28 Jun 2017

Global cyber attack affects New Zealand

6:41 pm on 28 June 2017

Local arms of global companies are shutting down operations as a precaution against a worldwide ransomware attack.

A laptop displays a message after being infected by the NotPetya ransomware as part of a worldwide cyberattack.

A laptop displays a message after being infected by ransomware as part of this week's worldwide cyberattack. Photo: AFP

The ransomware virus cripples computers running Microsoft Corp's Windows by encrypting hard drives and overwriting files, then demands $US300 in bitcoin payments to restore access.

It includes code known as Eternal Blue, which cyber security experts widely believe was stolen from the US National Security Agency and was also used in last month's ransomware attack, named WannaCry.

A major international law firm, DLA Piper, has shut down its New Zealand office among others because of the attack.

DLA Piper said its office was having trouble getting external emails but all client data was secure.

DLA Piper told its Australian employees it had been the victim of a "major cyber incident" overnight.

Its Washington DC office was apparently affected, and DLA told Australian staff via text early this morning that all IT systems had been taken down to contain the situation.

The company said it was was unlikely IT systems in the Asia-Pacific region would be fully restored during the day, the ABC reported.

Maersk New Zealand managing director Gerard Morrison said local IT systems that were part of the shipping company's global system were largely out of action, and customers could be affected at least until tomorrow.

The market research firm Colmar Brunton has also shut down operations as a precaution since its British parent company was attacked.

The Cadbury chocolate factory in Hobart has also been targeted, the ABC reported.

A hand enters account details on a laptop (file)

New Zealanders worried about the global cyber attack have been told to back up their systems and store files outside their network Photo: TEK IMAGE / SCIENCE PHOTO LIBRARY / ABO / Science Photo Library

A union official said production at Cadbury's Claremont facility was halted when the computer system went down about 9.30pm yesterday in what was described as a "cyber attack".

It was understood cyber attackers were demanding a ransom in bitcoin currency, the ABC said.

Cadbury owner Mondelez International had said its staff in different regions were experiencing technical problems, Reuters reported.

Mondelez said some of its New Zealand systems were affected but production in Dunedin was unchanged.

A terminal operated by the shipping giant Moller-Maersk at India's biggest container port had to shut down its computer systems because of the attack.

The facility, called Gateway Terminal India, was unable to identify which shipment belonged to whom.

The major global cyber attack, dubbed GoldenEye or Petya, has disrupted servers at Russia's biggest oil company and Ukraine's international airport.

Russian oil company Rosneft said its systems had suffered "serious consequences" but production had not been affected because it switched over to backup systems. Maersk reported outages at facilities including its Los Angeles terminal. WPP, the world's largest advertising agency, said it was also infected.

Russia and Ukraine were most affected, with other victims spread across countries including the United States, Britain, France, Germany, Italy, Poland.

Banks in the Ukraine were hit by the malware. This banking machine in Kiev was unable to dispense cash "for technical reasons".

Several banks were hit in Ukraine, one of the worst affected countries. This banking machine in Kiev was unable to dispense cash. Photo: AFP

Cyber crime reporter Kim Zetter said once the malware got into a system administrator it could spread to all parts of an international company's network.

New Zealand's cyber emergency response authority, Cert NZ, advised people to back up their systems and store files outside their network. If the ransomware did hit, people should turn off their computer, and not turn it on again, as an IT specialist may be able to recover the files.

Nick Savvides, strategist at security firm Symantec, said New Zealand was not immune to the fast-growing area of cyber crime.

"It's attracting more and more criminals and more and more unsophisticated criminals who go and buy ransomware toolkits on the black market and try their hand at making money."

The ransomware was not hugely sophisticated but had spread quickly because companies hadn't protected their systems against it, he said.

- RNZ / ABC / Reuters

Get the new RNZ app

for ad-free news and current affairs