A massive ransomware attack has hit businesses around the world, causing major companies to shut down their computer systems.Researchers are still investigating the software behind the attack, warning that it’s more sophisticated than the WannaCry worm that struck hundreds of thousands of computers across the globe last month.
“WannaCry was a tremendous failure. It was a lot of noise, very little money, and everyone noticed it,” said Craig Williams, an expert at cybersecurity firm Cisco Talos. “What we’re seeing today is a much more intelligent worm.”
What does it do?
The ransomware infects computers and locks down their hard drives. It demands a $300 ransom in the anonymous digital currency Bitcoin.
The email account associated with the ransomware has been blocked, so even if victims pay, they won’t get their files back.
Law enforcement and cybersecurity experts agree that victims should never pay ransoms for such attacks.
How does it spread?
Researchers say the ransomware virus is a worm that infects networks by moving from computer to computer.
It uses a hacking tool called EternalBlue, which takes advantage of a weakness in Microsoft Windows. Microsoft (MSFT, Tech30) released a patch for the flaw in March, but not all companies have used it.
EternalBlue was in a batch of hacking tools leaked earlier this year that are believed to have belonged to the U.S. National Security Agency.
Who’s been hit?
Top international businesses headquartered in Europe and the U.S. have come under attack. They include Russian oil and gas giant Rosneft, Danish shipping firm Maersk, U.S.-based pharmaceutical company Merck and law firm DLA Piper. French retailer Auchan Group and the real estate division of BNP Paribas were also affected.
Ukrainian organizations took a particularly heavy blow. Banks, government offices, the postal service and Kiev’s metro system were experiencing problems, officials said. The ransomware also caused problems with the monitoring system of the Chernobyl nuclear power plant.
Related: Chernobyl monitoring system hit by global cyberattack
It’s not yet clear if companies in the Asia-Pacific region have been seriously affected.
Mondelez said its five manufacturing facilities in Australia and New Zealand had all been hit but some of them were still able to carry out limited production. And a Maersk facility for shipping containers in the Indian port city of Mumbai was shut down.
“There obviously are companies that will have been affected by this in Asia,” said Michael Gazeley, managing director of Hong Kong-based cybersecurity provider Network Box. “But the success levels are lower, as they’re attacking the same vulnerabilities as WannaCry.”
Am I vulnerable?
Regular consumers who have up-to-date Windows computers are safe from this attack, experts say. However, if there’s one out-of-date machine on a company’s network, it could infect other connected computers.
Where did it start?
Researchers are still figuring out exactly what happened. But Cisco Talos says one way the ransomware got into computer systems was through software in Ukraine, a country that was hit especially hard by the attacks.
A Ukrainian company called MeDoc sent out a compromised update to its tax software that contained the malware, infecting computers that were running it, said Williams, the security expert at Cisco Talos.
Ukrainian officials confirmed a possible link to MeDoc. But the company denied its software spread the infection, saying in a Facebook post that the update was sent out last week and was free of viruses. CNNmoney stream
You have a story to share send us a email.