A global cyberattack disrupted operations Wednesday at India’s largest container port, adding to the headaches of governments and businesses affected by so-called ransomware code that takes a user’s data hostage until the victim agrees to pay for its release.
The problems at Jawaharlal Nehru Port in Mumbai involved a terminal run by Danish shipping giant A.P. Moller-Maersk. The company had said Tuesday as the attack was spreading largely in Europe and the United States that the malicious code was affecting terminals “in a number of ports.”
Australia’s Cyber Security Minister Dan Tehan told reporters Wednesday that officials have not yet confirmed the same computer virus was responsible for ransomware attacks on two Australian companies, but that “all indications would point to” that being the case.
Ukraine targeted first
Banks, government offices and airports in Ukraine were among the first to report the cyberattack.
Ukrainian Deputy Prime Minister Pavlo Rozenko tweeted a photo of his black computer screen, saying the government’s headquarters had been shut down.
Other international firms that reported being affected include America’s Merck pharmaceutical company, Russia’s Rosneft oil giant, British advertising giant WPP and French industrial group Saint-Gobain.
“We confirm our company’s computer network was compromised today as part of global hack. Other organizations have also been affected,” Merck said on Twitter.
A U.S. National Security Council spokesman said the Department of Homeland Security, the FBI and other agencies are “working with public and private, domestic and international partners to respond to this event and provide technical information for prevention and remediation.”
“Individuals and organizations are discouraged from paying the ransom as this does not guarantee access will be restored,” the spokesman added.
Europol’s European Cybercrime Center has told anyone affected by Tuesday’s attack to report the crime to national police and encouraged them not to pay any ransom requested by hackers.
“What is interesting about this particular case is that the email system that is supposed to be used to deposit the Bitcoin ransoms has actually been disabled, so the hackers in this case may not get what they bargained for,” Cedric Leighton, who operates his own crisis management consultancy, told VOA.
WATCH: Related video report
The computer virus used in the attack includes code known as Eternal Blue, a tool developed by the NSA that exploited Microsoft’s Windows operating system and which was published on the internet in April by a group called Shadow Brokers. Microsoft released a patch to protect systems from the exploit in March.
A similar ransomware attack last month named “WannaCry” affected computer systems in 150 countries.
Tim Rawlins, director of the Britain-based cybersecurity consultancy NCC Group, says these attacks continue to happen because people have not been keeping up with effectively patching their computers.
“This is a repeat WannaCry type of outbreak and it really comes down to the fact that people are not focusing on what they should be focusing on, the very simple premise of patching your systems,” Rawlins told VOA.
WATCH: Ransomeware basics facts