Massive ransomware attack hits countries around the globe

By   /  May 14, 2017  /  Comments Off on Massive ransomware attack hits countries around the globe

    Print       Email

MIL OSI China

Source: China State Council Information Office

Headline: Massive ransomware attack hits countries around the globe

Kaspersky Lab has recorded more than 45,000 attacks of ransomware in 74 countries around the world as of Friday.

The attack, boiling down to a computer virus that makes users’ computers useless unless a payment is made to those who hacked their system, has prompt wide alarm around the globe.

Here is what the ransom screen looks like (Chinese version) when a victim is hit with WannaCry. [File photo] 

The assault, described as the biggest-ever cyber ransom attack, struck state agencies and major companies around the world — from Russian banks and British hospitals to FedEx and European car factories.

“WannaCry”

The multinational cybersecurity and anti-virus provider’s Global Research and Analysis Team said in a web posting that in these attacks, data is encrypted with the extension “.WCRY” added to the filenames.

The attack by the ransomware, dubbed “WannaCry,” is initiated through an SMBv2 remote code execution in Microsoft Windows.

The exploit, codenamed “EternalBlue,” has been made available on the internet through the Shadowbrokers dump on April 14 and patched by Microsoft on March 14.

“It’s important to understand that while unpatched Windows computers exposing their SMB services can be remotely attacked with the ‘EternalBlue’ exploit and infected by the WannaCry ransomware,” Kaspersky Lab noted.

“The lack of existence of this vulnerability doesn’t really prevent the ransomware component from working. Nevertheless, the presence of this vulnerability appears to be the most significant factor that caused the outbreak,” it warned.

The WannaCry malware encrypts the files and also drops and executes a decryptor tool. Images appeared on victims’ screens demanding payment of $300 in Bitcoin, saying: “Ooops, your files have been encrypted!”

Payment is demanded within three days or the price is doubled, and if none is received within seven days the files will be deleted, according to the screen message.

As not all ransomware provides this timer countdown, the WannaCry attack shows computer users that “payment will be raised” after a specific countdown, along with another display raising urgency to pay up, threatening that the user will completely lose their files after the set timeout, the team said.

It added that to make sure the user doesn’t miss the warning, the tool changes the user’s wallpaper with instructions on how to find the decryptor tool dropped by the malware.

Wide range of victims

Kaspersky Lab has confirmed additional infections in a group of countries, including China, Ukraine, Russia, India and more.

The cryptology branch of Spain’s National Center for Intelligence (CNI) also confirmed on Friday that several Spanish companies, including multinational telecommunications giant Telefonica, have suffered the “massive” cyber attack.

The Spanish media reported that Telefonica bore the brunt of the attack, which caused the crash of the computers of Telefonica personnel at the company’s Madrid headquarters, leaving them with blue screens and also halting other devices.

Other businesses thought to have been attacked by the virus included consultancy firms, banks and energy companies.

Hospitals in Britain also suffered from a similar attack on Friday. The National Health Service (NHS) issued an alert and confirmed infections at 16 medical institutions, but it remained unclear whether the incidents are connected with each other.

Sweden’s Timra municipality was struck by WannaCry Friday afternoon, Swedish public broadcaster SVT reported.

A variation of the virus has infected Windows system and encrypts files locally and on shared services, and at least 70 computers were affected, as screens turned blue and then black on several of the municipalities’ computers.

After the computers were rebooted, users got a message saying that the computers were encrypted and they had to pay to regain access to the content. Right now it appeared that there was no risk to life or health, according to Sweden’s national Computer Emergency Response Team, although some of the administrative personnel were not able to do their work.

Andreaz Stromgren, head of the municipality’s administrative offices, estimated that as many as 100 could have been infected before they stopped it from spreading.

Denmark is also one of the victims affected by the massive hacker attack.

“I can see on our map that Denmark has been tried to be attacked in the first hours of the attack,” Leif Jensen, director of IT security company Kaspersky’s Nordic department, was quoted by Danish TV2 channel as saying.

Mikko Hypponen, chief research officer at the Helsinki-based cyber security company F-Secure, told AFP it was the biggest ransomware outbreak in history, saying that 130,000 systems in more than 100 countries had been affected.

He said Russia and India were hit particularly hard, largely because Microsoft’s Windows XP — one of the operating systems most at risk — was still widely used there.

French police said there were “more than 75,000 victims” around the globe, but cautioned that the number could increase “significantly”.

US software firm Symantec said the majority of organisations affected were in Europe, and the attack was believed to be indiscriminate.

The companies and government agencies targeted were diverse.

In the United States, package delivery group FedEx said it was “implementing remediation steps as quickly as possible,” while French carmaker Renault was forced to stop production at sites in France, Slovenia and Romania.

Russia’s interior ministry said some of its computers had been hit by a “virus attack” and that efforts were underway to destroy it. The country’s banking system was also attacked, although no problems were detected, as was the railway system.

Germany’s rail operator Deutsche Bahn said its station display panels were affected. Universities in Greece and Italy also were hit.

So far it is unclear who is behind the attack.

Manhunt for hackers

International investigators hunted Saturday for those behind an unprecedented cyber-attack that affected systems in dozens of countries, including at banks, hospitals and government agencies, as security experts sought to contain the fallout.

“The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits,” said Europol, Europe’s police agency.

Europol said a special task force at its European Cybercrime Centre was “specially designed to assist in such investigations and will play an important role in supporting the investigation”.

The attacks used ransomware that apparently exploited a security flaw in Microsoft operating systems, locking users’ files unless they pay the attackers a designated sum in the virtual currency Bitcoin.

But experts and government alike warn against ceding to the hackers’ demands.

“Paying the ransom does not guarantee the encrypted files will be released,” the US Department of Homeland Security’s computer emergency response team said.

“It only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information.”

    Print       Email