Canada relatively unscathed as cyberattack continues to spread - Action News
Home WebMail Tuesday, November 26, 2024, 06:04 PM | Calgary | -5.3°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
Business

Canada relatively unscathed as cyberattack continues to spread

As a cyberattack continued to spread among nations and corporations on Wednesday, the identity and motives of the attackers remain a mystery.

Experts suggest ransomware might be a diversion from attack's true purpose

An 'out of service' notice sits on the screen of a Ukranian bank machine. The ransom demand asks for the equivalent of $300 in cryptocurrency but security experts say the ransomed data may be unrecoverable. (Vincent Mundy/Bloomberg)

As acyberattack continued to spread among nations and corporations on Wednesday,the identity and motives of the attackers remain a mystery.

Ports, hospitals and banks around the globe have been hit by a version ofransomwarebeing called ExPetr, similar to Petya but with a different functionality. The list of corporate and sovereign victims continues to expand across the world.

India's largest shipping port in Mumbai has been hit,cybersecurity expert Ritesh Bhatiasaid Wednesday. "One terminal has been affected very badly and the entire operations are shut down."

M.K.Sirkar, a manager at theJawaharlalNehruPort Trust inMumbai, said that no containers could be loaded or unloaded Wednesday at the terminal operated by A.P.Moller-Maersk, the world's largest private shipping company.

In a statement,Moller-Maerskacknowledged that its APM Terminals had been "impacted in a number of ports" and that an undisclosed number of systems were shut down "to contain the issue." The company declined to provide further details or make an official available for an interview.

Centre of cyberstormin Ukraine

The effects of the infectious software that encrypts data and demands a ransom for its release are being assessed, but the consensus is that the attack has centred on Ukraine.

Ukraine, the hardest hit country,said it had secured critical state assets, buteveryday life remained affected, with cash machines out of order and airport displays operating manually.

The impact of the cyberattack that erupted Tuesday was still being measured at offices, loading docks and boardrooms, but the Ukrainian cabinet said that "all strategic assets, including those involved in protecting state security, are working normally."

That still left a large number of non-strategic assetsincluding dozens of banks and other institutions fighting to get back online. Cash machines in Kyiv seen by an Associated Press photographer were still out of order Wednesday, and Ukrainian news reports said that flight information at the city's Boryspil airport was being provided in manual mode.

A local cybersecurity expert discounted the Ukrainian government's assurances.

"Obviously they don't control the situation," Victor Zhora of Infosafesaid.

Others outside Ukraine were struggling, too. Logistics firm FedEx said deliveries by its TNT Express subsidiary have been "slowed" by the cyberattack, which had "significantly affected" its systems.

At the very least, cybersecurity firms saidthousands of computers worldwide have been struck by the malware, which goes by a variety of names including ExPetr.

Thus far in Canada, no major companies or government institutions have reported any breaches.

"One of the reasons for that is because we have less legacy systems in most of the corporations in Canada today," cybersecurity expert Daniel TobokofCytelligence told CBC News in an interview.

If hit by a ransom demand, victims are faced with two unpleasant options: pay up, or else.

Technicians work on a flight timetable for the Boryspil airport near Kyiv amid the cyberattack. (Valentyn Ogirenko/Reuters)

"And we always recommend not to pay because once you pay you get on what we call the sucker list," Tobok said. "They will know that you are one of those entities that will pay it's almost like negotiating with terrorists."

There are indications that profit may not be the true motive.

Ransomware,whichscrambles a computer's datauntil a payment is made,has grown explosively over the past couple of years, powered in part by the growing popularity of digital currencies such as bitcoin. But some experts believethat this latest outbreak is aimed less at gathering money than at sending a message to Ukraine and its allies.

Isaac Ben Israel, the head of a cyber research centre at Tel Aviv University, saidlast month's WannaCry ransomware release may have been a useful lesson for hackers, and the current round could be made to look like WannaCryto distract from its real intent.

"I would guess that the main attack here was an attack on Ukraine and it was masked by the ransomware attack," he said. "The attack we had a few weeks ago, WannaCry,was only one stage to lead us towards the suspicion in other entities, and not the natural suspicion in case of attacking Ukraine, which is Russia.

There are more clues as to a Ukrainian target in the way the malware appears to have been seeded using a rogue update to a piece of accounting software used primarily in Ukraine.

And it comes on the anniversary of the assassination of a senior Ukrainian military intelligence officer and a day before a national holiday celebrating a new constitution signed after the breakup of the Soviet Union.

"The threat we're talking about looks like it was specially developed for Ukraine, because that was the place it created most of the damage," said Bogdan Botezatu, of Romanian security firm Bitdefender, calling it a case of "national sabotage."

Suspicions were further heightened by the re-emergence of the mysterious Shadow Brokers group of hackers, whose dramatic leak of powerful NSA tools helped power Tuesday's outbreak, as it did in a previous ransomware explosion last month that was dubbed WannaCry.

In a post published Wednesday, the Shadow Brokers made new threats, announced a new money-making scheme and made a boastful reference to the recent chaos.

The malware doesn't appear to be makinga lot of money for its creators. A bitcoin wallet used to collect ransoms showed only about $10,000 US in it. And some analysts going through the malware's code said that the ransomware may not even operate as ransomware at all; victims' data appears to be hopelessly scrambled, rather than recoverable after the payment of ransom.

Matthieu Suiche, the founder of Dubai-based Comae Technologies, said the ransom demand was merely "a mega-diversion." In a blog post, he wrote that the code pointed not to criminals, but "in fact a nation state attack."

With files from The Associated Press and Reuters