The source of aTuesday that disabled automated systems in governments, banks, grocery stores, an airport and more throughout Europe and the U.S. is still a mystery as several experts singled out a Ukrainian accounting software as the culprit.
“The suspicions are that this is a criminal motive. Why? because they’re asking for money,” Carl Herberger from Radware cybersecurity told CBS News’ Elizabeth Palmer.
The attack, a variation of the ransomware Petya, started in Kiev and spread all over the world. It had two layers of encryption — meaning files and their backups could be infected — which is more advanced than most cyberattacks, CNET’s Alfred Ng told CBSN. Security experts said the attack shares a similarity with last month’s WannaCry attack: Both spread by using digital break-in tools purportedly created by the U.S. National Security Agency and recently leaked online.
Infected computers told users to pay $300 in. Corporate titans from New Jersey-based Merck pharmaceuticals to the Danish shipping company Moller Maersk to were hit in the attack.
How the software was spread is not yet known, but several experts singled out Ukrainian accounting software called MEDoc — which in a brief message posted to its website — acknowledged having been hacked. A series of tweets issued by Ukraine’s cyberpolice unit singled out MEDoc.
Several vendors — including Kaspersky Lab and Cisco — have already identified MEDoc as a likely vector for the initial infections. Ukraine’s cyberpolice said Tuesday that the rogue update occurred around 10:30 a.m. local time, seeding the infection to an undisclosed number of organizations across the country. Then, just as a few dropped matches can feed a…