JNPT terminal, Nivea, Reckitt hit as ransomware attack spreads to Asia

Businesses in the Asia-Pacific region said some disruptions were caused on Wednesday by the ransomware attack that hit Russia and Ukraine the previous day.

  • Published 28.06.17

Moscow/Washington/Mumbai, June 28 (Agencies): Businesses in the Asia-Pacific region said some disruptions were caused on Wednesday by the ransomware attack that hit Russia and Ukraine the previous day.

Operations were disrupted at one of the three terminals of Mumbai’s Jawaharlal Nehru Port, India's largest container port.

The impacted terminal is operated by Danish shipping giant AP Moller-Maersk, which also reported disruptions in Los Angeles.

AP Moller-Maersk operates the Gateway Terminals India (GTI) at JNPT, which has a capacity to handle 1.8 million standard container units.

Anil Diggikar, chairman of the Jawaharlal Nehru Port Trust, told Reuters the port has been trying to clear containers manually and is operating at about a third of its capacity.

India-based employees at Beiersdorf, makers of Nivea skin care products, and Reckitt Benckiser, which owns Enfamil and Lysol, told Reuters the ransomware attack had affected some of their systems.

In Australia, a Cadbury chocolate factory was hit, a trade union official said. Production at the Hobart factory on the island state of Tasmania ground to a halt late on Tuesday after computer systems went down.

Cadbury owner Mondelez International Inc said in a statement overnight staff in various regions were experiencing technical problems but it was unclear whether this was due to a cyber attack.

The global cyber attack that disrupted computers at Russia's biggest oil company, Ukrainian banks and multinational firms on Tuesday had a virus similar to the ransomware that infected more than 300,000 computers last month.

The rapidly spreading cyber extortion campaign, which began on Tuesday, underscored growing concerns that businesses have failed to secure their networks from increasingly aggressive hackers, who have shown they are capable of shutting down critical infrastructure and crippling corporate and government networks.

The ransomware virus includes code known as “Eternal Blue”, which cyber security experts widely believe was stolen from the US National Security Agency (NSA) and was also used in last month's ransomware attack, named “WannaCry”.

“Cyber attacks can simply destroy us,” said Kevin Johnson, chief executive of cyber security firm Secure Ideas. “Companies are just not doing what they are supposed to do to fix the problem.”

The virus crippled computers running Microsoft Corp's Windows by encrypting hard drives and overwriting files, then demanded $300 in bitcoin payments to restore access. More than 30 victims paid into the bitcoin account associated with the attack, according to a public ledger of transactions listed on blockchain.info.

Microsoft said the virus could spread through a flaw that was patched in a security update in March.

“We are continuing to investigate and will take appropriate action to protect customers,” a spokesman for the company said, adding that Microsoft antivirus software detects and removes it.

Cybersecurity firms Kaspersky Lab and FireEye Inc told Reuters they had detected attacks in other Asia-Pacific countries but did not provide details.

Globally, Russia and Ukraine were most affected by the thousands of attacks, according to Kaspersky Lab, with other victims spread across countries including Britain, France, Germany, Italy, Poland and the United States. The total number of attacks was unknown.

Security experts said they expected the impact to be smaller than WannaCry because many computers had been patched with Windows updates in the wake of the WannaCry ransom attack last month to protect them against attacks using Eternal Blue code.

Still, the attack could be more dangerous than traditional strains of ransomware because it makes computers unresponsive and unable to reboot, Juniper Networks said in a blog post analysing the attack.

Other security experts said they did not believe that the ransomware released on Tuesday had a “kill switch”, meaning that it might be harder to stop than WannaCry was last month.

Researchers said the attack may have borrowed malware code used in earlier ransomware campaigns known as “Petya” and ”GoldenEye”.