Ransomware halts production at Cadbury's Tasmanian chocolate factory

Chocolate production at Cadbury's factory in Hobart has been stopped by the latest global cyber attack.
Written by Chris Duckett, Contributor

Production at Cadbury's famous chocolate factory in Hobart has ground to a halt after its parent company was engulfed in the latest malware attack sweeping the world.

The Australian Manufacturing Workers' Union's Tasmanian secretary John Short said production stopped about 9.30pm on Tuesday after computers stopped working at the factory, which is owned by Spanish food giant Mondelez.

Short said the factory's 500 employees, who produce about 50,000 tonnes of chocolate a year, turned up for work on Wednesday, but it's unclear how long it will take to restore the computer systems so production can resume.

"Obviously we're hopeful it's not going to be too long but we're not sure how severe the attack is," Short told AAP.

Unlike the recent WannaCry incident in which Australia remained relatively unscathed, the country has felt this latest malware outbreak.

Delivery giant TNT and international legal firm DLA Piper, both of which have offices across Australia, are among those struggling to get their computers working again after they were frozen by the Petya virus.

A TNT spokeswoman said customers in Australia are experiencing some interruptions to deliveries.

"We are assessing the situation and are implementing remediation steps as quickly as possible," she said.

Australian Minister Assisting the Prime Minister for Cyber Security Dan Tehan called on any affected local businesses to contact the Australian Cyber Security Centre.

"This ransomware attack is a wake-up call to all Australian businesses to regularly backup their data and install the latest security patches," he said.

Initial reports of the malware outbreak arrived from Ukrainian banks, energy companies, Kiev's Boryspil International airport, and the radiation monitoring facility at Chernobyl.

British advertising firm WPP, which has offices in Australia, was also swept up in the attack.

Security firms have said the ransomware is a Petya strain called GoldenEye that encrypts entire drives rather than just files. However, researchers at Kaspersky Lab have dubbed it NotPetya and say it is ransomware that has not been seen before.

The ransomware demands a bitcoin payment to a now-defunct email address, after it was blocked by email provider Posteo. At the time of writing, the bitcoin wallet tied to the ransomware had collected around $8,800 in ransoms.

Current wisdom from security experts suggest this malware encrypts on boot and seeing a CHKDSK message means the machine is infected, but the drive is not yet encrypted, and data should be salvageable by booting from a LiveCD.

It also appears that creating a file named perfc, perfc.dat or perfc.dll may inoculate machines against the malware.

With AAP

Editorial standards