Unprecedented cyber attacks wreak global havoc
ALARMED: The hunt was on for the culprits behind the assault, which was being described as the biggest-ever cyber ransom attack
LONDON: Cyber security experts scrambled Saturday to contain the impact of an unprecedented global cyber attack that hit Russia’s banks, British hospitals, FedEx and European car factories.
The hunt was on for the culprits behind the assault, which was being described as the biggest-ever cyber ransom attack.
State agencies and major companies around the world were left reeling by the attacks which blocked access to files and demanded ransom money, forcing shutdowns of computer systems.
“The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits,” said Europol, Europe’s policing agency.
The attacks used ransomware, which locks users’ files unless they pay the attackers a designated sum in the virtual Bitcoin currency.
Images appeared on victims’ screens demanding payment of $300 (275 euros) in Bitcoin, saying: “Ooops, your files have been encrypted!”
Payment is demanded within three days or the price is doubled, and if none is received within seven days the files will be deleted, according to the screen message.
Mikko Hypponen, chief research officer at the Helsinki-based cyber security company F-Secure, said that the attack was “the biggest ransomware outbreak in history”, saying that 130,000 systems in more than 100 countries had been affected.
He said Russia and India were hit particularly hard, largey because tech giant Microsoft’s older Windows XP operating software was still widely used there.
Microsoft said the situation was “painful” and that it was taking “all possible actions to protect our customers”.
It issued guidance for people to protect their systems, while taking the “highly unusual step” of providing a security update “for all customers to protect Windows platforms that are in custom support only”, including Windows XP, Windows 8, and Windows systems.
US software firm Symantec said the majority of organisations affected were in Europe, and the attack was believed to be indiscriminate. The ransomware spreads through corporate networks, “without user interaction, by Server 2003 operating exploiting a known vulnerability Microsoft Windows,” it said.
The attacks apparently exploited a flaw exposed in documents leaked from the US National Security Agency (NSA).
In the United States, package delivery group FedEx acknowledged in it had been hit by malware and said it was “implementing remediation steps as quickly as possible.”
French carmaker Renault was forced to stop production at sites in France, Slovenia and Romania, saying the measure was aimed at stopping the virus from spreading.
Japanese carmaker Nissan’s plant in Sunderland, northeast England, was attacked but production shuts on Saturdays in any case.
Russia’s interior ministry said that some of its computers had been hit by a “virus attack” and that efforts were underway to destroy it.
The country’s central bank said the Russian banking system was attacked, and the railway system also reported attempted breaches.
The central bank’s IT attack monitoring centre “detected mass distribution of harmful software” but no “instances of compromise”, it said.
Germany’s Deutsche Bahn computers were also impacted, with the rail operator reporting that station display panels were affected. Some Italian universities were hit.
In a statement, computer security group Kaspersky Labs said it was “trying to determine whether it is possible to decrypt data locked in the attack — with the aim of developing a decryption tool as soon as possible.”
On Saturday, a cyber security researcher said he had accidentally discovered a “kill switch” that could prevent the spread of the ransomware.
The researcher, tweeting as @ MalwareTechBlog, said registering a domain name used by the malware stops it from spreading, though it cannot help computers already affected.