A recent global ransomware attack that hit Australia’s Tasmanian Cadbury factory has sparked speculation of a Russian conspiracy with roots in the Kremlin.
Vice reported overnight that the attack initially targeted Ukraine’s infrastructure, before spreading around the world and locking down computer systems with demands for ransom in the Bitcoin currency.
The attack affected many high-profile companies across the world, including shipping giant Maersk, and the Chernobyl nuclear reactor radiation monitoring system.
It is believed that the ransomware was spread in attempt to destroy data on infected systems.
“Experts believe the real attack has been camouflaged to deflect attention from a state-sponsored attack on Ukraine, orchestrated by the Kremlin as part of its ongoing destabilization campaign against its neighbour,” Vice reported.
Comae Techologies said the malware was designed to masquerade as ransomware, but was, in fact, a malware that destroys all records from the system it infects.
Comae founder Matt Suiche said he believed the ransomware was a lure used to control the media surrounding the attack.
“[It was used] to attract the attention on some mysterious hacker group rather than a national state attacker,” he said.
PGI Cyber managing director Brian Lord said the aim of the attack appeared to be disruption rather than ransom.
“My sense is this starts to look like a state operating through a proxy as a kind of experiment to see what happens,” he said.
The attack has highlighted a failure by companies who fell victim to the hacking to adequately secure their networks.
Australian Manufacturing Workers’ Union state secretary John Short said he thought Cadbury would have better protection for its systems.
“It’s a highly advanced site and highly automated. Most of the production process is controlled by computers,” he told ABC Radio Hobart.
“I would have thought most companies would have been right on ball when it comes to making sure their computer systems are protected, because if you’re not protecting the computer systems then workers will be affected by that.”
There are important steps that businesses should take to ensure the best defence against future malware and ransomware attacks; installing the latest software updates, patching against software vulnerabilities and having up-to-date protection software.