The extortion attacks, which locked computers and held users' files for ransom, is believed to be the biggest of its kind ever recorded.

Hundreds of thousands of PCs are witnessing this lockscreen after their units were hijacked during global cyber attacks on May 12, 2017.
Hundreds of thousands of PCs are witnessing this lockscreen after their units were hijacked during global cyber attacks on May 12, 2017.

Global cyber attacks exploiting hacking tools believed to have been developed by the US National Security Agency has infected hundreds of thousands of computers in at least 99 countries.

Teams of technicians have been working "around the clock" since Friday to restore hospital computer systems in Britain and check transport services in other nations.

The extortion attacks, which were carried out with a version of WannaCry ransomware, locked computers and held users' files for ransom, is believed to be the biggest of its kind on record.

It disrupted services in nations as diverse as the US, Russia, Ukraine, Spain and India.

TRT World takes a look at the chaos caused by the attacks.

Britain's National Cyber Security Centre and its National Crime Agency were looking into the UK incidents, which disrupted care at National Health Service facilities, forcing ambulances to divert and hospitals to postpone operations.

The ransomware appeared to exploit a vulnerability in Microsoft Windows that was purportedly identified by the US National Security Agency for its own intelligence-gathering purposes and was later leaked to the internet.

Cyber extortionists tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.

The ransomware encrypted data on the computers, demanding payments of $300 to $600 in Bitcoins to restore access.

Security researchers said they observed some victims paying via the digital currency, though they did not know what percent had given in to the extortionists.

Researchers with security software maker Avast said they had observed 57,000 infections in 99 countries, with Russia, Ukraine and Taiwan the top targets.

Some experts said the threat had receded for now, in part because a British-based researcher, who declined to give his name, registered a domain that he noticed the malware was trying to connect to, limiting the worm's spread.

"We are on a downward slope, the infections are extremely few, because the malware is not able to connect to the registered domain," said Vikram Thakur, principal research manager at Symantec.

"The numbers are extremely low and coming down fast."

But the attackers may yet tweak the code and restart the cycle.

Finance chiefs from the G7 countries will commit on Saturday to join forces to fight the growing threat of international cyber attacks, according to a draft statement of a meeting they are holding in Italy.

"Appropriate economy-wide policy responses are needed," the ministers said in their draft statement.

TRT World's Christine Pirovolakis reports.

Wide-ranging cyber attack

The most disruptive attacks were reported in Britain, where hospitals and clinics were forced to turn away patients after losing access to computers on Friday.

Russia's interior ministry said that some of its computers had been hit by "virus attacks" and that efforts were underway to destroy it.

The country's central bank said the banking system was hit, and the railway system also reported attempted breaches.

The central bank's IT attack monitoring centre "detected mass distribution of harmful software" but no "instances of compromise", it said.

French carmaker Renault's assembly plant in France and Slovenia halted production after it was targeted.

International shipper FedEx Corp said some of its Windows computers were also infected. "We are implementing remediation steps as quickly as possible," it said in a statement.

Spanish telecommunications company Telefonica was among many targets in Spain which included Vodafone, Santander and even KPMG.

Portugal Telecom and Telefonica Argentina both said they were also targeted.

Only a small number of US-headquartered organisations were hit because the hackers appear to have begun the campaign by targeting organisations in Europe, said Thakur.

By the time they turned their attention to the United States, spam filters had identified the new threat and flagged the ransomware-laden emails as malicious, Thakur added.

In Asia, some hospitals, schools, universities and other institutions were affected, although the full extent of the damage is not yet known because it is the weekend.

Message to users: 'Oops'

Pictures on social media showed screens of NHS computers with images demanding payment of $300 in Bitcoin, saying: "Ooops, your files have been encrypted!"

It demands payment in three days or the price is doubled, and if none is received in seven days the files will be deleted, according to the screen message.

"Ransomware becomes particularly nasty when it infects institutions like hospitals, where it can put people's lives in danger," said Kroustek, the Avast analyst.

A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the NSA, Kaspersky said.

Although Microsoft released a security patch for the flaw earlier this year, many systems have yet to be updated, researchers said.

Source: TRTWorld and agencies