Ransomware victims scramble to restore services
‘WannaCry’ virus shut down computers worldwide
LONDON — A global “ransomware” cyberattack, unprecedented in scale, had technicians scrambling to restore Britain’s crippled hospital network Saturday and secure the computers that run factories, banks, government agencies and transport systems in many other nations.
The worldwide effort to extort cash from computer users spread so widely that Microsoft quickly changed its policy, making security fixes available for free for the older Windows systems still used by millions of individuals and smaller businesses.
A malware tracking map showed “WannaCry” infections popping up around the world. Britain canceled or delayed treatments for thousands of patients, even people with cancer. Train systems were hit in Germany and Russia, and phone companies in Madrid and Moscow. Renault’s futuristic assembly line in Slovenia, where rows of robots weld car bodies together, was stopped cold.
Britain’s home secretary said one in five of 248 National Health Service groups had been hit. Home Secretary Amber Rudd said all but six of the NHS trusts were back to normal Saturday.
The U.K.’s National Cyber Security Center was “working round the clock” to restore vital health services, while urging people to update security software fixes, run anti-virus software and back up their data elsewhere.
Who perpetrated this wave of attacks remains unknown. Two security firms — Kaspersky Lab and Avast — said they identified the malicious software in more than 70 countries. Both said Russia was hit hardest.
These hackers “have caused enormous amounts of disruption — probably the biggest ransomware cyberattack in history,” said Graham Cluley, a veteran of the anti-virus industry in Oxford, England.
And all this may be just a taste of what’s coming, another expert warned.
Computer users worldwide — and everyone else who depends on them — should assume that the next big “ransomware” attack has already been launched, and just hasn’t manifested itself yet, Ori Eisen, who founded the Trusona cybersecurity firm in Scottsdale, Ariz., said.
It could have been much worse if not for a young cybersecurity researcher who helped to halt its spread by accidentally activating a so-called “kill switch” in the malicious software.
The 22-year-old Britain-based researcher, identified online only as MalwareTech, explained Saturday that he spotted a hidden web address in the “WannaCrypt” code and made it official by registering its domain name.
That inexpensive move redirected the attacks to MalwareTech’s server, which operates as a “sinkhole” to keep malware from escaping.
“Because WannaCrypt used a single hardcoded domain, my registration of it caused all infections globally to believe they were inside a sandbox … thus we initially unintentionally prevented the spread,” the researcher said in his blog post.
His move may have saved governments and companies millions of dollars and slowed the outbreak before U.S.-based computers were more widely infected.
Indeed, while FedEx Corp. reported that its Windows computers were “experiencing interference” from malware — it wouldn’t say if it had been hit by the ransomware — other impacts in the U.S. were not readily apparent on Saturday.