Posted June 29, 2017 00:47:34

Photo: A cybercrime specialist with Bitdefender speaks to reporters in Romania during the attack. (AP: Vadim Ghirda)

Authorities are investigating a major cyber attack that has wreaked havoc on computer servers around the world, disrupting operations at ports from Mumbai to Los Angeles and halting production at a Cadbury factory in Australia.

The virus is believed to have first taken hold on Tuesday in Ukraine where it silently infected computers after users downloaded a popular tax accounting package or visited a local news site, national police and international cyber experts said.

The malicious code locked machines and demanded victims post a ransom worth $US300 ($395) in bitcoins or lose their data entirely.

More than 30 victims reportedly paid up, but security experts are questioning whether extortion was the goal, given the relatively small sum demanded, or whether the hackers were driven by destructive motives rather than financial gain.

Ukraine, the epicentre of the cyber strike, has repeatedly accused Russia of orchestrating attacks on its computer systems and critical power infrastructure since its powerful neighbour annexed the Black Sea peninsula of Crimea in 2014.

The Kremlin, which has consistently rejected the accusations, said on Wednesday it had no information about the origin of the global cyber attack, which also struck Russian companies such as oil giant Rosneft and a steelmaker.

ESET, a Slovakian company that sells products to shield computers from viruses, said 80 per cent of the infections detected among its global customer base were in Ukraine, with Italy second-hardest hit with about 10 per cent.

The aim of the latest attack appears to be disruption rather than ransom, said Brian Lord, former deputy director of intelligence and cyber operations at Britain's GCHQ and now managing director at private security firm PGI Cyber.

"My sense is this starts to look like a state operating through a proxy as a kind of experiment to see what happens," Mr Lord said.

Attack highlights failure to secure networks

While the malware seemed to be a variant of past campaigns, derived from code known as Eternal Blue developed by the US National Security Agency (NSA), experts said it was not as virulent as last month's WannaCry attack.

A ransomware attack has struck computers across the globe. Could you be affected? Here's what we know so far.

They said Tuesday's virus could leap from computer to computer once unleashed within an organisation but — unlike WannaCry — it could not randomly trawl the internet for its next victims, limiting its scope to infect.

The introduction of security patches in the wake of the May attack that crippled hundreds of thousands of computers also helped curb the latest malware, though its rapid spread underlined concerns that some businesses have still failed to secure their networks from increasingly aggressive hackers.

After WannaCry, governments, security firms, and industrial groups advised businesses and consumers to make sure all their computers were updated with Microsoft security patches.

Austria's government-backed Computer Emergency Response Team (CERT) said "a small number" of international firms appeared to be affected, with tens of thousands of computers taken down.

Corporate chaos left in virus' wake

Photo: An Australian Cadbury computer under ransomware attack. (Twitter: Leon Compton)

A number of the international firms hit have operations in Ukraine, and the virus is believed to have spread within global corporate networks after gaining traction within the country.

Danish shipping giant AP Moller-Maersk, which handles one in seven containers shipped worldwide, has a logistics unit in Ukraine.

Instances of cybercrime are on the rise and experts are warning Australia could be left woefully unprotected due to a widespread IT security skills shortage.

Production at an Australian Cadbury factory in Tasmania also ground to a halt late on Tuesday after computer systems went down.

Other large firms affected, such as French construction materials company Saint Gobain and Mondelez International Inc, which owns chocolate brand Cadbury, also have operations in Ukraine.

Maersk was one of the first global firms to be taken down by the cyber attack and its operations at major ports such as Mumbai in India, Rotterdam in the Netherlands, and Los Angeles on the US west coast were disrupted.

The company said on Wednesday it was unable to process new orders and its 76 terminals around the world were becoming increasingly congested.

Other companies to succumb included BNP Paribas Real Estate, a part of the French bank that provides property and investment management services.

"The international cyber attack hit our non-bank subsidiary, Real Estate. The necessary measures have been taken to rapidly contain the attack," the bank said on Wednesday.

Russia's Rosneft, one of the world's biggest crude producers by volume, said on Tuesday its systems had suffered "serious consequences", but oil production had not been affected because it switched to backup systems.

ABC/Reuters

Topics: hacking, business-economics-and-finance, european-union