Cyberattack | Online group re-emerges to taunt US intelligence

A computer screen cyberattack warning notice reportedly holding computer files to ransom, as part of a massive international cyberattack, at an office in Kiev

The day after a particularly virulent strain of ransomware burst across the globe, the mysterious Shadow Brokers group has re-emerged to taunt the U.S. National Security Agency.

It’s a possible hint at the shadowy spy games being played behind the scenes of the cybersecurity crisis.

The Shadow Brokers, who have spent nearly a year publishing some of the American intelligence community’s most closely guarded secrets, posted a new message to the user-driven news service Steemit yesterday carrying new threats, a new money-making scheme and nudge-nudge references to the ransomware explosion that continues to cause disruption from Pennsylvania to Tasmania.

“Another global cyber attack is fitting end for first month of theshadowbrokers dump service,” the group said, referring to a subscription service which purportedly offers hackers early access to some of the digital NSA’s break-in tools. “There is much theshadowbrokers can be saying about this but what is point and having not already being said?”

Kaspersky Lab says a massive cyberattack that has locked computers across the world involved a new malware.

The company said that its preliminary findings suggest that it is not a variant of Petya ransomware, as some reports indicated, but a new ransomware that has not been seen before.

It named it ExPetr, noting that “while it has several strings similar to Petya, it possesses entirely different functionality.”

The company said its telemetry data indicates around 2,000 attacked users so far. It added that organizations in Russia and Ukraine were the most affected, and hits were also registered in Poland, Italy, the U.K., Germany, France, the U.S. and several other countries.

It added that the cyberattack involved modified EternalBlue and EternalRomance exploits.

In Ukraine, the cabinet said an outburst of malicious software has been contained.

The ransomware that paralyzed computers across the world hit Ukraine hardest Tuesday, with victims including top-level government offices, energy companies, banks, cash machines, gas stations, and supermarkets.

The Cabinet said yesterday’s statement that the cyber-assault has been stopped and the situation now is under “full control.”

It added that “all strategic assets, including those involved in protecting state security, are working normally.”

Ukrainian railways said in a separate statement that the cyberattack has caused some disruptions with money transactions, but its operations haven’t been affected.

In Russia, Rosneft oil company says some of its gas stations have been affected by the outbreak of malicious software, but production operations haven’t been hurt.

The company said yesterday it’s too early to assess the damage from malicious software that has crippled computers across the world.

It acknowledged that it has faced some problems, which are being dealt with quickly. Rosneft said cash registers at some of its gas stations have been affected, but didn’t offer further details.

Rosneft emphasized that its production cycle hasn’t been affected by ransomware.

The Kremlin said that a ransomware attack that has affected computers across the world highlights the need for close international cooperation in fighting cybercrime.

Russian President Vladimir Putin’s spokesman Dmitry Peskov said the attack “again proves the Russian thesis that such a threat requires cooperation on the global level.” MDT/AP