SYDNEY (Reuters) - A Cadbury chocolate factory has become the first Australian business to be hit by a global cyber attack, a trade union official said, underscoring the rapid spread of the latest ransomware extortion campaign.
The attack has already disrupted computers at Russia’s biggest oil company, Ukrainian banks and multinational firms with a virus similar to the ransomware that infected more than 300,000 computers last month.
Production at the Cadbury factory on the island state of Tasmania ground to a halt late on Tuesday after computer systems went down, said Australian Manufacturing and Workers Union state secretary John Short.
Factory workers “weren’t sure what it was but, as the night’s gone on, they’ve realised there’s been some significant attacks around the world”, Short told Reuters.
Cadbury owner Mondelez International Inc said in a statement released overnight staff in various regions were experiencing technical problems but it was unclear whether this was due to a cyberattack.
A Mondelez spokeswoman in Australia had no immediate comment.
The Cadbury factory, which employs about 500 people, makes about 50,000 tonnes of chocolate a year, mostly for sale in Australia. Production remained frozen on Wednesday morning and it was unclear when it would resume, Short said.
Australian staff of global law firm DLA Piper Ltd were quoted telling domestic media they were shut out of their computer systems because of the attack. DLA Piper said in a statement it was hit by a suspected malware attack and that it was “taking steps to remedy the issue”.
Australian Cyber Security Minister Dan Tehan said the attack, a month after the similar WannaCry attack, was “a wake-up call to all Australian businesses to regularly back up their data and install the latest security patches”.
The latest ransomware virus, named “Petya”, has crippled computers running Microsoft Corp’s Windows by encrypting hard drives and overwriting files, then demanding $300 in bitcoin to restore access.
It includes code known as “Eternal Blue”, which cyber security experts widely believe was stolen from the U.S. National Security Agency and was also used in the WannaCry attack.
Mike Sentonas, regional vice president of U.S. cybersecurity company CrowdStrike Inc, said it was unclear how many Australian computers were affected by the latest attack but “what is different about this ransomware is its ability to spread, even if a computer has been patched”.
Reporting by Byron Kaye; Editing by Paul Tait