A cyber-attack Tuesday that hit companies across the world is similar to a ransomware attack last month that targeted hospitals in Britain, although the most recent hack was potentially “more sophisticated,” according to the European police agency.
Europol director Rob Wainwright called the hack “another serious ransomware attack.” He said it bore resemblances to the previous “WannaCry” hack, but also showed indications of a “more sophisticated attack capability intended to exploit a range of vulnerabilities.”
The WannaCry hack sent a wave of crippling ransomware to hospitals across Britain in May, causing the hospitals to divert ambulances and cancel surgeries. Researchers eventually found a way to thwart the hack, but only after around 300 people had already paid the ransom.
The cyberattack Tuesday caused disruptions at companies in 64 different countries, including America’s Merck pharmaceutical company, Russia’s Rosneft oil giant, British advertising agency WPP and French industrial group Saint-Gobain.
It also disrupted operations Wednesday at India’s largest container port, adding to the headaches of governments and businesses affected by so-called ransomware code that takes a user’s data hostage until the victim agrees to pay for its release.
The problems at Jawaharlal Nehru Port in Mumbai involved a terminal run by Danish shipping outfit A.P. Moller-Maersk.
From Europe to US
The company had said Tuesday as the attack was spreading largely in Europe and the United States that the malicious code was affecting terminals “in a number of ports.”
Australia’s Cyber Security Minister Dan Tehan told reporters Wednesday that officials have not yet confirmed the same computer virus was responsible for ransomware attacks on two Australian companies, but that “all indications would point to” that being the case.
Banks, government offices and airports in Ukraine were among the first to report the cyberattack.
A U.S. National Security Council spokesman said the Department of Homeland Security, the FBI and other agencies are “working with public and private, domestic and international partners to respond to this event and provide technical information for prevention and remediation.”
“Individuals and organizations are discouraged from paying the ransom as this does not guarantee access will be restored,” the spokesman added.
Europol’s European Cybercrime Center has told anyone affected by Tuesday’s attack to report the crime to national police, and encouraged them not to pay any ransom requested by hackers.
The computer virus used in the attack includes code known as Eternal Blue, a tool developed by the NSA that exploited Microsoft’s Windows operating system and which was published on the internet in April by a group called Shadowbrokers. Microsoft released a patch in March to protect systems from that vulnerability.
Tim Rawlins, director of the Britain-based cybersecurity consultancy NCC Group, says these attacks continue to happen because people have not been keeping up with effectively patching their computers.
“This is a repeat WannaCry type of outbreak and it really comes down to the fact that people are not focusing on what they should be focusing on, the very simple premise of patching your systems,” Rawlins told VOA.
Jeff Seldin and Victor Beattie contributed to this report.