NEW YORK (AP) — The Latest on a widespread cyberattack that is affecting companies and government systems:
The head of a top Ukranian cybersecurity firm says it’s too early to say if his country was singled out as the prime target but that its institutions, long a target of Russian hackers, may have been compromised through attrition.
Victor Zhora, CEO of Infosafe IT in Kiev, says he believes the ransomware, which attacks Microsoft operating systems from Windows XP to Windows 10, was previously seeded and time-activated.
“It seems the virus is spreading all over Europe and I’m afraid it can harm the whole world,” he said. Zhora’s firm did triage on a well-coordinated attack blamed on pro-Russian hackers that tried to thwart the country’s May 2014 election.
Zhora said the current ransomware, which propagates across networks, demands $300 in Bitcoin. He says it’s too early for official confirmation of the targets in Ukraine but local media are reporting ATMs and some gasoline distribution to filling stations have been affected.
Cyberattacks blamed on pro-Russia hackers have twice taken down sizeable portions of Ukraine’s power grid.
Created by NSA?
Security experts say Tuesday’s cyberattack shares something in common with last month’s WannaCry attack: Both spread by using digital break-in tools purportedly created by the U.S. National Security Agency and recently leaked to the web.
Security vendors Bitdefender Labs and Kaspersky Labs say the NSA exploit, known as EternalBlue, is allowing the malware to spread inside an organization’s network. Other than that, the latest malware is different from WannaCry.
Organizations should be protected if they had installed a fix that Microsoft issued in March.
But Chris Wysopal, chief technology officer at the security firm Veracode, says that’s only the case if 100 percent of computers were patched. He says that if one computer gets infected, the new malware has a backup mechanism to spread to patched computers within the network as well.
Wysopal says the attack seems to be hitting large industrial companies that “typically have a hard time patching all of their machines because so many systems simply cannot have down time.”
Organizations hit include the Russian oil company Rosneft and the Danish oil and shipping company AP Moller-Maersk.
Health care system attacked
A hospital and health care system based in western Pennsylvania says it is dealing with a widespread cyberattack.
A spokeswoman for Heritage Valley Health System says the attack Tuesday is affecting the organization’s entire health system and employees are working to ensure safe patient care continues.
Heritage Valley is a $480 million network that provides care for residents of Allegheny, Beaver, Butler and Lawrence counties, in Pennsylvania; parts of eastern Ohio; and the panhandle of West Virginia.
It wasn’t immediately clear if the cyberattack was related to the outbreak of malicious data-scrambling software that appears to be causing mass disruption across Europe Tuesday.
Merck compromised
The second-largest drugmaker in the United States is confirming it’s been affected by a cyberattack.
In a message sent using its verified Twitter account, Merck confirmed Tuesday that its computer network was “compromised” as part of a global attack.
Officials said the Kenilworth, New Jersey-based company was investigating the incident but provided no further details.
Merck has global locations including in Ukraine, where a new and highly virulent outbreak of malicious data-scrambling software causing mass disruption across Europe appeared to be hitting especially hard.
Transport hacks
Dutch-based transport company TNT Express, which was taken over last year by FedEx, also said Tuesday that it is suffering computer disruptions. Spokesman Cyrille Gibot says that “like many other companies and institutions around the world, we are experiencing interference with some of our systems within the TNT network. We are assessing the situation and are implementing remediation steps as quickly as possible and we regret any inconvenience to our customers.” He declined further comment.
