A Cadbury chocolate factory in Tasmania could be the first Australian victim of a new global ransomware attack, reportedly suspending activity at the facility.
The Claremont, Hobart factory was reportedly crippled by a variant of the Petya virus known as Goldeneye, which has locked up staff workstations, displaying a black screen with DOS-style text informing users their files would no longer accessible unless they sent a disclosed amount to a specified Bitcoin address. One screenshot posted to Twitter showed the amount to be $300.
The attack appears to have affected Cadbury's parent company Mondelez, which said it was working to address the global IT outage and contain further exposure to its network.
"Our teams are working offline in an effort to maintain business continuity with our customers and consumers around the world. We will share updates with our suppliers and partners as they become available," the company said. "At this time, we do not know when our systems will be restored but we appreciate everyone’s patience, understanding and partnership during this process."
According to a report by the ABC, a union official said the facility’s computer system went down at 9.30pm on Tuesday evening.
A security advisory released by Sydney-based cyber security firm Content Security says the virus is delivered via a phishing email with a .doc attachment, with one example having been seen as 'Order-20062017.doc'. The doc file uses a vulnerability in Microsoft Office and Wordpad to execute and begin a chain of exploitation. Once a machine is infected, it spreads within a network using the same exploit seen used by the WannaCry virus.
The Petya virus has spread rapidly across the globe using the same tools exploited by the recent WannaCry attacks.
CRN’s sister site iTnews reported that the Goldeneye variant of the new encryption virus as having two layers of encryption, in which individual files are encrypted as well as the encryption of NTFS structures. Goldeneye encrypts the entire hard disk drive before locking its users out.
The campaign of attacks began on Tuesday, taking out servers at Russia’s biggest oil company, disrupting operations at Ukranian banks and shutting down computers at multinational shipping and advertising firms.
British multinational advertising agency WPP has reportedly been hit, with agency trade publications reporting the company has ceased operating on desktop workstations.