BERLIN (Reuters) - More than a dozen German firms were hit by a computer virus that infected their Ukrainian subsidiaries and caused thousands of euros of damage by stalling production processes, the head of the German federal cyber agency told Reuters on Thursday.
Arne Schoenbohm, president of the BSI cyber agency, declined to say exactly how many German firms were affected, but said it was a “low two-digit number”, and all the known cases thus far were infected through a Ukrainian subsidiary.
No German government sites were affected, since the infections occurred through Ukrainian accounting software that was not used by German government agencies, Schoenbohm said in a telephone interview with Reuters.
Ukrainian officials on Thursday said the crippling worm, which has paralyzed thousands of machines worldwide, was likely targeted at that country’s computer infrastructure. The virus has shut down ports, factories and offices as it spread through internal organizational networks to an estimated 60 countries.
BSI has urged German firms to report any problems, install software patches when issued and carry out regular anti-virus software updates.
German postal and logistics company Deutsche Post on Tuesday said its Ukrainian division had been hit.
Germany’s BSI estimates that about 60 percent of the infections occurred in the Ukraine, 30 percent in Russia, and the rest spread among other countries, Schoenbohm said, citing external estimates that over 2,000 companies had been hit worldwide.
It was not clear if the main intent was to spread ransomware or to wreak destruction on computer networks, but the incident had “not proven effective as a way to earn money”, he said.
Ransomware payments were limited due to rapid action by German email provider Posteo to shut down an email account used by hackers, Schoenbohm said.
Ukraine, the epicenter of the cyber strike, has repeatedly accused Russia of orchestrating attacks on its computer systems and critical power infrastructure since its powerful neighbor annexed the Black Sea peninsula of Crimea in 2014.
The Kremlin, which has consistently rejected the accusations, said on Wednesday it had no information about the origin of the global cyber attack, which also struck Russian companies such as oil giant Rosneft (ROSN.MM) and a steelmaker.
Reporting by Andrea Shalal; Editing by Toby Davis