New computer virus disrupting world business more sophisticated than previous malware - Kaspersky

Record ID: 897239

  • Title: New computer virus disrupting world business more sophisticated than previous malware - Kaspersky
  • Date: 28th June 2017
  • Summary: MOSCOW, RUSSIA (JUNE 28, 2017) (REUTERS) RUSSIAN SECURITY SOFTWARE MAKER KASPERSKY LAB OFFICES KASPERSKY OFFICES SIGN FOR KASPERSKY (SOUNDBITE) (Russian) HEAD OF ANTIVIRAL RESEARCH DEPARTMENT AT KASPERSKY, VYACHESLAV ZAKORZHEVSKY, SAYING: "We see that this virus uses some similar data as the Trojan Petya. But technically it is very different - that is its code and its poss
  • Embargoed: 12th July 2017 19:53
  • Keywords: Cyber attack hacking malware virus Petya Russia Ukraine WannaCry
  • Location: MOSCOW, RUSSIA
  • City: MOSCOW, RUSSIA
  • Country: Russia
  • Topics: Crime/Law/Justice
  • Reuters ID: LVA0016N717PJ
  • Aspect Ratio: 16:9
  • Story Text: Russian security firm Kaspersky said on Wednesday (June 28) that a large scale cyber virus that crippled thousands of computers across the world involved a new and more sophisticated malware.
    The software security firm said its preliminary findings suggested it was not a variant of Petya ransomware, as suggested by some earlier reports, but a new ransomware that they called 'Ex-Petr'.
    The cyber virus spread from Ukraine to wreak havoc around the globe a day earlier, crippling thousands of computers, disrupting ports from Mumbai to Los Angeles and halting production at a chocolate factory in Australia.
    The virus is believed to have first taken hold in Ukraine where it silently infected computers after users downloaded a popular tax accounting package or visited a local news site, national police and international cyber experts said.
    More than a day after it first struck, companies around the world were still wrestling with the fallout while cyber security experts scrambled to find a way to stem the spread.
    The malicious code locked machines and demanded victims post a ransom worth $300 in bitcoins or lose their data entirely, similar to the extortion tactic used in the global WannaCry ransomware attack in May.
    More than 30 victims paid up but security experts are questioning whether extortion was the goal, given the relatively small sum demanded, or whether the hackers were driven by destructive motives rather than financial gain.
    Ukraine, the epicentre of the cyber strike, has repeatedly accused Russia of orchestrating attacks on its computer systems and critical power infrastructure since its powerful neighbour annexed the Black Sea peninsula of Crimea in 2014.
    The Kremlin, which has consistently rejected the accusations, said on Wednesday it had no information about the origin of the global cyberattack, which also struck Russian companies such as oil giant Rosneft and a steelmaker.
    While the malware seemed to be a variant of past campaigns, derived from code known as Eternal Blue believed to have been developed by the U.S. National Security Agency (NSA), experts said it was not as virulent as May's WannaCry attack.
    Security researchers said Tuesday's virus could leap from computer to computer once unleashed within an organisation but, unlike WannaCry, it could not randomly trawl the internet for its next victims, limiting its scope to infect.
    Bushiness that installed Microsoft's latest security patches from earlier this year and turned off Windows file-sharing features appeared to be largely unaffected.
    There was speculation, however, among some experts that once the new virus had infected one computer it could spread to other machines on the same network, even if those devices had received a security update.
    Security firms including Microsoft, Cisco's Talos and Symantec said they had confirmed some of the initial infections occurred when malware was transmitted to users of a Ukrainian tax software programme called MEDoc.
    The supplier of the software, MEDoc denied in a post on Facebook that its software was to blame, though Microsoft reiterated its suspicions afterwards.
    Russian security firm Kaspersky said a Ukrainian news site for the city of Bakhumut was also hacked and used to distribute the ransomware to visitors, encrypting data on their machines.
    A number of the international firms hit have operations in Ukraine, and the virus is believed to have spread within global corporate networks after gaining traction within the country.
    Russia's Rosneft, one of the world's biggest crude producers by volume, said on Tuesday its systems had suffered "serious consequences" but oil production had not been affected because it switched to backup systems.
  • Copyright Holder: REUTERS
  • Copyright Notice: (c) Copyright Thomson Reuters 2017. Open For Restrictions - http://about.reuters.com/fulllegal.asp
  • Usage Terms/Restrictions: None
Register