Major cyberattack hits businesses, hospitals and schools around the world
London / Madrid: A global cyber attack using hacking tools believed to have been developed by the United States National Security Agency has infected tens of thousands of computers in nearly 100 countries, disrupting Britain’s healthcare system and global shipper FedEx.
Cyber extortionists tricked victims into opening malware attachments to spam emails that appeared to contain invoices, job postings, security warnings, and other legitimate files.
The ransomware encrypted data on computers, demanding payments of $ 300 to $ 600 to restore access. Security researchers have said they have observed victims paying via bitcoin digital currency, although they do not know what percentage yielded to extortionists.
Researchers at security software maker Avast said they had observed 57,000 infections in 99 countries, with Russia, Ukraine and Taiwan being the main targets.
Asian countries did not report any major breaches on Saturday, but officials in the region have been scrambling to verify and the extent of the damage may not be known for some time.
China’s state-run news agency Xinhua said some high schools and universities had been affected, without specifying their number or identifying them.
The most disruptive attacks were reported in Britain, where hospitals and clinics were forced to turn away patients after losing access to computers on Friday.
International shipper FedEx Corp said some of its Windows computers were also infected. “We are implementing corrective measures as quickly as possible,” he said in a statement.
FROM ARGENTINA TO SPAIN
Only a small number of US-based organizations have been affected as hackers appear to have started the campaign by targeting organizations in Europe, said Vikram Thakur, head of research at security software maker Symantec.
By the time they turned their attention to the United States, spam filters had identified the new threat and flagged the ransomware-laden emails as malicious, Thakur added.
The worm’s infections appeared to have diminished considerably after a security researcher purchased a domain to which the malware connects, which accidentally compromised the effectiveness of the malware.
Making the domain active appears to have curbed the spread of the worm, Thakur said on Saturday.
“The numbers are extremely low and are dropping rapidly,” he said, warning that any change in the original code could cause the worm to flare up again.
The US Department of Homeland Security said Friday evening that it was aware of reports of the ransomware, was sharing information with domestic and foreign partners, and was ready to provide technical support.
Telecommunications company Telefonica was among many targets in Spain, although it said the attack was limited to certain computers on an internal network and did not affect customers or services. Portugal Telecom and Telefonica Argentina both said they were also targeted.
Private security companies identified the ransomware as a new variant of “WannaCry” that had the ability to automatically spread over large networks by exploiting a known bug in Microsoft’s Windows operating system.
The hackers, who did not come forward to claim responsibility or were not identified, likely made it a “worm” or self-propagating malware, by exploiting a piece of NSA code known as name “Eternal Blue” which was released last month by a group known as Shadow Brokers, researchers from several private cybersecurity firms said.
“This is one of the biggest global ransomware attacks the cyber community has ever seen,” said Rich Barger, director of threat research at Splunk, one of the companies that linked WannaCry to the NSA.
The Shadow Brokers released Eternal Blue as part of a mine of hacking tools they claim belonged to the US spy agency.
Microsoft has said it is implementing automatic Windows Updates to defend customers against WannaCry. He released a patch on March 14 to protect them from Eternal Blue.
“Today, our engineers added detection and protection against new malware known as Ransom: Win32.WannaCrypt,” Microsoft said in a statement Friday, adding that it was working with customers to provide effective additional assistance.
The spread of the ransomware ended a week of cyber unrest in Europe that began the previous week when hackers released a mine of campaign materials related to French candidate Emmanuel Macron just ahead of a run-off in which he was elected president of France.
Hackers disrupted the websites of several French media companies and aerospace giant Airbus on Wednesday. Additionally, the hack occurred four weeks ahead of a UK general election in which national security and the management of the state-run National Health Service (NHS) are important issues.
UK authorities braced for cyber attacks in the run-up to the vote, as happened in last year’s US election and on the eve of the French vote.
But these attacks – blamed on Russia, which has repeatedly denied them – followed a different modus operandi of breaking into the accounts of individuals and political organizations, then distributing pirated material online.
Russia’s Interior and Emergency Ministries, as well as its largest bank, Sberbank, said on Friday they were targeted. The Home Office said on its website that around 1,000 computers had been infected but had located the virus.
The emergency ministry told Russian news agencies it had fought back cyber attacks while Sberbank said its cybersecurity systems had kept viruses out of its systems.
NEW RACE OF RANSOMWARE
Although cases of cyber extortion have been on the rise for several years, they have so far affected small and medium-sized organizations, disrupting the services provided by hospitals, police departments, public transport systems and public utilities. audiences in the United States and Europe.
“Seeing a large telecommunications company like Telefonica be affected is going to worry everyone. Now ransomware is affecting large companies with more sophisticated security operations,” said Chris Wysopal, chief technology officer at cybersecurity company Veracode.
The news is also likely to embolden extortionists when selecting targets, said Chris Camacho, chief strategy officer at cyber-espionage firm Flashpoint.
In Spain, some large companies have taken preventative measures to thwart ransomware attacks following a warning from the National Cryptology Center of “a massive ransomware attack”.
Iberdrola and Gas Natural, as well as Vodafone’s unit in Spain, have asked staff to turn off computers or cut internet access in case they have been compromised, company representatives said.
The attacks did not disrupt the provision of services or the functioning of victims’ networks, the Spanish government said in a statement.
© Thomson Reuters 2017
(This story was not edited by NDTV staff and is auto-generated from a syndicated feed.)