A ransomware attack has struck across the globe, taking out servers at Russia’s biggest oil company and shutting down computers at multinational businesses, including the Australian offices of a global law firm.
The malicious software locks up computer files with all-but-unbreakable encryption and then demands a ransom in the virtual currency bitcoin for its release.
Global law firm DLA Piper has told Australian staff it has been the victim of a “major cyber incident” overnight. Australian staff were advised via text early this morning that all DLA Piper IT systems have been taken down to contain the situation and have been warned not to attempt to log in to their computers or turn them on.
DLA has told staff it is unlikely IT systems will be fully restored during the course of the business day in the Asia-Pacific region. “The firm, like many other reported companies, has experienced issues with some of its systems due to suspected malware,” a DLA spokesperson said. “We are taking steps to remedy the issue as quickly as possible.”
Even the Cadbury chocolate factory in Hobard has also been targeted. A union official said production was halted yesterday when the factory’s computer system went down about 9:30 pm.
AP Moller-Maersk, a Denmark-based oil and shipping company confirmed they were also hit in the so-called Petya attack which had affected “multiple sites and select business units”.
While it was unclear whether computers at Maersk’s Australian sites were infected by the virus, the phone lines at the company’s Sydney office were initially down, and later played a prerecorded message.
“We can confirm that our systems are down across multiple sites basically because of the cyber attack,” the message said.
“We continue to assess the situation … our operations and our customers are our top priority. We will update when we have more information.”
In a private memo sent to all staff, Maersk confirmed they had detected ransomware on a number of their global systems, ordering all employees to immediately turn off all PCs and that no information of the incident be shared to social media.
The memo said the company had contained the issue and was now working on a technical recovery plan.
International courier company TNT said it was assessing whether the same attack was responsible for “interference” in its IT system.
“Like many other companies and institutions around the world, we are experiencing interference with some of our systems within the TNT network,” it said in a statement.
The origins of the malware remain unclear. Researchers picking the program apart found evidence its creators had borrowed from leaked National Security Agency code, raising the possibility that the digital havoc had spread using US taxpayer-funded tools.
Cyber security experts said that those behind the attack appeared to have exploited the same type of hacking tool used in the WannaCry ransomware attack that infected hundreds of thousands of computers in May before a British researcher created a kill-switch and included code known as “Eternal Blue”.
The Federal Minister responsible for cyber security, Dan Tehan, said the Government was doing all it could to prevent further outbreaks.