Massive extortion cyber attacks hit computers across the globe

A massive ransomware attack has hit thousands of computers across three continents. Government offices, hospitals, multinational companies and private users have been affected.

Photo by: AFP Archive
Photo by: AFP Archive

The attackers used a bug called ransomware which blocks access to files until a ransom is paid.

Updated May 13, 2017

A huge extortion cyber attack hit dozens of nations on Friday, holding computer data for ransom at government offices, hospitals, telecommunications firms and other companies.

The attack appeared to exploit a vulnerability purportedly identified for use by the US National Security Agency and later leaked to the internet.

The United Kingdom's health service was also hit hard as the attack froze computers at hospitals across the country, shutting down wards, closing emergency rooms and bringing medical treatments to a screeching halt.

Related attacks were reported in Spain, Portugal and Russia.

IT security firms Kaspersky Lab and Avast said they had identified the malware behind the attack in upward of 70 countries, although both said the attack had hit Russia hardest.

TRT World's Christine Pirovolakis gives more details.

United Kingdom

Hospitals in areas across the UK found themselves without access to their computers or phone systems.

Many cancelled all routine procedures and asked patients not to come to the hospitals unless it was an emergency. Some chemotherapy patients were even sent home because their records could not be accessed.

Most of the affected hospitals were in England, but several facilities in Scotland also reported being hit. Doctors' practices and pharmacies reported similar problems.

Hospitals, with their often outdated IT systems and trove of confidential patient data, are a particularly tempting target.

British Prime Minister Theresa May said there was no evidence that patient data had been compromised in the attack, and that it had not specifically targeted the National Health Service.

"It's an international attack and a number of countries and organisations have been affected," she said.

NHS Digital, which oversees UK hospital cyber security, says the attack used the Wanna Decryptor variant of malware, which infects and locks computers while the attackers demand a ransom.

Russia

The Russian Interior Ministry confirmed that around 1,000 of its computers were hit by the "ransomware" attack, which encrypts data on infected computers and demands payment, usually via the digital currency Bitcoin, to release it.

Interior Ministry spokeswoman Irina Volk told Russian news agencies it had "recorded a virus attack on the ministry's personal computers controlled by a Windows operating system."

She said the ministry's servers haven't been affected and added that ministry experts are now working to recover the system and do necessary security updates.

A source familiar with the matter told Interfax that the ministry did not lose any information in the attacks.

Russian media also said that the Investigative Committee, the nation's top criminal investigation agency, also has been targeted. The committee denied the reports.

Megafon, a top Russian mobile operator, also said it has come under cyberattacks.

Other countries

Leading international shipper FedEx Corp said it was one of the companies whose Microsoft Corp Windows system was infected with the malware that security firms said was delivered via spam emails.

"Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware," a spokeswoman said in a statement. "We are implementing remediation steps as quickly as possible."

Only a small number of US-headquartered organisations were infected because the hackers appear to have begun the campaign by targeting organisations in Europe, said Vikram Thakur, research manager with security software maker Symantec.

By the time they turned their attention to US organizations, spam filters had identified the new threat and flagged the ransomware-laden emails as malicious, Thakur said.

As similar widespread ransomware attacks were reported in Spain, Romania and elsewhere, experts warned that online extortion attempts by hackers are a growing menace.

Ransomware attacks are on the rise around the world. In February 2016, the Hollywood Presbyterian Medical Centre in California said it had paid a $17,000 ransom to regain control of its computers from hackers.

Spain, meanwhile, activated a special protocol to protect critical infrastructure in response to the "massive infection" of personal and corporate computers in ransomware attacks.

The National Center for the Protection of Critical Infrastructure says Friday it was communicating with more than 100 providers of energy, transportation, telecommunications and financial services about the attack.

The Spanish government said several companies had been targeted in ransomware cyber attack that affected the Windows operating system of employees' computers.

It said the attacks were carried out with a version of WannaCry ransomware that encrypted files and prompted a demand for money transfers to free up the system.

Spain's Telefonica was among the companies hit.

In Sweden, a local government office said it had been attacked on Friday with about 70 computers infected.

"We have around 70 computers that have had a dangerous code installed," said Andreaz Stromgren, the mayor of Timra, about 400 km  north of the capital Stockholm.

Stromgren said the computers shut down and restarted with a message saying that the files had been encrypted and demanding payment for access.

Microsoft says protection added

Microsoft said its engineers had added detection and protection against the ransomware attack.

"Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt," a Microsoft spokesman said in a statement.

It said the company was working with its customers to provide additional assistance. 

What is WannaCry?

WannaCry is a form of ransomware that locks up the files on your computer and encrypts them in a way that you cannot access them anymore.

It is a program that gets into your computer, either by clicking on the wrong thing or downloading the wrong thing, and then it holds something you need to ransom.

In the case of WannaCry, the program encrypts your files and demands payment in bitcoin in order to regain access.

Security experts warn there is no guarantee that access will be granted after payment. 

Some ransomware that encrypts files ups the stakes after a few days, demanding more money and threatening to delete files altogether.

Source: 
TRTWorld and agencies