WASHINGTON/MOSCOW -- The cyberattack that surfaced in Ukraine and elsewhere Tuesday has now spread to France and India, and its origins in publicly available tools has stoked fears that further strikes may follow.
Russia's central bank said Tuesday that several banks' systems had suffered a cyberattack, according to the Interfax news agency. The Russian consumer lending unit of Czech group Home Credit froze some customer services, while state-run oil major Rosneft found trouble in its payment systems. A major travel site's booking system also suffered damage.
One researcher from Russia-based internet security firm Kaspersky Lab has said 60% of the victims were in Ukraine, and 30% in Russia. But the damage is still spreading. Near Mumbai in western India, reports emerged Tuesday evening that operations were disrupted for some facilities at the Jawaharlal Nehru Port -- one of the largest container ports in the country. Reuters reported Wednesday that a real estate arm of French bank BNP Paribas was also struck.
A new strain
The malware used in the attack appears to be based on a strain of ransomware discovered last year, known as Petya. The basic blueprints of the Petya virus were published online in April, report U.S. media, making it far easier to be used for an attack.
The new malware encrypts users' data, rendering it unusable, and demands a $300 ransom for the encryption key, much like the WannaCry program used in last month's attack. This strain, however, appears to bypass anti-malware protections more nimbly.
WannaCry had a "kill switch" that a U.K. researcher discovered and used to stop the attack's spread. This time, no such safeguard has been found. Microsoft released a free security patch to defend against WannaCry, but even some patched computers have been affected by the new malware strike.
An elusive problem
The perpetrators are unclear. Some theorize hackers seeking money are behind the attack, while others speculate political aims.
The severity of the impact in Ukraine suggests that Russia could have had a hand in the attack, given the two countries' friction over the annexation of the Crimean peninsula, according to a network monitoring official at the Japan arm of U.S. web security company Symantec. Others surmise that the North Korea-linked hacker group Lazarus, suspected in last month's attack, may be to blame again.
Symantec reports that 463,000 ransomware attacks were detected in 2016, up 36% on the year. In many cases, attackers seek payment in the virtual currency bitcoin, which is difficult for investigators to trace. One information technology company purportedly ponied up $1 million in such an attack. The rampant growth of cyber strikes that require no complex preparations looks to make it harder for authorities to identify culprits and stave off attacks.