, Stepan Kravchenko, Gao Yuan, Kyunghee Park, Jeremy Kahn and Dhwani Pandya