Scramble to limit damage after large-scale ransomware attack targets organizations across the world,
Virus spread via email locked computers and held users’ files for ransom across globe
LONDON— Evidence of the cyberattack that hit up to 100 countries continued to ripple around the world Saturday with reports of Chinese students unable to access their graduation theses, British doctors cancelling operations and passengers at train stations in Germany greeted by hacked messages on arrival and departure screens.
Individuals and organizations around the world were scrambling after the international attack, which began Friday and spread like wildfire, to limit the damage or put in place preventive measures.
The extortion attack, which locked up computers and held users’ files for ransom, is believed to be the biggest of its kind ever recorded, disrupting services in nations as diverse as the U.S., Russia, Ukraine, Spain and India.
It hit Britain’s beloved but creaky National Health Service (NHS) particularly hard, causing widespread disruptions and interrupting medical procedures in hospitals across England and Scotland. Thousands of operations, as well as routine weekend appointments, were cancelled.
During the attack on Britain’s NHS system, computer screens were locked by the malware that prompted the user to pay $300 in bitcoins or risk having their files erased.
Similar messages — written in local languages — popped up on screens across Europe.
As people fretted over whether to pay the digital ransom or lose data, experts said the attackers might eventually pocket more than $1 billion worldwide before the deadline ran out to unlock the computers.
But as of Saturday afternoon, the money raised by the attackers, who demanded payment using the virtual currency bitcoin, was much lower. Funds totalling about $33,000 were deposited into several bitcoin accounts associated with the ransomware, according to Elliptic, a company that tracks online financial transactions involving virtual currencies.
That figure will probably increase as deadlines approach for payment, security researchers said. Victims may also start digging into their wallets as others publicly confirm that paying the ransom actually unlocks their files.
In Germany, people posted pictures on social media of scheduling screens at train stations displaying the ransomware message. Deutsche Bahn, Germany’s national railway service, tweeted that its train service had not been compromised and that it was working to solve the problems.
Other targets in Europe included Telefonica, the Spanish telecom giant, and a local authority in Sweden, which said about 70 computers were infected.
On Saturday, it was still unclear who was behind the sophisticated attack, which spread via email.
“We’re not able to tell you who is behind that attack. That work is still ongoing,” Amber Rudd, Britain’s home secretary told the BBC.
TMT post, a Chinese online news outlet focusing on the Internet industry, reported that a number of Chinese universities had been affected by the attack.
According to Chinese magazine Caijing, some students’ graduation theses and projects have reportedly been encrypted.
In Russia, hacking attacks had been confirmed Saturday at the country’s Interior Ministry, which manages the police force, the Ministry of Health, the state-run Russian Railways and the telecommunications company Megafon. There were also reports that the powerful Investigative Committee, which investigates high-level crime, and several other telecommunications companies had been targeted.
The Interior Ministry said that 1,000 of its computers had been blocked by prompts demanding payment. By Friday evening, the ministry said it had “contained” the attack and denied that any of its information had been stolen.
“Russia has a very rickety, out-ofdate infrastructure, using not just outdated software but pirated, outof-date software,” said Mark Galeotti, a senior researcher at the Institute of International Relations Prague.
The bug, called Wanna Decrypt0r 2.0 — also known by names including WCry, WannaCry and WanaCrypt0r 2.0 — exploits a flaw that was identified in a stolen U.S. National Security Agency document.
The worldwide attack was so unprecedented that Microsoft quickly changed its policy and announced that it will make security fixes available for free for older Windows systems, which are still used by millions of individuals and smaller businesses. Microsoft released a patch to fix the problem in March, but computer systems that did not install the update remain vulnerable.
In Britain, which is in the middle of an election campaign, the cyberattack triggered criticism about the NHS’s aging computer systems.
The opposition Labour Party’s Jonathan Ashworth tweeted that the government had been complacent over cybersecurity. “We need answers on whether funding squeeze compromised security,” he wrote.
Rudd, the home secretary, stressed there was no evidence that patient data had been compromised, but said that there were lessons to learn.
“I would expect NHS trusts to learn from this and to make sure that they do upgrade,” she said. With files from The Associated Press and the New York Times