KIEV — Thousands of computer users across the globe scrambled to reboot on Wednesday as calls grew to step up defenses after a fresh wave of ransomware cyberattacks spread from Ukraine and Russia worldwide.
The virus, which demanded a payment worth $300 as it locked up files at companies and government agencies including the Chernobyl nuclear site, was reminiscent of the WannaCry ransomware that swept the world last month, hitting more than 200,000 users in more than 150 countries.
But the new attack appeared much smaller in scale, with global cybersecurity firm Kaspersky Lab estimating the number of victims at 2,000. There was no immediate indication of who was responsible.
The director of European police agency Europol, Rob Wainwright, said there were "clear similarities" with the WannaCry incident but warned that there were also "indications of a more sophisticated attack capability intended to exploit a range of vulnerabilities".
Some IT specialists identified the newcomer as "Petrwrap", a modified version of ransomware called Petya which circulated last year. But Kaspersky described it as a new form of ransomware.
And after a fresh cyberattack challenged security worldwide for the second time in just a few months there were international demands for greater focus on battling the issue.
NATO chief Jens Stoltenberg said the situation "underlines the importance of strengthening our cyber defenses" as he warned hacking attacks could potentially trigger the US-led bloc's mutual defense commitment.
Meanwhile, Kremlin spokesman Dmitry Peskov said the incident proves Russian demands for "cooperation" were justified as "no country can now effectively deal with the cyber-threat alone".
In Ukraine, where the attacks were first reported and appeared most severe, the government said the attack had been halted by Wednesday morning, but key organizations were still reporting problems.
"The large-scale cyberattack on corporate and government networks that happened yesterday on June 27 has been stopped," the government said in a statement.
"The situation is under the complete control of cybersecurity experts and they are now working on recovering lost data," it said, adding that all "strategic enterprises" were functioning as normal.
Despite the assurances, employees at the Chernobyl nuclear site were continuing to use hand-held Geiger counters to measure radiation levels after the monitoring system was shut down by the hack.
Online arrivals and departures information for Kiev's main Boryspil airport also remained down, but its director said the hub was otherwise fully operational. Meanwhile, systems at the major lender Oschadbank still appeared crippled, while a delivery service and energy supplier said they were also facing some difficulties.
The attacks started Tuesday at around 2:00 p.m. in Kiev (1100 GMT) and quickly spread to about 80 companies in Ukraine and Russia, said cybersecurity company Group IB. In Russia, major companies including the oil giant Rosneft said they had suffered cyberattacks at roughly the same time.
Later, multinationals in Western Europe and the United States reported that they too had been hit by the virus. Among the companies reporting problems were global shipping firm Maersk, British advertising giant WPP, French industrial group Saint-Gobain and US pharmaceutical group Merck.
India's government said operations at a terminal at the country's largest container port in Mumbai, run by Maersk, were disrupted. In the Netherlands one of Europe's largest container terminals at Rotterdam was forced to switch to manual operations Wednesday due to the attack.
US delivery firm FedEx Corp said its TNT Express division had been significantly affected by the virus, which also wormed its way into South America, affecting ports in Argentina operated by China's Cofco.
Security specialists said the cyberattacks on Tuesday exploited an already patched vulnerability in Windows software and appeared to have focused on Ukraine as a primary target.
The malware that, once in a computer, locked away data from users who were then told to pay, bore resemblances to the recent WannaCry attack. US software titan Microsoft also called the latest virus ransomware.
"Our initial analysis found that the ransomware uses multiple techniques to spread, including one which was addressed by a security update previously provided for all platforms from Windows XP to Windows 10 (MS17-010)," a Microsoft spokesperson told AFP.
After the WannaCry scourge in May, Microsoft urged users to protect machines with the MS17-010 patch. The flaw — and the means to exploit it — had previously been disclosed in pirated documents about cyberweapons at the US National Security Agency.
Meanwhile, Danish shipping mammoth Maersk said Wednesday it had shut down some of its computer systems after a global cyberattack disrupted operations at its terminals and hindered it from taking new orders.
A number of Maersk's 76 container terminals were affected and were forced to run on manual systems, AP Moller Maersk chief operating officer Vincent Clerc told AFP, refusing to specify which terminals were impacted because of the "fluidity of the situation."
"Some terminals that were down this morning are now up and running," Clerc said. Maersk's two terminals in Rotterdam, Europe's biggest port, were however "still affected" on Wednesday, Clerc said.
India's shipping ministry said meanwhile a terminal run by Maersk at the Mumbai port, the largest in India, was also affected. While the systems are down, "we have to manage on a manual basis... It's difficult for people in the terminals to tell the people on the ground — the longshoremen — which containers to unload," Clerc said.
A spokesman for APM Terminals in Rotterdam, Tom Boyd, said the manual process was tough work. "Today we are handling 4,500 containers. It's more labor extensive, but we are making it work. We are communicating with our customers through gmail and other things because the IT system is down," he told AFP. — AFP
