Latest cyberattack may not have been meant to get money – Ransom demands may have been smoke screen

A man talking to an employee of Ukrposhta (Ukrainian post) in Kiev, Ukraine, Wednesday, June 28, 2017. The cyberattack ransomware that has paralysed computers across the world hit Ukraine hardest Tuesday, with victims including top-level government offices, energy companies, banks, cash machines, gas stations, and supermarkets. (AP Photo/Sergei Chuzavkov)

RAPHAEL SATTER, Associated Press JAN M. OLSEN, Associated Press PARIS (AP) 06/29 — The dramatic data-scrambling attack that hit computers around the world Tuesday appears to be contained. But with the damage and disruption still coming into focus, security experts worry the sudden explosion of malicious software may have been more sinister than a criminally minded shakedown of computer users.

“There may be a more nefarious motive behind the attack,” Gavin O’Gorman, an investigator with U.S. antivirus firm Symantec, said in a blog post. “Perhaps this attack was never intended to make money (but) rather to simply disrupt a large number of Ukrainian organizations.”

The rogue program initially appeared to be ransomware, a fast-growing and lucrative breed of malicious software that encrypts its victims’ data and holds it hostage until a payment is made.

But O’Gorman was one of several researchers who noted that any criminals would have had difficulty monetizing the epidemic given that they appear to have relied on a single email address that was blocked almost immediately and a single Bitcoin wallet that, to date, has collected the relatively puny sum of $10,000.

Others, such as Russian anti-virus firm Kaspersky Lab, said that clues in the code suggest the program’s authors would have been incapable of decrypting the data in any case, adding further evidence that the ransom demands were a smoke screen.

The timing was intriguing too: the malware explosion came the same day as the assassination of a senior Ukrainian military intelligence officer and a day before a national holiday celebrating a new constitution signed after the breakup of the Soviet Union.

Ransomware or not, computer specialists worldwide were still wrestling with its consequences, with varying degrees of success.

Danish shipping giant A.P. Moller-Maersk, one of the global companies hardest hit by the malware, said Thursday that most of its terminals are now operational, though some terminals are “operating slower than usual or with limited functionality.”

Problems have been reported across the shippers’ global business, from Mobile, Alabama, to Mumbai in India. When The Associated Press visited the latter city’s Jawaharlal Nehru Port Trust on Thursday, for example, it witnessed several hundred containers piled up at just two yards, out of more than a dozen yards surrounding the port.

“The vessels are coming, the ships are coming, but they are not able to take the container because all the systems are down,” trading and clearing agent Rajeshree Verma told the AP. “The port authorities, they are not able to reply (to) us. The shipping companies they also don’t know what to do. … We are actually in a fix because of all this.”

Moller-Maersk is one of dozens of major corporations and government agencies — from FedEx subsidiary TNT to Ukraine’s banking system — to have had its services disrupted by the malware epidemic.

Even small businesses otherwise unaffected by the malware are beginning to feel the pain.

Steffan Mastek of Petersen & Soerensen, a small Danish ship repair company, said he had been forced to re-order engine parts because TNT’s track-and-trace system for parcels was down.

“We had to re-order the parts that need to be fitted to a ship engine and that has to be done by Friday when the ship has to be returned,” Mastek said.

The extent and costs of the damage in Ukraine remains unclear, although on the streets of Kiev, the capital, life appears largely back to normal. Cash machines that had spent the past two days offline were back dispensing money and the capital’s airport, which had to switch information panels to manual mode for the past two days, is back to displaying flights automatically.

___

Satter reported from Paris. Manish Mehta in Nhavasheva, India, and Vladimir Isachenkov in Moscow contributed to this report.

https://www.apnews.com/551627db355d43cebcae4d36c0781bb4/Cyberattack-may-not-have-been-meant-to-get-money

 

Copyright 2017 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

 

Posted in: Cybersecurity/Cybercrime, Data Security/Data Privacy, Extortion

Leave a Reply

Your email address will not be published. Required fields are marked *

6 − two =

Terms of Use for Posting Comments

Terms of Use

This site (the “Site”) is operated and maintained by Law Enforcement Education Foundation, Corporation (“Company”). Throughout the Site, the terms “we”, “us” and “our” refer to Company.  The words “user,” “you” and “your” as used herein refer to you.

Please read these terms and conditions of use (“Terms of Use”) carefully before contributing content. If you do not agree to these Terms of Use, please do not contribute content. Your use of the Site is subject to the Terms and Conditions found here .

By contributing content to the Site, you represent and warrant that you are at least eighteen (18) years old and that you have read and understand these Terms of Use and any amendments thereto and agree to be bound by them. If you are not at least eighteen (18) years old or you do not agree and accept these Terms of Use, you are prohibited from contributing content.

From time to time, we may permit users to submit content to the Site.  You hereby acknowledge and agree that by submitting remarks, comments, suggestions, ideas, graphics, feedback, edits, concepts, comments, photographs, illustrations and other materials (other than personal information and/or registration information) through the Site (individually and collectively, “Submissions”), you (i) grant us a nonexclusive, royalty-free, perpetual, transferable, irrevocable and fully sub-licensable right to use, reproduce, modify, adapt, translate, distribute, publish, create derivative works from and publicly display and perform such Submissions throughout the world in any media, now known or hereafter created, without attribution to you; (ii) grant us the right to pursue at law any person or entity that violates your and/or our rights in your Submissions; and (iii) forever waive any and all of your rights, including but not limited to moral rights, if any, in and to your Submissions, including, without limitation, any all rights or requirements of attribution or identification of you as the author of the Submission or any derivative thereof.  We reserve the right to remove any of your Submissions from the Site, in whole or in part, without notice to you, for any reason or no reason.

Submissions are made voluntarily. Any submissions which include personally identifiable information are subject to our Privacy Policy found here .  You may not upload or otherwise publish content on the Site that (i) is confidential to you or any third party; (ii) is untrue, inaccurate, false or other than an original work of your authorship; (iii) that relates to or impersonates any other person; (iv) violates the copyright, trademark, patent or other intellectual property rights of any person or entity; (v) contains any content, personally identifiable information or other information, or materials of any kind that relate or refer to any other person or entity other than the provider of the products, goods or services to which the Submission relates; or (vi) violates any law, or in any manner infringes or interferes with the rights of others, including but not limited to the use of names, information, or materials that (A) libel, defame, or invade the privacy of any third party, (B) are obscene or pornographic, (C) are harmful, threatening, offensive, abusive, harassing, vulgar, false or inaccurate, racially, sexually, ethnically or are otherwise objectionable or otherwise contrary to the laws of any place where such Submissions may be accessed; (D) constitute personal attacks on other individuals; (E) promote criminal, immoral or illegal activity; (F) promote or advertise any person, product or service or solicit funds; or (G) are deemed confidential by any contract or policy.

You are solely responsible for any Submissions you make and their accuracy. We take no responsibility and assume no liability for any Submissions posted by you or any third party.

Unless approved by us in writing in advance, you agree not to: (i) provide or create a link to the Site; or (ii) create any frames at any other sites pertaining to any of the content located on the Site.

We reserve the right, in our discretion, to update, change or replace any part of these Terms of Use for Posting Comments by posting updates and/or changes to our Site.  It is your responsibility to check this page periodically for changes.  Your continued use of, and/or access to the Site, following the posting of any changes to these Terms of Use for Posting Comments, constitutes your acceptance of those changes.