Dozens of countries hit by huge cyberextortion attack

Two security firms - Kaspersky Lab and Avast - said they had identified the malicious software behind the attack in over 70 countries, although both said the attack had hit Russian Federation the hardest.

Security firm Kaspersky Lab reported that by 2:30 p.m. ET May 12 it had already seen more than 45,000 WannaCry attacks in 74 countries.

The scope of the attacks was not immediately clear, but some analysts reported that dozens of countries had been affected, with the malware linked to attacks on hospitals in Britain as well as the Spanish telecom giant Telefonica and the USA delivery firm FedEx.

Europol's European Cybercrime Centre, EC3, said in a statement today that the attack was "at an unprecedented level and will require a complex global investigation to identify the culprits". It does so by incorporating a hacking tool that security researchers suspect came from the NSA and was leaked online last month. Microsoft released patches for all supported versions of Windows on the March 2017 patch day. But computers and networks that didn't update their systems were still at risk.

Microsoft stopped supporting Windows XP several years ago, though because some users and businesses (including government agencies) are still clinging to the legacy operating system, it has been known to release patches for more serious security threats. Numerous machines attacked today have been breached simply because the latest Windows updates have not been applied quickly enough, but there are still organizations that continue to run Windows XP despite the risks.

In a post today, UK-based security researcher MalwareTech described how he checked a cyber threat sharing platform after returning home from lunch to discover that National Health Service systems across Britain were being hit by a cyberattack.

A large-scale cyberattack that experts have long warned organizations about hit the internet Friday, crippling emergency services and forcing experts to scramble to respond. But it appears to be "low-level" stuff, given the amounts of ransom demanded, Eisen said Saturday.

The size, scope, and range of companies hit in this attack is extraordinary. What began with an attack on users of Spain's largest telecom service then spread to the United Kingdom, where at least 16 National Health Services centers had their files "frozen", with the attackers demanding money to decrypt the frozen files. But it didn't stop there: A few hours later, news came down that the largest phone and utility companies in Spain were also being hit.

He said the Federal Government was closely monitoring the situation.

In a statement, computer security group Kaspersky Labs said it was "trying to determine whether it is possible to decrypt data locked in the attack - with the aim of developing a decryption tool as soon as possible". "It would not be very hard at all to re-release this ransomware attack without a kill switch or without an approved kill switch that only they can activate".

Beaumont examined a sample of the ransomware used to target NHS and confirmed it was the same used to target Telefónica. Those that don't have it enabled should immediately deploy Microsoft Security Bulletin MS17-010.

The Industry Ministry says the attack affected the Windows operating system of employees' computers, blocking files and demanding a ransom to free up the system.

It means that if your computer is infected and you go to a coffee shop, the ransomware would infect other PCs that are connected to the coffee shop's network. "From there, to other companies".

WanaCrypt0r 2.0 is what is known as "ransomware", which encrypts the storage of a given computer and displays a lock screen preventing you from using your computer.

There are fears that the number of infections could rise further this week, as workers return to their places of employment and start up unpatched Windows computers. They should also update their computers so hackers and malware can't infect them.


Popular

CONNECT