The virus known as NotPetya has crippled operations at companies around the world, including major shipping operator A.P. Moeller-Maersk. The virus has been especially troublesome in Ukraine, but has hit major corporations in many countries. Nick Kostov and Costas Paris report:
Companies that reported disruptions included U.S. pharmaceuticals firm Merck & Co., British advertising giant WPP Group PLC and Russian oil producer PAO Rosneft. Rosneft said on Twitter Wednesday that the virus hadn’t affected production, but added that “it is premature to evaluate the cyber attack impact.”
Mondelez International Inc. confirmed Wednesday that it was also a victim, a day after it said it was investigating an outage of its global IT network. A spokesman said the cause was determined to be a virus, which had been isolated, though the company’s systems remain down. The maker of Oreo cookies and Trident gum is working with outside specialists and global security agencies, aiming to minimize any impact on deliveries of its food to retailers.
In Ukraine, the country that appeared most affected by the attack, the government said it had halted the spread of the virus and that key government and business systems were stable. But others were still struggling Wednesday to restore critical operations. One of those most severely affected: Maersk, a key cog in the world’s global supply chain.
Maersk said early Wednesday that widespread computer outages at its APM Terminals subsidiary were preventing it from taking new bookings or offering quotes at affected terminals. Later in the day, the company said it was accepting cargo bookings through a third-party platform for existing accounts, though booking confirmations would take longer than usual. “We are still working on resuming normal operation,” the company said on Twitter.
Ports in the U.S., Europe and India reported some Maersk-run container terminals weren’t taking ships. Whether those APM port closures ricochet more broadly will depend on how quickly Maersk restores systems, shipping experts said.
At Forbes, Thomas Fox-Brewster explains how to protect yourself from NotPetya:
One way of preventing a PC getting infected is by tricking the malware into thinking it’s already on the computer. This can be done by heading to the Windows directory folder (C:Windows) and creating a file named perfc (it’ll end up looking something like this: %WINDIR%perfc. Set that to “read only” permissions, says Hacker House CEO Matthew Hickey. This protects PCs because when the malware first runs, it searches for that filename in that folder and if it’s found, it’ll kill itself, noted Cybereason, one of two cybersecurity firms along with Positive Technologies to find the “vaccine.”
Second, Hickey recommends that concerned users check whether their computer is already infected, a and if so, if the ransomware is not yet running. To do this, look for two “rundll32.exe” files running in the Windows Task Manager. If they’re present, power off the PC and do not turn it back on again. If it is turned back on, the ransomware will then run, encrypt the files and demand $300 in Bitcoin for payment (don’t pay: the hackers’ email account used to handle payment and provide encryption keys has been closed).
Reinstalling Windows will then remove NotPetya. With luck, you’ve got backups to return files to the PC, whether on a device or in the cloud. If not, it’s possible to retrieve unencrypted data by downloading a free operating system like Kali Linux and using it to access the PC hard drive before re-installing Windows, Hickey noted.
Finally, employ some sensible digital hygiene. In particular, make sure you’re running the latest version of whatever Windows system you’re running, as this will patch the flaws that both the NotPetya and WannaCry ransomware exploited (i.e. the vulnerabilities leaked by Shadow Brokers, who claimed the bugs were originally used by the NSA). Ensure Windows firewall is turned on, check antivirus is up-to-date and that all third-party software has been patched too.
Read more here.