Lyttelton Port suspends operations over WannaCry ransomware attack

UPDATE 6.15pm:  Lyttelton Port will suspend operations tomorrow to secure its IT system over threats from the global WannaCry ransomware cyber attack. 

The council-owned port says an IT outage will be in place from 11pm Tuesday until 7am on Wednesday to let its IT department install measures "to limit the risk of attack to our IT systems" in response to the ransomware attack. The outage will give the port's system the required security to respond to the threat. 

"Due to this outage, operations will be temporarily suspended during this time. There will be no R&D (receiving and delivering) throughout this period," the statement says. "The outage will also affect use of the N4 Export Pre-advise system, which is used to help manage containers."

In another development, Cert warns that phone scammers are trying to exploit fears over WannaCry. The calls are a variation on a long-standing scam where hackers pretend to be Microsoft support. Read the Crown agency's adivsory on the scam, and its latest guide to protecting yourself, here.

EARLIER: Security expert warns WannaCry ransomware makers have retooled and got around the kill switch activation.

A security expert is warning that the worldwide WannaCry ransomware attack is not over yet.

Over the weekend, initial panic was mollified after a 22-year-old UK computer geek discovered – then triggered – a kill switch in the malicious software, which locks up data on a Windows PC and will only free it if $US400 in Bitcoin is handed over.

Symantec cyber-security strategy manager Nick Savvides says, “We’re already seeing variants that might not have the kill-switch.”

There were fears that with white collar workers returning to the office today, there would be a fresh upsurge in infections.

A screen grab from a PC infected with WannaCry. Its creators leave enough functionality on a PC for its owner to pay their $US400 ransom, plus admirably (if that's the word) clear and concise instructions for how to pay it in Bitcoin.

As of midday, the government's newly-formed Computer Emergency Response Team or "Cert" (Cert.govt.nz) was reporting no PCs hijacked by WannaCry in New Zealand – contradicting interactive maps released by several security software makers that showed a sprinkling of attacks hitting our shores. Later in the day, it tweeted "We've received a small number of unconfirmed reports of #wannacry #ransomware affecting NZers."

Mr Savvides says publicity over the weekend will have dampened WannaCry’s impact today. People have updated security software or Windows updates (see links to Microsoft’s rush-released Windows security patches here) and are exercising caution over email attachments (the WannaCry crew keep mixing it up but often “phishing” emails used to spread malware involve attachments that purport to be invoices; be wary of any unexpected invoices or other unexpected documents).

However, he says it’s certain that some New Zealanders have been hit.

Victim shame or embarrassment often prevents people or companies reporting infections, he says.

Cert did not officially respond to an NBR request for comment but one of the agency's advisers told NBR he had only fielded one WannaCry inquiry as of midday, and no reports of infections (a mitigating circumstance: many businesses will be unaware Cert exists at this point).

Mr Savvides says his company has tracked a huge increase in ransomware attacks recently.

He says Symantec is aware of hospitals and even police departments in the US who have paid up to get critical data back.

Like Netsafe, he recommends not paying up (although there is at least one contrarian voice on that matter in the legal community).

He says there is a "gold rush" mentality as crews of hackers see how much money others are making from the jape, then follow suit. In the immediate future, he sees the problem getting worse.

With reporting by BusinessDesk