Monday February 24th, 2020 6:12AM

New cyberattack wallops Europe; spreads more slowly in US

By The Associated Press
Related Articles
  Contact Editor

PARIS (AP) — A new and highly virulent outbreak of data-scrambling software — apparently sown in Ukraine — caused disruption across the world Tuesday. Following a similar attack in May , the fresh cyber-assault paralyzed some hospitals, government offices and major multinational corporations in a dramatic demonstration of how easily malicious programs can bring daily life to a halt.

Ukraine and Russia appeared hardest hit by the new strain of ransomware — malicious software that locks up computer files with all-but-unbreakable encryption and then demands a ransom for its release. In the United States, the malware affected companies such as the drugmaker Merck and Mondelez International, the owner of food brands such as Oreo and Nabisco.

Its pace appeared to slow as the day wore on, in part because the malware appeared to require direct contact between computer networks, a factor that may have limited its spread in regions with fewer connections to Ukraine.

The malware's origins remain unclear. Researchers picking the program apart found evidence its creators had borrowed from leaked National Security Agency code, raising the possibility that the digital havoc had spread using U.S. taxpayer-funded tools.

"The virus is spreading all over Europe and I'm afraid it can harm the whole world," said Victor Zhora, the chief executive of Infosafe IT in Kiev, where reports of the malicious software first emerged early afternoon local time Tuesday.

In Ukraine, victims included top-level government offices, where officials posted photos of darkened computer screens, as well as energy companies, banks, cash machines, gas stations, and supermarkets. Ukrainian Railways and the communications company Ukrtelecom were among major enterprises hit, Infrastructure Minister Volodymyr Omelyan said in a Facebook post .

The virus hit the radiation-monitoring at Ukraine's shuttered Chernobyl power plant, site of the world's worst nuclear accident, forcing it into manual operation.

Multinational companies, including the global law firm DLA Piper and Danish shipping giant A.P. Moller-Maersk were also affected, although the firms didn't specify the extent of the damage.

Ukraine bore the brunt with more than 60 percent of the attacks, followed by Russia with more than 30 percent, according to initial findings by researchers at the cybersecurity firm Kaspersky Lab. It listed Poland, Italy and Germany, in that order, as the next-worst affected.

In the U.S, two hospitals in western Pennsylvania were hit; patients reported on social media that some surgeries had to be rescheduled. A spokeswoman for Heritage Valley Health System would say only that operational changes had to be made. A Wellsville, Ohio, woman at one of its hospitals to have her gallbladder removed said she noticed computer monitors off and nurses scurrying around with stacks of paperwork.

Security experts said Tuesday's global cyberattack shares something in common with last month's outbreak of ransomware, dubbed WannaCry . Both spread using digital lock picks originally created by the NSA and later published to the web by a still-mysterious group known as the Shadowbrokers.

Security vendors including Bitdefender and Kaspersky said the NSA exploit, known as EternalBlue, lets malware spread rapidly across internal networks at companies and other large organizations. Microsoft issued a security fix in March, but Chris Wysopal, chief technology officer at the security firm Veracode, said it would only be effective if every single computer on a network were patched — otherwise, a single infected machine could infect all others.

"Once activated, the virus can automatically and freely distribute itself on your network," Ukraine's cyberpolice tweeted.

Bogdan Botezatu, an analyst with Bitdefender, compared such self-spreading software to a contagious disease. "It's like somebody sneezing into a train full of people," he said.

Ryan Kalember, a security expert at Proofpoint, said one reason the attacks appeared to be slowing down was that the ransomware appears to spread only when a direct contact exists between two networks — such as when a global company's Ukraine office interacts with headquarters.

But once it hits a computer on a network, it spreads quickly, even among computers that have applied the fix for the NSA exploit.

"It's more harmful to the organization that it affects, but because it's not randomly spreading over the internet like WannaCry, it's somewhat contained to the organizations that were connected to each other," Kalember said.

Botezatu said the new program appeared nearly identical to GoldenEye, a variant of a known family of hostage-taking programs known as "Petya." It demanded $300 in Bitcoin.

Unlike typical ransomware, which merely scrambles personal data files, the program wreaking havoc Tuesday overwrites a computer's master boot record, making it tougher to restore even a machine that has been backed up, said Kalember.

It may have first spread through a rogue update to a piece of Ukrainian accounting software called MEDoc, according to tweets by the country's cyberpolice unit. It said a rogue update seeded the infection across Ukraine. In a lengthy statement posted to Facebook, MEDoc acknowledged having been hacked.

The motives of those behind the malware remain unknown. Ukraine has been a persistent target of pro-Russian hackers, who are blamed for twice shutting down large swaths of its power grid in the dead of winter and sabotaging its elections system in a bid to disrupt May 2014 national elections.

Emails sent Tuesday to an address posted to the bottom of ransom demands went unreturned. That might be because the email provider hosting that address, Berlin-based Posteo, pulled the plug on the account before the infection became widely known.

In an email, a Posteo representative said it had blocked the email address "immediately" after learning that it was associated with ransomware. The company added that it was in contact with German authorities "to make sure that we react properly."


Bajak reported from Houston. Associated Press writers Anick Jesdanun in New York, Vladimir Isachenkov in Moscow, Larry Rosenthal in Beaver, Pennsylvania and Jan M. Olsen in Copenhagen, Denmark, contributed to this report.

  • Associated Categories: Associated Press (AP), AP National News, AP Online National News, Top General short headlines, AP World News, AP Business, AP Business - Industries, AP Business - Health Care, AP Technology News
© Copyright 2020
All rights reserved. This material may not be published, broadcast, rewritten, or redistributed without permission.
New cyberattack wallops Europe; spreads more slowly in US
Hackers have caused widespread disruption across Europe, hitting Ukraine especially hard
4:30PM ( 12 minutes ago )
3 Chicago police officers indicted in Laquan McDonald case
Three Chicago police officers have been indicted on felony charges alleging they conspired to cover up the fatal shooting of black teen Laquan McDonald by a white officer
4:26PM ( 16 minutes ago )
The Latest: Trump meeting with GOP senators at White House
President Donald Trump and Vice President Mike Pence are hosting Republican senators at the White House to discuss flailing efforts to pass a new health care bill
4:26PM ( 16 minutes ago )
Associated Press (AP)
Lawyers prepare to defend travelers to US at airports
When the Trump administration's travel ban takes partial effect later this week, immigrant-rights lawyers plan to head to the nation's major airports to make sure eligible foreigners are able to get into the country
4:05PM ( 36 minutes ago )
Brazil's president says corruption charge is 'fiction'
Brazil's president has dismissed corruption allegations against him as a "soap opera plot" and cast doubt on the motivations of the country's top prosecutor a day after he presented a scathing indictment
4:05PM ( 37 minutes ago )
Report finds USA Gymnastics policies muddled on sex abuse
A former federal prosecutor says USA Gymnastics needs to undergo a "complete culture" change to become better equipped at protecting athletes from abuse
3:58PM ( 44 minutes ago )
AP National News
The Latest: McConnell delays health care vote; Trump engaged
Senate Majority Leader Mitch McConnell says he is delaying a vote on a Senate health care bill while GOP leadership works toward getting enough votes
2:51PM ( 1 hour ago )
Brazil markets steady after scathing indictment of president
A day after Brazil's top prosecutor formally accused President Michel Temer of corruption in a scathing indictment, markets largely shrugged off the news Tuesday, a sign that the leader's departure may not be imminent
2:43PM ( 1 hour ago )
NYC subway train derails, scaring passengers and injuring 34
A New York City subway train has derailed near a station in Harlem, frightening passengers and resulting in a power outage as people were evacuated from trains along the subway line
2:41PM ( 2 hours ago )
AP Online National News
Scottish leader puts second independence referendum on hold
Scottish First Minister Nicola Sturgeon puts second independence referendum on hold amid Brexit
3:46PM ( 56 minutes ago )
Yellen says reforms have made financial system safer
Yellen: Hopefully banking reforms mean next severe banking crisis will not happen 'in our lifetimes'
3:44PM ( 58 minutes ago )
US commerce secretary backs free trade deal with Europe
U.S. Commerce Secretary Wilbur Ross is saying that the United States and the European Union should have a free trade agreement
3:41PM ( 1 hour ago )
AP Business
The Latest: New cyberattack uses same NSA-developed exploit
Like last month's WannaCry malware, security experts say the malicious software used in Tuesday's cyberattack is spreading using digital break-in tools purportedly created by the U.S. National Security Agency and recently leaked to the web
2:33PM ( 2 hours ago )
Egg executives in salmonella case must report to prison
A father and son whose Iowa-based egg production company caused a massive 2010 salmonella outbreak have exhausted their appeals and a federal judge has ordered them to begin serving prison sentences
12:59PM ( 3 hours ago )
The Latest: US drugmaker Merck also affected by cyberattack
The second-largest drugmaker in the United States is confirming it's been affected by a cyberattack
12:10PM ( 4 hours ago )
AP Business - Industries
Dozens of prospective jurors beg off 'Pharma Bro' case
Several prospective jurors have been excused from the federal securities fraud trial of an ex-pharmaceutical company executive because they claimed they couldn't be impartial
12:34AM ( 16 hours ago )
'Pharma Bro' defies advice to keep quiet before fraud trial
A former pharmaceutical CEO who became a pariah after raising the cost of a life-saving medication 5,000 percent can't keep quiet ahead of his fraud trial
9:15AM ( 1 day ago )
Transplanted: Large Idaho sequoia tree finds new home
A large sequoia tree with a history rooted in conservation was standing in the way of progress, so on Sunday, it was moved
3:38PM ( 2 days ago )
AP Business - Health Care
Facebook now deleting 66K posts a week in anti-hate campaign
Facebook says it deleted about 600,000 posts in the last two months as the social media giant seeks to crack down on what it considers to be hateful posts
1:37PM ( 3 hours ago )
Pandora CEO Tim Westergren departs
Pandora, under intensifying pressure from Spotify and Apple Music, says that CEO Tim Westergren has stepped down.
12:40PM ( 4 hours ago )
Google hit with record fine by EU, told to change its ways
The European Union has slapped a record 2.42 billion euro fine on internet giant Google for breaching antitrust rules with its online shopping service
11:34AM ( 5 hours ago )
AP Technology News
3 Chicago police officers indicted in Laquan McDonald case
Three Chicago police officers have been indicted on felony charges alleging they conspired to cover up the fatal shooting of black teen Laquan McDonald by a white officer
4:26PM ( 16 minutes ago )
The Latest: Trump meeting with GOP senators at White House
President Donald Trump and Vice President Mike Pence are hosting Republican senators at the White House to discuss flailing efforts to pass a new health care bill
4:26PM ( 16 minutes ago )
These senators will make or break the GOP's health care push
Trump's promise to repeal and replace 'Obamacare' depends on the votes of a key group of GOP senators with qualms about the legislation
4:23PM ( 19 minutes ago )
New president's politicking raises ethics flags
Barely five months into office President Donald Trump keeps taking time out to run for re-election
4:20PM ( 22 minutes ago )
Man accused in missing son's slaying denies trying to flee
A California father told a judge he wasn't hiding from authorities when he was arrested in Las Vegas, and will not fight his transfer in custody to Los Angeles to face a murder charge in the disappearance of his 5-year-old son
4:14PM ( 28 minutes ago )