A global Danish transport and logistics company says it has restored most of its information technology systems after experiencing a major cyberattack last week that affected companies and government agencies in more than 60 countries.
A.P. Moller-Maersk says it resumed container deliveries at its major ports Monday, but said it may take another week to restore all computer functions.
The cyberattack that hit the world’s biggest container shipping line also affected U.S. pharmaceutical company Merck, FedEx subsidiary TNT, London based international law firm DLA Piper, and Kyiv’s Oschadbank,
Ukrainian authorities have blamed Russia for masterminding the attack. Russia denies the charge.
Ukraine has repeatedly come under fire from high-powered cyberattacks tied to Moscow, but several independent experts say it is too early, based on what is publicly known, to come to a firm conclusion about who is responsible for this attack.
The hackers encrypted data on infected machines and demanded a ransom to give it back to its owner. Some researchers question the motivation behind the attack, saying it may not have been designed to collect a ransom, but instead to simply destroy data.
Russian anti-virus firm Kaspersky Lab says the code used in the hacking software would not have allowed its authors to decrypt the stolen data even after a ransom had been paid.
The computer virus used in the attack includes code known as “Eternal Blue”, a tool developed by the U.S. National Security Agency that exploited Microsoft’s Windows operating system, and which was published on the internet in April by a group called Shadowbrokers. Microsoft released a patch in March to protect systems from that vulnerability.
The attack bore resemblance to the previous “WannaCry” hack, that sent a wave of crippling ransomware to hospitals across Britain in May, causing the hospitals to divert ambulances and cancel surgeries. The program demanded a ransom to unlock access to files stored on infected machines.
Researchers eventually found a way to thwart the hack, but only after about 300 people had paid the ransom.
Last week, Tim Rawlins, the director of the Britain-based cybersecurity consulting firm NCC Group, told VOA the attacks continue to happen because people have not been keeping up with effectively patching their computers.
“This is a repeat WannaCry type of outbreak and it really comes down to the fact that people are not focusing on what they should be focusing on, the very simple premise of patching your systems,” Rawlins said.