Even after all the WannaCry hoopla in May. US companies too!
The Petya ransomware attack infected over 2,000 computer systems across the world as of midday today, according to Kaspersky Lab, cited by Reuters. Russia and Ukraine were most affected. Other victims were in Britain, France, Germany, Italy, Poland, and the US. When China starts up its computers, it will suffer the consequences for not staying in bed.
The malware includes code known as “Eternal Blue,” which was also used in the WannaCry attack in May. Experts believe the code was purloined from NSA. The ransomware encrypts hard drives of infected machines and then demands $300 in bitcoin in order for the user to regain access. Petya takes advantage of the same vulnerability in Windows as WannaCry.
But Microsoft released a patch to fix this vulnerability on March 14. Patched computers were not affected by WannaCry, and are not affected today. The Windows Malicious Software Removal Tool detects and removes the malware automatically during the updating process. But that update isn’t available for bootleg copies of Windows – hence China’s disproportionate problems with the attack in May.
And computers that are running legitimate versions of Windows but hadn’t been updated for whatever reason are vulnerable. Amazingly, when WannaCry hit, plenty of companies were mauled because some dude hadn’t updated their machines. Corporate and government networks were hit. You’d think after the hue and cry in May, all legit corporate systems would be updated, and bootleg copies of Windows would be replaced either by a legit copy of Windows or another operating system. But no. Rinse and repeat.
The first attacks were reported from Russia and Ukraine. And then it spread around the world. These are among the companies that reported having been hit:
Rosneft, Russian state-owned oil company and one of the largest oil producers in the world reported that its network suffered “serious consequences” due the ransomware. But it was able to maintain oil production by switching to backup systems.
Russian banks suffered “computer attacks,” and in isolated cases computer networks were infected, according to the Central Bank. Home Credit, a consumer lender, had to shut down all branches.
Russian steelmaker Evraz said its computer network had been hacked, but steel output was not affected.
Ukrainian government’s computer network went down, reported Deputy Prime Minister Pavlo Rozenko.
The International Airport in Kiev, Ukraine, was hit. “In connection with the irregular situation, some flight delays are possible,” Yevhen Dykhne said on Facebook, cited by Reuters.
Ukrainian banks reported disruptions to their operations, according to the National Bank of Ukraine.
Ukraine’s state power producer, a media company, and other firms were hit, including subsidiaries of German operations (see below) and forced to deal with disruptions.
Deutsche Post’s Ukrainian operations of Express were hacked, the German postal and logistics company reported.
Metro’s wholesale stores in Ukraine were hit, the German discount retailer reported.
A.P. Moller-Maersk — Danish conglomerate that includes the largest container carrier in the world with a fleet of over 600 vessels, oil tankers, an oil and gas production business, and port and tug boat operations — reported that the ransomware attack caused an IT breakdown that impacted all its business units around the globe, including 17 of its container terminals.
TNT Express, the Netherlands-based shipping company, now a division of FedEx, said it was experiencing interference with some of its systems due to the ransomware.
UK-based WPP, the world’s largest advertising agency, reported that several of its agencies were hacked. A WPP employee who asked not to be named told Reuters that workers were told to shut down their computers: “The building has come to a standstill.” At 7 PM Pacific Time, when I last checked its website, a placeholder said the site was “currently unavailable due to important routine maintenance.” The placeholder has been in place for hours.
Heritage Valley Health System in Western Pennsylvania had to shut down its entire computer network following the cyber-attack, according to local media reports, cited by Reuters.
Merck & Co, US pharmaceutical company, tweeted that its “computer network was compromised today as part of global hack. Other organizations have also been affected.” Adding, “We are investigating the matter and will provide additional information as we learn more.” A high-tech pharmaceutical company!
French construction materials company Saint Gobain said it too had become a victim and had isolated its computer systems to protect data.
Royal Canin pet food division of US-based Mars Inc. has been hit. A spokeswoman for company said that the infection has been isolated.
US snack company Mondelez International (Oreos, Toblerone, Newtons, Premium and Ritz crackers, etc.) said employees in different regions were experiencing technical problems, but it was unclear whether this was due to ransomware, it said.
India-based operations of German personal-care company Beiersdorf (Nivea skin care products) were impacted by the hack, India-based employees told Reuters.
India-based operations of UK consumers goods company Reckitt Benckiser (Lysol, Enfamil infant formula, Dettol soap) was hacked, according to India-based employees.
An unnamed international company in Norway has been infected with the ransomware, Norway’s national security authority reported.
These are big sophisticated companies, many of them with global operations, and therefore with global IT networks, not mom-and-pop operations. And yet the Windows machines in their networks hadn’t been updated and had remained vulnerable, or were using bootleg copies of Windows that couldn’t be updated, even after all the hoopla in May about this vulnerability. Just sitting here and shaking my head.
In May, about 40,000 Chinese institutions were hit by the WannaCry ransomware attack – more than in any other country. Why? Read… Hotbed of Bootleg Software, China Gets Hit Most by WannaCry
Enjoy reading WOLF STREET and want to support it? Using ad blockers – I totally get why – but want to support the site? You can donate. I appreciate it immensely. Click on the beer and iced-tea mug to find out how:
Would you like to be notified via email when WOLF STREET publishes a new article? Sign up here.