At least 100000 groups in 150 countries hit by ransomware

Francis Harris
May 15, 2017

The NHS confirmed this afternoon that 16 of its organisation had been hit by a ransomware attack, after numerous trusts had confirmed they were experiencing "significant problems" with IT and telephone networks. It's fine to say we shouldn't negotiate with hackers demanding ransom - though the people who say that nearly always do - but when the target is an emergency room, and lives are at stake, there's really no choice.

The attack is believed to be the biggest online extortion attack ever recorded, with victims including Britain's hospital network and Germany's national railway.

The ransomware exploited a vulnerability that has been patched in updates of recent versions of Windows since March.

Microsoft cited its March security update and said it had added detection and protection against the new malware after it was reported.

A message saying "Oops, your important files are encrypted" flashed across screens all over the world. It demands users pay 300 dollars worth of cryptocurrency Bitcoin to retrieve their files, as per the agency and spreads easily when it encounters unpatched or outdated software. It uses an exploit in Windows to spread from computer to computer, which explains the rapid worldwide spread.

"That is a huge concern right now", Darien Huss, a senior security research engineer at Proofpoint who was among the researchers who helped disable the virus, called "WannaCry", told ABC News Saturday.

Huss is also anxious about copycats, who could "take the exploit code that was used in this attack and implement it into their own virus".

Europe, Latin America and parts of Asia were hit particularly hard, although in the United States, FedEx also reported falling prey to the malware.

Britain's National Health Service says hospitals across the country have been hit by a "ransomware" cyberattack but there is no evidence that patient data has been accessed.

"There's clearly some culpability on the part of the US intelligence services". Intelligence officials wouldn't comment on the authenticity of the claims.

A red-coloured "critical alert" has been issued by the Computer Emergency Response Team of India (CERT-In), the nodal agency to combat hacking, phishing and to fortify security- related defences of the Indian Internet domain.

However, the WannaCrypt ransomware worm has been found to be spreading by targeting out-of-date systems, prompting Microsoft to now make the security update available for all platforms, including those receiving custom support only - Windows XP, Windows 8, and Windows Server 2003. "It's one that Microsoft delivered a solution for, but a lot of people haven't used it".

A spokesman for Telefonica said the hack affected some employees at its headquarters, but the Spanish phone company is attacked frequently and the impact of Friday's incident wasn't major.

Meanwhile the spread of WannaCry has been slowed down somewhat after a security researcher registered one of the domain names mentioned in the program's code, the Guardian reports. According to the report, a researcher who identified himself as MalwareTech and works for Kryptos logic stopped the attack. "We verified it and turned the information over to the Federal Bureau of Investigation".

NHS Merseyside, which operates several hospitals in northwest England, tweeted that "following a suspected national cyberattack, we are taking all precautionary measures possible to protect our local NHS systems and services".

In a statement Friday, Microsoft said it had taken further steps to protect systems against the malware.

Other reports by TheDigitalNewspaper

Discuss This Article