A United States health system has had two hospitals and its care facilities knocked offline, and pharmaceutical giant Merck confirmed on Twitter it had been infected in the latest ransomware attack spreading globally.
Hardest-hit Ukraine saw the malware dubbed NotPetya shut down systems in the country’s government agencies, central bank, state telecom company, local transport networks, power companies and Kiev’s Boryspil Airport, while the virus’s reach took out Danish shipping megacorp AP Moller-Maersk, Russian oil conglomerate Rosneft and Spanish food conglomerate Mondelez.
Australian infections included health and hygiene consumer goods company Reckitt Benckiser, which produces Nurofen, Dettol and Durex. Courier company TNT Express was also affected, as were law firm DLA Piper and Cadbury’s Tasmanian chocolate factory, where production was halted at 9.30pm Tuesday.
The ransomware’s demand for $US300 in Bitcoin mimics WannaCry, the viral strain that caused chaos globally in May and knocked out over 20 per cent of the UK’s NHS trusts. However, this variant’s spread is generally contained to infected local networks and unlikely to cause the same levels of digital havoc, experts said.
Nonetheless, it is time organisations saw cybersecurity as a business priority, according to security expert at Decoded Chris Monk, who said simple patching would have prevented infection.
“What will it take for organisations to get a grip? The vulnerability that [this virus] is exploiting was patched in the same release that would have protected against Wannacry. It can be simply protected against by applying the patch. For large organisations this can be logistically challenging but it must become a priority – not just an IT priority but a strategic priority,” Monk said.
Cybersecurity company Kaspersky’s cyberattack map, using data derived from its anti-virus systems, shows Australia’s infection rate is 1/5 lower than that registered at the time of WannaCry’s release. But Adjunct Professor at the University of Canberra’s Centre for Internet Safety Nigel Phair said we are unlikely to know if any healthcare organisations have been hit: “most organisations won't put their hand up to tell anyone.”
With cyber attacks growing as a risk factor for organisations, especially those that handle private information, prevention is an obligation.
“What is key is that Australian organisations, including those in the health sector, start putting more thinking and resources into good information security practices. Specifically to guard against this, is ensuring all systems are fully patched, end-users are fully educated and all key data is regularly backed up,” Phair said.
Special adviser to the Prime Minister on cyber security, Alastair MacGibbon, said today the WannaCry ransomware crisis was a wake-up call.
“We've always known this could happen. From a government point of view, our Computer Emergency Response Team will be reaching out to industry to make sure we're giving the right message,” MacGibbon said.
One message is that affected Australians should not pay any ransom.
“Our advice is you don't ever pay a criminal … There is no knowledge that they will actually unlock the system.”
However, spokesman for security firm Recorded Future, Andrei Barysevich, told the BBC ransomware attacks would not stop because they are lucrative for crooks online.
“A South Korean hosting firm just paid $1 million to get their data back and that’s a huge incentive. It's the biggest incentive you could offer to a cyber-criminal,” he said.
Security experts have claimed this latest malware was deployed onto possibly millions of computers by hackers infiltrating Ukrainian accounting software MeDoc, a claim the company has denied.
NotPetya uses a modified exploit from EternalBlue, a hacking tool produced by the US’s National Security Agency, which was leaked by hacker group Shadow Brokers earlier this year and was also used in the WannaCry attack.
Meanwhile, under-pressure Microsoft has announced that it will deploy artificial intelligence in next-generation antivirus software designed to protect its operating systems from the increasing scale and frequency of cyber attacks. The company said an upcoming update will harness machine learning to interpret data from the more than 100 million computers running Windows 10 and fend off future viruses.