The virus known as NotPetya has crippled operations atย companies around the world, including major shipping operator A.P. Moeller-Maersk.ย The virus has been especially troublesome in Ukraine, but has hit major corporations in many countries.ย Nick Kostovย andย Costas Paris report:ย
Companies that reported disruptions included U.S. pharmaceuticals firmย Merckย & Co., British advertising giantย WPP Groupย PLC and Russian oil producer PAO Rosneft. Rosneft said on Twitter Wednesday that the virus hadnโt affected production, but added that โit is premature to evaluate the cyber attack impact.โ
Mondelez International Inc. confirmed Wednesday that it was also a victim, a day after it said it was investigating an outage of its global IT network. A spokesman said the cause was determined to be a virus, which had been isolated, though the companyโs systems remain down. The maker of Oreo cookies and Trident gum is working with outside specialists and global security agencies, aiming to minimize any impact on deliveries of its food to retailers.
In Ukraine, the country that appeared most affected by the attack, the government said it had halted the spread of the virus and that key government and business systems were stable. But others were still struggling Wednesday to restore critical operations. One of those most severely affected: Maersk, a key cog in the worldโs global supply chain.
Maersk said early Wednesday that widespread computer outages at its APM Terminals subsidiary were preventing it from taking new bookings or offering quotes at affected terminals. Later in the day, the company said it was accepting cargo bookings through a third-party platform for existing accounts, though booking confirmations would take longer than usual. โWe are still working on resuming normal operation,โ the company said on Twitter.
Ports in the U.S., Europe and India reported some Maersk-run container terminals werenโt taking ships. Whether those APM port closures ricochet more broadly will depend on how quickly Maersk restores systems, shipping experts said.
At Forbes, Thomas Fox-Brewster explains how to protect yourself from NotPetya:
One way of preventing a PC getting infected is by tricking the malware into thinking it’s already on the computer. This can be done by heading toย the Windows directory folder (C:Windows) and creatingย a file named perfc (it’ll end up looking something like this: %WINDIR%perfc. Set that to “read only” permissions, says Hacker House CEO Matthew Hickey. This protects PCsย because when the malwareย first runs, it searches for that filename in that folder and if it’s found, it’ll kill itself, noted Cybereason, one of two cybersecurity firms along with Positive Technologies to find the “vaccine.”
Second, Hickey recommends that concerned users check whether their computer is already infected, a and if so, if the ransomware is not yet running. To do this, lookย for two “rundll32.exe” files running in the Windows Task Manager. If they’re present, power off the PCย and do not turn it back on again. If it is turned back on, theย ransomware will then run, encrypt the files and demand $300 in Bitcoin for payment (don’t pay: the hackers’ email account used to handle payment and provide encryption keys has been closed).
Reinstalling Windows will then remove NotPetya. With luck, you’ve got backups to return files to the PC, whether on a device or in the cloud. If not, it’s possible to retrieve unencrypted data by downloading a free operating system likeย Kali Linuxย and using it toย access the PC hard drive before re-installing Windows, Hickey noted.
Finally, employ some sensible digital hygiene. In particular, make sure you’re running the latest version of whatever Windows system you’re running, as thisย will patch the flaws that both the NotPetya and WannaCry ransomware exploited (i.e. the vulnerabilities leaked by Shadow Brokers, who claimed the bugs were originally used by the NSA). Ensure Windows firewall is turned on, check antivirus is up-to-date and that all third-party software has been patched too.
Read more here.