A cyber attack wreaked havoc around the globe on Wednesday, crippling thousands of computers, disrupting operations at ports from Mumbai to Los Angeles and halting production at a chocolate factory in Australia.
The virus is believed to have first taken hold on Tuesday in Ukraine where it silently infected computers after users downloaded a popular tax accounting package or visited a local news site, national police and international cyber experts said.
The malicious code locked machines and demanded victims post a ransom worth $300 in bitcoins or lose their data entirely.
More than 30 victims paid up but security experts are questioning whether extortion was the goal, given the relatively small sum demanded, or whether the hackers were driven by destructive motives rather than financial gain.
Ukraine, the epicenter of the cyber strike, has repeatedly accused Russia of orchestrating attacks on its computer systems and critical power infrastructure since its powerful neighbor annexed the Black Sea peninsula of Crimea in 2014.
The Kremlin, which has consistently rejected the accusations, said on Wednesday it had no information about the origin of the global cyber attack, which also struck Russian companies such as oil giant Rosneft (ROSN.MM) and a steelmaker.
ESET, a Slovakian company that sells products to shield computers from viruses, said 80 percent of the infections detected among its global customer base were in Ukraine, with Italy second hardest hit with about 10 percent.
The aim of the latest attack appears to be disruption rather than ransom, said Brian Lord, former deputy director of intelligence and cyber operations at Britain’s GCHQ and now managing director at private security firm PGI Cyber.
“My sense is this starts to look like a state operating through a proxy … as a kind of experiment to see what happens,” Lord told Reuters on Wednesday.