A cyber-attack Tuesday that hit companies across the world is similar to a ransom ware attack last month that targeted hospitals in Britain, although the most recent hack was potentially “more sophisticated,” according to the European police agency. Europol director Rob Wainwright called the hack “another serious ransom ware attack.” He said it bore resemblances to the previous “WannaCry” hack, but also showed indications of a “more sophisticated attack capability intended to exploit a range of vulnerabilities.” The WannaCry hack sent a wave of crippling ransom ware to hospitals across Britain in May, causing the hospitals to divert ambulances and cancel surgeries. Researchers eventually found a way to thwart the hack, but only after around 300 people had already paid the ransom. The cyber attack Tuesday caused disruptions at companies in 64 different countries, including America's Merck pharmaceutical company, Russia's Rosneft oil giant, British advertising agency WPP and French industrial group Saint-Gobain. It also disrupted operations Wednesday at India's largest container port, adding to the headaches of governments and businesses affected by so-called ransom ware code that takes a user's data hostage until the victim agrees to pay for its release. The problems at Jawaharlal Nehru Port in Mumbai involved a terminal run by Danish shipping outfit A.P. Moller-Maersk.
From Europe to US
The company had said Tuesday as the attack was spreading largely in Europe and the United States that the malicious code was affecting terminals “in a number of ports.” Australia's Cyber Security Minister Dan Tehan told reporters Wednesday that officials have not yet confirmed the same computer virus was responsible for ransom ware attacks on two Australian companies, but that “all indications would point to” that being the case. Banks, government offices and airports in Ukraine were among the first to report the cyber attack. A U.S. National Security Council spokesman said the Department of Homeland Security, the FBI and other agencies are “working with public and private, domestic and international partners to respond to this event and provide technical information for prevention and remediation.” “Individuals and organizations are discouraged from paying the ransom as this does not guarantee access will be restored,” the spokesman added. Europol's European Cybercrime Center has told anyone affected by Tuesday's attack to report the crime to national police, and encouraged them not to pay any ransom requested by hackers.
Eternal Blue
The computer virus used in the attack includes code known as Eternal Blue, a tool developed by the NSA that exploited Microsoft's Windows operating system and which was published on the internet in April by a group called Shadowbrokers. Microsoft released a patch in March to protect systems from that vulnerability. Tim Rawlins, director of the Britain-based cyber security consultancy NCC Group, says these attacks continue to happen because people have not been keeping up with effectively patching their computers. “This is a repeat WannaCry type of outbreak and it really comes down to the fact that people are not focusing on what they should be focusing on, the very simple premise of patching your systems,” Rawlins told VOA.
Via VOA News
