Massive Ransomware Attack Hits Over 99 Countries
Avast, one of the largest cyber security firms said that it had identified over 75,000 cases of ransomware, known as WannaCry & variants of that name, in over 99 countries, making it one of the broadest as well as most damaging cyber attacks in history.
Most of the attacks targeted Taiwan, Russia and Ukraine. But Chinese universities, U.K. hospitals as well as global firms like Fedex (FDX) have also been hit.
Among the worst hit was the NHS or National Health Service in England & Scotland.
According to Europol, the attack was of an “unprecedented level and requires international investigation.”
The ransomware first locks down all the files on an infected system & then ask the system’s administrator to pay if they want to regain control of them.
WannaCry uses a known vulnerability in the Windows operating system, jumping between PC & PC. The weakness was first revealed as part of a huge leak of NSA hacking tools and known weaknesses by an anonymous group “Shadow Brokers” last month.
In the wake of the attack, Microsoft had released a patch for computers that are running older OS including Windows XP, Windows 8 as well as Windows Server 2003.
“Affected machines have six hours to pay up and every few hours the ransom goes up,” said Kurt Baumgartner, the principal security researcher at security firm Kaspersky Lab. “Most folks that have paid up appear to have paid the initial $300 in the first few hours.”
In the UK, 16 National Health Service organizations have been hit. Some of those hospitals had to cancel their outpatient appointments as well as ask people to avoid emergency departments if it’s possible. The NHS said that patient information had not been compromised.
The internet security company Qihoo360 in China had issued a “red alert” saying that a huge number of colleges as well as students had been affected by the ransomware, also referred to as “WannaCrypt.” State media has also reported that at Petrochina gas stations, customers were forced to pay cash as digital payment systems there were offline.
“Global internet security has reached a moment of emergency,” Qihoo360 warned.
Telefónica (TEF), a Spanish telecom company, was also hit with the ransomware. Spanish authorities have confirmed that the ransomware is spreading through the vulnerability, known as “EternalBlue,” & recommended people to patch.
“It is going to spread far and wide within the internal systems of organizations — this is turning into the biggest cyber security incident I’ve ever seen,” said U.K. based security architect Kevin Beaumont.
The U.S. Department of Homeland Security encouraged people to update their operating systems. “We are actively sharing information related to this event and stand ready to lend technical support and assistance as needed to our partners, both in the United States and internationally,” said the department.
Kaspersky Lab said even though WannaCry can infect computers even without the vulnerability, “the most significant factor” in the global outbreak is EternalBlue.
How can you prevent it?
A sample of the ransomware used to target NHS was examined by Beaumont and he confirmed that it was the same that was used to target Telefónica. He asked companies to apply the patch released in March in order to prevent WannaCry infections. However, it will not do any good for already infected machines.
He also said that the ransomware is automatically scanning for PCs that it can infect whenever it loads itself onto a new machine. It can infect other PCs on the same wireless network.
“It has a ‘hunter’ module, which seeks out PCs on internal networks,” Beaumont said. “So, for example, if your laptop is infected and you went to a coffee shop, it would spread to PCs at the coffee shop. From there, to other companies.”
According to Matthew Hickey, the founder of the security firm Hacker House, this ransomware attack is not surprising. It shows that many companies do not apply updates on a regular basis.