Firms work to repel ransomware

Petya malware is a next-generation worm, but preventive moves already under way.

An expert checks cyber threats at his office in Istanbul, Turkey, yesterday. Ransomware Petya has spread round the world. Erdem Sahin / EPA
Powered by automated translation

Companies based in the UAE affected by the latest cyber attacks are working to bypass any disruption as businesses around the world rush to protect themselves against the next generation of ransomware.

Petya began striking companies in Ukraine on Tuesday, spreading around the globe, with criminals demanding US$300 in crypto-currency Bitcoin to release the data they had hacked.

The list of corporate victims continued to mount yesterday with major names hit, such as the world’s largest communications firm, WPP.

The company has 3,000 offices in 113 countries, including the UAE, and a number of its units have been affected.

“Our operations have not been uniformly affected and issues are being addressed on a company-by-company basis,” said Chris Wade, WPP’s head of communications for Europe, Middle East and Africa.

The company did not give details about what areas had been affected by the ransomware, only saying that many businesses were experiencing “no or minimal disruption”.

“Having taken steps to contain the attack, the priority now is to return to normal operations as soon as possible, while protecting our systems,” Mr Wade said.

Denmark’s AP Moller-Maersk, one of the world’s largest shippers, said on its website that while it had been hit by the ransomware, it had contained the issue and was working on a recovery plan. Its terminal near Mumbai, India’s biggest container port, was forced to clear cargo manually, according to Bloomberg.

Maersk’s freight forwarding company had limited access to certain systems while APM Terminals, the port and terminal operator, had several ports hit.

“We have shut down a number of systems to help contain the issue,” Maersk said, adding that it was working with various IT partners and global cyber-security agencies.

This has moved shipping and port authorities in the UAE to counter any incoming threats. DP World said that its business had not been disrupted by Petya. “We are taking preventive measures to protect our IT systems and we remain vigilant to this threat,” said a DP World spokesman.

The law firm DLA Piper took down its systems as a “precautionary measure”, meaning clients could not contact its team by email or landline, according to its website. France’s Cie de Saint-Gobain, Cadbury chocolate’s parent Mondelez, and drug maker Merck were all also hit.

Ransomware has quickly evolved and grown from initially targeting just individuals, according to McAfee, a computer-software company.

Petya’s precursor, WannaCry, made less than $100,000, but resulted in more than 200,000 infections worldwide this year.

WannaCry escalated malware by introducing a worm-based compromise of systems that exploited a vulnerability in Microsoft Windows.

Steve Grobman, chief technology officer at McAfee, said that the unique component of Petya is that it builds on WannaCry’s technique while adding a new element that allows non-vulnerable machines to also become infected.

“It does this by stealing credentials from machines that it infects, which allows the stolen credentials to be used to infect fully patched machines,” he said.

“This hybrid approach drastically amplifies the impact and scale of attack.”

The risk from ransomware is growing as the world becomes more digital.

The US Federal Bureau of Investigation internet crimes division bracketed this type of attack with other cyber crimes until 2015 when more than 1,400 Americans lost a total of about $500,000.

Last year, the number of victims increased to nearly 2,500 losing a total of $1.6 million.

lgraves@thenationa.ae