NEW YORK (AP) — The Latest on a widespread cyberattack that is affecting companies and government systems (all times local):
The head of a top Ukranian cybersecurity firm says it’s too early to say if his country was singled out as the prime target but that its institutions, long a target of Russian hackers, may have been compromised through attrition.
Victor Zhora, CEO of Infosafe IT in Kiev, says he believes the ransomware, which attacks Microsoft operating systems from Windows XP to Windows 10, was previously seeded and time-activated.
“It seems the virus is spreading all over Europe and I’m afraid it can harm the whole world,” he said. Zhora’s firm did triage on a well-coordinated attack blamed on pro-Russian hackers that tried to thwart the country’s May 2014 election.
Zhora said the current ransomware, which propagates across networks, demands $300 in Bitcoin. He says it’s too early for official confirmation of the targets in Ukraine but local media are reporting ATMs and some gasoline distribution to filling stations have been affected.
Cyberattacks blamed on pro-Russia hackers have twice taken down sizeable portions of Ukraine’s power grid.
Security experts say Tuesday’s cyberattack shares something in common with last month’s WannaCry attack: Both spread by using digital break-in tools purportedly created by the U.S. National Security Agency and recently leaked to the web.
Security vendors Bitdefender Labs and Kaspersky Labs say the NSA exploit, known as EternalBlue, is allowing the malware to spread inside an organization’s network. Other than that, the latest malware is different from WannaCry.
Organizations should be protected if they had installed a fix that Microsoft issued in March.
But Chris Wysopal, chief technology officer at the security firm Veracode, says that’s only the case if 100 percent of computers were patched. He says that if one computer gets infected, the new malware has a backup mechanism to spread to patched computers within the network as well.
Wysopal says the attack seems to be hitting large industrial companies that “typically have a hard time patching all of their machines because so many systems simply cannot have down time.”
Organizations hit include the Russian oil company Rosneft and the Danish oil and shipping company AP Moller-Maersk.
A hospital and health care system based in western Pennsylvania says it is dealing with a widespread cyberattack.
A spokeswoman for Heritage Valley Health System says the attack Tuesday is affecting the organization’s entire health system and employees are working to ensure safe patient care continues.
Heritage Valley is a $480 million network that provides care for residents of Allegheny, Beaver, Butler and Lawrence counties, in Pennsylvania; parts of eastern Ohio; and the panhandle of West Virginia.
It wasn’t immediately clear if the cyberattack was related to the outbreak of malicious data-scrambling software that appears to be causing mass disruption across Europe Tuesday.
Also affected is New Jersey-based Merck, the second-largest drugmaker in the United States with extensive operations in the Philadelphia area.
Merck confirmed its computer network was “compromised” as part of the global attack.