Germany’s BSI federal cyber agency said on Friday that the threat posed to German firms by recent cyber attacks launched via a Ukrainian auditing software was greater than expected, and some German firms had seen production halted for over a week.
Analyses by computer experts showed that waves of attacks had been launched via software updates of the M.E.Doc accounting software since April, the BSI said in a statement.
That meant that companies that used the software might have been infected by the malicious software, even if there were no obvious signs of a breach, BSI said. Data backups carried out after April 13 should also be viewed as compromised.
“Some German firms have seen production and other critical processes laid still for over a week,” BSI President Arne Schoenbohm said. “It has resulted in millions of euros of damage, and this in a case where Germany got off lightly.”
BSI last week said more than a dozen German companies had been affected by the virus which has been dubbed “NotPetya” by some experts, all via a subsidiary in Ukraine.
The Ukrainian software firm used to launch the global cyber attack this week said all computers sharing a network with its infected accounting software had been compromised by hackers.
The German statement added to the growing conviction among experts that the global attack was more harmful than initially believed. The virus took down thousands of computers in dozens of countries, disrupting shipping and businesses.
German security officials are still investigating the origin of the virus and do not have reliable data to confirm a claim by the Ukrainian government that Russia was behind the attack.
Chancellor Angela Merkel is hosting Russian President Vladimir Putin and other world leaders in Hamburg this week, but there has been little public discussion about cyber security.
Schoenbohm said the latest attacks were at least harmful as the WannaCry ransomware attacks seen in May.
The agency said it had information making clear that significant efforts were required to restore business processes once infected.
“We must continue to increase Germany’s resilience in the wake of cyber attacks,” Schoenbohm said.
The agency urged German companies to separate networks that had the M.E. Doc software installed, to increase network surveillance and to look for any signs of compromise.
Password changes and software updates for all infected networks were crucial, the agency said, noting that companies should also review administrative settings for networks.