There was an unprecedented cyber-attack of a global scale that spread to over 150 countries affecting thousands of organizations in a matter of hours. This attack affected even some of the highly ‘fortified’ countries including Germany, the UK,China,Russia among others paralyzing health Care services, transport systems among other key industries.
Now Cybersecurity experts warn that hundreds of thousands of computer users across the globe remain vulnerable following this large-scale virus attack in recent days. The so-called ‘ransomware’ virus struck governments and companies around the world, as Henry Ridgwell reports from London.
Security researchers with Kaspersky Lab have recorded more than 45,000 attacks in 99 countries, including the UK, Russia, Ukraine, India, China, Italy, and Egypt. In Spain, major companies including telecommunications firm Telefónica were infected.
By Friday evening, the ransomware had spread to the United States and South America, though Europe and Russia remained the hardest hit, according to security researchers Malware Hunter Team. The Russian interior ministry says about 1,000 computers have been affected.
Markus Jakobsson, chief scientist with security firm Agari, said that the attack was “scattershot” rather than targeted.
“It’s a very broad spread,” Jakobsson said, noting that the ransom demand is “relatively small”.
“This is not an attack that was meant for large institutions. It was meant for anyone who got it.”
The malware was made available online on 14 April through a dump by a group called Shadow Brokers, which claimed last year to have stolen a cache of “cyber weapons” from the National Security Agency (NSA). At the time, there was skepticism about whether the group was exaggerating the scale of its hack.
On Twitter, whistleblower Edward Snowden blamed the NSA.
“It’s very easy for someone to say that, but the reality is the US government isn’t the only one that has a stockpile of exploits they are leveraging to protect the nation,” said Jay Kaplan, CEO of Synack, who formerly worked at the NSA.
“It’s this constant tug of war. Do you let intelligence agencies continue to take advantage of vulnerabilities to fight terrorists or do you give it to the vendors and fix them?”
The NSA is among many government agencies around the world to collect cyber weapons and vulnerabilities in popular operating systems and software so they can use them to carry out intelligence gathering or engage in cyberwarfare. The agency did not immediately respond to a request for comment.
Ransomware is a type of malware that encrypts a user’s data, then demands payment in exchange for unlocking the data. This attack used malicious software called “WanaCrypt0r 2.0” or WannaCry, that exploits a vulnerability in Windows. Microsoft released a patch (a software update that fixes the problem) for the flaw in March, but computers that have not installed the security update remain vulnerable.
“This was eminently predictable in lots of ways,” said Ryan Kalember from cybersecurity firm Proofpoint. “As soon as the Shadow Brokers dump came out everyone [in the security industry] realized that a lot of people wouldn’t be able to install a patch, especially if they used an operating system like Windows XP [which many NHS computers still use], for which there is no patch.”
The ransomware demands users pay $300 worth of cryptocurrency Bitcoin to retrieve their files, though it warns that the “payment will be raised” after a certain amount of time. Translations of the ransom message in 28 languages are included. The malware spreads through email.