Global scramble to tackle new malware; Singapore largely unscathed

Many organisations here have patched systems, but experts say worst is not over yet

Virus hits European computer servers.VIDEO: REUTERS

While some of the world's governments and largest organisations scramble to restore services in the aftermath of the latest ransomware attack, Singapore's key installations and services have largely dodged the bullet - so far.

Experts warn that the worst is not over yet, with the latest attack, which has hit countries in Europe, India and the United States, still infecting systems worldwide.

NotPetya, which first emerged on Tuesday, has struck governments, advertising agencies and port operators globally - with the most severe impact reported in Russia, Ukraine and some other parts of Europe.

Singapore largely escaped the latest attack as many organisations had patched their vulnerable systems following last month's WannaCry ransomware scare, system integrators told The Straits Times.

The Singapore authorities confirmed they have not received any report on NotPetya ransomware infection here so far. In a joint statement yesterday, Singapore's Cyber Security Agency and GovTech said: "None of Singapore's 11 critical information infrastructure sectors was affected; our government systems have not been affected."

The Government is closely monitoring the global situation, while GovTech has implemented measures in government systems to keep malware, including ransomware, at bay. However, the Singapore offices of some international firms, including British advertising giant WPP, were affected.

Some Singapore staff of WPP's agencies told ST that they received an internal memo yesterday informing them to shut down all computers. As a precaution, some employees were using their own computers to work. Some also worked from home yesterday.

NotPetya is said to be more dangerous and intrusive than WannaCry, which subsided after a kill switch was accidentally applied last month.

Mr Jeffrey Kok, CyberArk's technical director for Asia-Pacific and Japan, said: "It is hard to predict NotPetya's impact on Singapore and Asia just yet. NotPetya is more potent than WannaCry and does not have a kill switch."

NotPetya, a variant of the Petya ransomware that first surfaced in March last year, is expected to continue to infect vulnerable systems missed by WannaCry, he added.

NotPetya works in similar ways as WannaCry by exploiting the same Microsoft Windows system vulnerability. Unsuspecting e-mail users who click on infected attachments will unleash the NotPetya worm, and cause it to spread to other connected computers.

Infected systems have been locked down, with a ransom demand of US$300 (S$415) in cryptocurrency to unlock each system.

Russia's top oil producer Rosneft and the Ukrainian government were among the first to be hit. India's largest container operation, Jawaharlal Nehru Port Trust, was reportedly disrupted. Pharmaceutical giant Merck said some of its US facilities were hit, while production at a Cadbury chocolate factory in Tasmania, Australia, ground to a halt.

Mr Steve Ledzian, senior director at FireEye, a security systems specialist, said organisations should promptly install software updates and patches to minimise their exposure to malware. Critical files must be backed up daily, and the copies encrypted and kept offline.

Experts have also advised against paying the ransom. Said Mr Nick Fitzgerald, a senior research fellow at security software maker ESET Asia-Pacific: "People shouldn't pay the ransom as they will not be able to receive the decryption key."


A version of this article appeared in the print edition of The Straits Times on June 29, 2017, with the headline 'Global scramble to tackle new malware; S'pore largely unscathed'. Subscribe