Sony Pictures struggles to restore systems, 8 days after cyber attack with rare virus

An entrance to Sony Pictures Entertainment is pictured in Culver City, California in this April 14, 2013 photo. -- PHOTO: REUTERS
An entrance to Sony Pictures Entertainment is pictured in Culver City, California in this April 14, 2013 photo. -- PHOTO: REUTERS

LOS ANGELES/WASHINGTON/BOSTON (Reuters) - Eight days after a massive cyber attack on Sony Pictures Entertainment, the Hollywood studio was still struggling to restore some systems on Tuesday evening as investigators combed for evidence to identify the culprit.

Some employees at the Sony Corp entertainment unit studio were given new computers to replace ones that had been attacked with the rare data-wiping virus, which had made their machines unable to operate, according to a person with knowledge of Sony's operations.

The hack, which was launched on Nov 24, only affected computers with Microsoft Corp's Windows software, so Sony employees using Apple Inc Macs, including many in the marketing department, had not been affected, according to the person who was not authorised to publicly discuss the attack.

The difficulties to restore service at Sony underscore the severity of the breach, which experts say is the first major attack on a US company to use a highly destructive class of malicious software that is designed to make computer networks unable to operate.

Government investigators led by the FBI are considering multiple suspects in the attack, including North Korea, according to a US national security official with knowledge of the investigation.

The FBI on Monday warned US businesses about hackers' use of malicious software and suggested ways to defend themselves. The warning said some of the software used by the hackers had been compiled in Korean, but it did not discuss any possible connection to North Korea.

Sony Pictures Entertainment shut down its internal computer network last week to prevent the data-wiping software from causing further damage, forcing employees to use paper and pen.

The studio has brought back some systems on line, focusing first on those from which the company generates revenues, including those involved with marketing and distributing its films and TV shows, according to the person with knowledge of the studio's operations.

Representatives with the California-based studio have declined to publicly comment on the extent of the breach or discuss who they suspect is behind the attack.

The US national security official, who asked to remain anonymous, told Reuters on Tuesday that the forensic investigation is in its early stages, and that no clear suspects have emerged.

But the official said multiple suspects are being assessed, including the North Korean government, other nations and private parties.

Representatives with the FBI and Department of Homeland Security, which are investigating the breach, declined to comment.

The technology news site Re/code reported on Nov 28 that Sony was investigating whether hackers working on behalf of the North Korean government were responsible for the attack as retribution for the company's backing of the film The Interview.

The comedy, which is due to be released in the United States and Canada on Dec 25, is about a Central Intelligence Agency plot to assassinate North Korean leader Kim Jong Un. Pyongyang denounced the film as "an act of war" in a letter to UN Secretary-General Ban Ki Moon in June.