Companies, governments assess damage from latest malware

AP PHOTO
A screen of an idle virus affected cash machine in a state-run OshchadBank says "Sorry for inconvenience/Under repair" in Kiev, Ukraine, Wednesday.

AP PHOTO A screen of an idle virus affected cash machine in a state-run OshchadBank says "Sorry for inconvenience/Under repair" in Kiev, Ukraine, Wednesday.

PARIS — Companies and governments around the world on Wednesday counted the cost of a software epidemic that has disrupted ports, hospitals and banks.

Logistics firm FedEx says deliveries by its TNT Express subsidiary have been “slowed” by the cyberattack, which had “significantly affected” its systems.

Ports operated by the Danish shipping giant A.P. Moller-Maersk are still crippled. An Alabama port official, James K. Lyons, said crews at Maersk’s APM terminal in Mobile, Alabama, have been loading and unloading containers in manual mode, without the normal computerized coordination. The company’s operations were shuttered in Mumbai, India, Port Elizabeth, New Jersey, and Los Angeles, among others.

In a statement, Moller-Maersk acknowledged that its APM Terminals had been “impacted in a number of ports” and that an undisclosed number of systems were shut down “to contain the issue.” The company declined to provide further detail or make an official available for an interview.

Ukraine, which was hardest hit and where the attack likely originated, said it had secured critical state assets — though everyday life remained affected, with cash machines out of order and airport displays operating manually.

As the impact of the cyberattack that erupted Tuesday was still being measured at offices, loading docks and boardrooms, the Ukrainian Cabinet said that “all strategic assets, including those involved in protecting state security, are working normally.”

But that still left a large number of non-strategic assets — including dozens of banks and other institutions — fighting to get back online. Cash machines in Kiev seen by an Associated Press photographer were still out of order Wednesday, and Ukrainian news reports said that flight information at the city’s Boryspil airport was being provided in manual mode.

A local cybersecurity expert discounted the Ukrainian government’s assurances.

“Obviously they don’t control the situation,” Victor Zhora of Infosafe in Kiev told the AP.

At the very least, cybersecurity firms say thousands of computers worldwide have been struck by the malware, which goes by a variety of names, including ExPetr.

In Pennsylvania, lab and diagnostic services were closed at the satellite offices of the Heritage Valley Health System. In Tasmania, an Australian official said a Cadbury chocolate factory had stopped production after computers there crashed. Other organizations affected include U.S. drugmaker Merck, food and drinks company Mondelez International, global law firm DLA Piper, and London-based advertising group WPP.

But most of the damage remains hidden away in corporate offices and industrial parks.

As IT security workers turned their eye toward cleaning up the mess, others wondered at the attackers’ motives. The attack has the telltale signs of ransomware, which scrambles a computer’s data until a payment is made, but some experts believe this attack was less aimed at gathering money than at sending a message to Ukraine and its allies.