The cyber-attack which initially targeted Russia and the Ukraine is also spreading to elsewhere in the world. The Danish transport and logistics company, Maersk, which in particular operates from the port of Zeebrugge, and the biopharmaceutical company MSD, actively trading in Belgium, were also affected. The Federal Computer Crime Unit (“FFCU”) has not yet received any indication of other companies affected in Belgium. This has been indicated by its Director, Walter Coenraets.
The cyber-attack initially hit the Ukrainian authorities and the Russian energy giant Rosneft. The pirates are hiding behind the virus Petrwrap, a modified version of the ransomware, Petya. They are demanding 300 dollars for each computer affected. This information comes from a Russian company specialising in hacking, Group-IB.
In Belgium, Maersk, through its subsidiary APM, is currently experiencing difficulties in operating out of its Zeebrugge terminals. Joachim Coens, the Director of the Bruges port, says, “The IT system which manages these operations is currently disabled. We are having to do everything manually.”
The Director of Communications at MSD, which produces medicines, is also coming up against issues. MSD is a subsidiary of the giant Merck & Co Inc., the first company in the US to be hit by the virus. De Tijd reports that the food business, Mondelez, was also faced with IT problems.
Contacted by the Belga press agency, the Computer Crime Unit indicated that it did not know of other Belgian companies affected by the virus. The director of the unit, Walter Coenraets, said, “We are in the process of analysing ransomware samples to determine where this virus is coming from.”
Information which the FCCU has obtained, indicates that the current cyber-attack may originate from vulnerabilities that the NSA (National Security Agency) had discovered within the operating system Windows XP, and which reached the Internet despite the NSA’s infrastructure. Olivier Bogaert, the Commissioner at the FCCU warned, “This type of attack may multiply in the future.”
Companies or private individuals attacked by the virus can go to the Federal Cyber Emergency Team (cert.be) for information or to make a complaint. The FCCU is seeking samples of the ransomware to be able to analyse it.