Cyber attack a wake-up call to all
150 countries infected so far
GOVERNMENTS and companies around the world have begun to gain the upper hand against the first wave of an unrivalled global cyber attack, even as the assault was poised to continue claiming victims this week.
More than 200 000 computers in at least 150 countries have so far been infected, according to Europol, the EU’s law enforcement agency. The UK’s National Cyber Security Centre said new cases of the socalled ransomware were possible “at a significant scale”.
New version
At Germany’s national Deutsche Bahn railroad, workers were labouring under “high pressure” yesterday to repair remaining glitches with train stations’ electronic departure boards, a spokesperson said.
A new version of the ransomware may have been spreading over the weekend. Matt Suiche, founder of United Arab Emirates-based cyber-security firm Comae Technologies, said about 10 000 machines had been infected by the second variation of the malware.
The malware used a technique purportedly stolen from the US National Security Agency. It affected the UK’s National Health Service (NHS), Russia’s Ministry of the Interior, China government agencies, car makers Nissan and Renault, PetroChina, logistics giant FedEx and hospital computer systems in countries from Eastern Europe to the US and Asia.
The hackers used the tool to encrypt files within affected computers, making them inaccessible, and demanded a ransom – typically $300 (R4 000) in bitcoin.
Russia and Ukraine had a heavy concentration of infections, according to Dutch security company Avast Software.
Microsoft president Brad Smith, in a blog post on Sunday, said the attack was a “wake-up call” for governments to stop stockpiling tools to exploit digital vulnerabilities. “They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world,” he said.
Last year an acutecare hospital in Hollywood paid $17 000 in bitcoin to an extortionist.
About 97 percent of UK facilities and doctors disabled by the attack were back to normal operation, Home Secretary Amber Rudd said after a government meeting. At the height of the attack on Friday and early Saturday, 48 organisations in the NHS were affected, and hospitals in London, north-west England and central England urged people with non-emergency conditions to stay away as technicians tried to stop the spread of the malicious software.
The initial attack was stifled when a security researcher disabled a key mechanism used by the worm to spread, but experts said the hackers were likely to mount a second attack because so many users of personal computers with Microsoft operating systems could not or did not download a security patch released in March that Microsoft had labelled “critical”.
Microsoft said in a blog post on Saturday that it was taking the “highly unusual“step of providing the patch for older versions of Windows it was otherwise no longer supporting, including Windows XP and Windows Server 2003.
While the scale of the attack shows that Microsoft needs to strengthen its own capabilities, “there is simply no way for customers to protect themselves against threats unless they update their system”, Smith said in his blog post. “Otherwise they’re literally fighting the problems of the present with tools from the past.
“This attack is a powerful reminder that information technology basics like keeping computers current and patched are a high responsibility for everyone, and it’s something every top executive should support.”
Ransom
Victims have paid about $50 000 in ransom so far, with the total expected to rise, said Tom Robinson, the chief operating officer and co-founder of Elliptic Enterprises, a ransomware consultant that works with banks and companies in the UK, US and Europe. Robinson said he calculated the total based on payments tracked to bitcoin addresses specified in the ransom demands.
Last year, an acute-care hospital in Hollywood paid $17 000 in bitcoin to an extortionist who hijacked its computer systems and forced doctors and staff to revert to pen and paper for record-keeping.
A spokesperson for Spain’s Telefonica said the hack affected some employees at its headquarters, but the phone company was attacked frequently and the impact of Friday’s incident was not major.
Renault halted production at some factories to stop the virus from spreading, a spokesperson said on Saturday, while Nissan’s car plant in Sunderland, in north-east England, was affected without causing any major impact on business, an official said.
Russia’s Interior Ministry, with oversight of the police forces, said about “1 000 computers were infected”, which it described as less than 1 percent of the total, according to its website.
In China, the malware affected computers at “several” unspecified government departments, the country’s Cyberspace Administration said yesterday. Since that initial attack, agencies and companies have put preventive measures in place, while Qihoo 360 Technology, Tencent and other cybersecurity firms have begun making protection tools available.
The China National Petroleum Corporation said some of its 21 000 petrol stations had seen their digital payment systems disabled by the attack. – Bloomberg