Cyber Attack: Ransomware Infection Strikes Worldwide

Massive cyber attacks swept across the globe on Friday, which has been identified as ransomware campaign infecting a huge number of organisations around the world.

Computers in thousands of locations have apparently been locked by a program that demands $300 (£230) in Bitcoin.

Bitcoin wallets seemingly associated with the ransomware were reported to have started filling up with cash.

There have been reports of infections in more than 70 countries, including the UK, US, China, Russia, Spain, Italy and Taiwan.

Many security researchers are linking the incidents together.

The UK’s National Health Service (NHS) was also hit by a ransomware outbreak on the same day and screenshots of the WannaCry program were shared by NHS staff.

One cyber-security researcher tweeted that he had detected many thousands of cases of the ransomware – known as WannaCry and variants of that name – around the world.

“This is huge,” said Jakub Kroustek at Avast.

Another, at cyber-security firm Kaspersky, said that the ransomware had been spotted cropping up in 74 countries and that the number was still growing.

There were a number of reports that Russia had seen more infections than any other single country.

Russia’s interior ministry said it had “localised the virus” following an “attack on personal computers using Windows operating system”. It had reportedly earlier denied having been affected.

Several experts monitoring the situation have linked the infections to vulnerabilities released by a group known as The Shadow Brokers, which recently claimed to have dumped hacking tools stolen from the US National Security Agency (NSA).

A patch for the vulnerability was released by Microsoft in March, but many systems may not have had the update installed.

Microsoft said on Friday its engineers had added detection and protection against WannaCrypt. The company was providing assistance to customers, it added.

Some security researchers have pointed out that the infections seem to be deployed via a worm – a program that spreads by itself between computers.

Another firm that confirmed it had been caught out was delivery company FedEx, though it did not clarify in which territories it had been hit.

“Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware,” it said in a statement.

“We are implementing remediation steps as quickly as possible.”

Portugal Telecom also confirmed it was struck: “But none of our services were affected,” a spokeswoman told Reuters.

And a spokesman for Megafon, the second largest mobile phone network in Russia confirmed some of its computers had been infected also.

“This is a major cyber attack, impacting organisations across Europe at a scale I’ve never seen before,” said security architect Kevin Beaumont.

According to security firm Check Point, the version of the ransomware that appeared today is a new variant.

“Even so, it’s spreading fast,” said Aatish Pattni, head of threat prevention for northern Europe.

Unlike many other malicious programs, this one has the ability to move around a network by itself. Most others rely on humans to spread by tricking them into clicking on an attachment harbouring the attack code.

By contrast, once WannaCry is inside an organisation it will hunt down vulnerable machines and infect them too. This perhaps explains why its impact is so public – because large numbers of machines at each victim organisation are being compromised.

BBC