The ransomware virus cripples computers running Microsoft Corp’s Windows by encrypting hard drives and overwriting files, then demands $US300 in bitcoin payments to restore access.
It includes code known as Eternal Blue, which cyber security experts widely believe was stolen from the US National Security Agency and was also used in last month’s ransomware attack, named WannaCry.
A major international law firm, DLA Piper, has shut down its New Zealand office among others because of the attack.
DLA Piper said its office was having trouble getting externaal emails but all client data was secure.
DLA Piper told its Australian employees it had been the victim of a “major cyber incident” overnight.
Its Washington DC office was apparently affected, and DLA told Australian staff via text early this morning that all IT systems had been taken down to contain the situation.
The company said it was was unlikely IT systems in the Asia-Pacific region would be fully restored during the day, the ABC reported.
Maersk NZ managing director Gerard Morrison said local IT systems that were part of the shipping company’s global system were largely out of action, and customers could be affected at least until tomorrow.
The market research firm Colmar Brunton has also shut down operations as a precaution since its British parent company was attacked.
The Cadbury chocolate factory in Hobart has also been targeted, the broadcaster reported.
A union official said production at Cadbury’s Claremont facility was halted when the computer system went down about 9.30pm yesterday in what was described as a “cyber attack”.
It was understood cyber attackers were demanding a ransom in bitcoin currency, the ABC said.
Cadbury owner Mondelez International had said its staff in different regions were experiencing technical problems, Reuters reported.
Mondelez, which owns Cadbury, said some of its New Zealand systems are affected but production in Dunedin was unchanged.
A terminal operated by the transport company Moller-Maersk at India’s biggest container port had to shut down its computer systems because of the attack.
The facility, called Gateway Terminal India, was unable to identify which shipment belonged to whom.
The major global cyber attack, dubbed GoldenEye or Petya, has disrupted servers at Russia’s biggest oil company, Ukraine’s international airport and Danish shipping giant Maersk.
Russian oil company Rosneft said its systems had suffered “serious consequences” but production had not been affected because it switched over to backup systems. Maersk reported outages at facilities including its Los Angeles terminal. WPP, the world’s largest advertising agency, said it was also infected.
Russia and Ukraine were most affected, with other victims spread across countries including the United States, Britain, France, Germany, Italy, Poland.
Cyber crime reporter Kim Zetter said once the malware got into a system administrator it could spread to all parts of an international company’s network.
New Zealand’s cyber emergency response authority, Cert NZ, advised people to back up their systems and store files outside their network. If the ransomware did hit, people should turn off their computer, and not turn it on again, as an IT specialist may be able to recover the files.
Nick Savvides, strategist at security firm Symantec, said New Zealand was not immune to the fast-growing area of cyber crime.
“It’s attracting more and more criminals and more and more unsophisticated criminals who go and buy ransomware toolkits on the black market and try their hand at making money.”
The ransomware was not hugely sophisticated but had spread quickly because companies hadn’t protected their systems against it, he said.
– RNZ / ABC / Reuters