Kill switch halts spread … Risk of fresh strikes
LONDON, May 13, (Agencies): Cyber security experts rushed to restore systems on Saturday after an unprecedented global wave of cyberattacks that struck targets ranging from Russia’s banks to British hospitals and a French carmaker’s factories.
The hunt was on for the culprits behind the assault, which was being described as the biggest cyber ransom attack ever. State agencies and major companies around the world were left reeling by the attacks which blocked access to files and demanded ransom money, forcing them to shut down their computer systems.
“The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits,” said Europol, Europe’s policing agency. The attacks, which experts said affected dozens of countries, used a technique known as ransomware that locks users’ files unless they pay the attackers a designated sum in the virtual Bitcoin currency.
Mikko Hypponen, chief research officer at the Helsinki-based cyber security company F-Secure, told AFP that the attack was “the biggest ransomware outbreak in history”, saying that 130,000 systems in more than 100 countries had been affected. He said that Russia and India were hit particularly hard, in large part because the older Windows XP operating software is still widely used in the countries. The attacks apparently exploited a fl aw exposed in documents leaked from the US National Security Agency (NSA).
The attacks hit a whole range of organisations and businesses worldwide. French carmaker Renault was forced to stop production at sites in France and Slovenia, saying the measure was aimed at stopping the virus from spreading. In the United States, package delivery group FedEx acknowledged it had been hit by malware and said it was “implementing remediation steps as quickly as possible.” Russia’s interior ministry said that some of its computers had been hit by a “virus attack” and that efforts were underway to destroy it.
The country’s central bank said the banking system was hit, and the railway system also reported attempted breaches. The central bank’s IT attack monitoring centre “detected mass distribution of harmful software” but no “instances of compromise”, it said. Russia’s largest bank Sberbank said its systems “detected in time attempts to penetrate bank infrastructure”.
Germany’s Deutsche Bahn computers were also impacted, with the rail operator reporting that station display panels were affected. In a statement, computer security group Kaspersky Labs said it was “trying to determine whether it is possible to decrypt data locked in the attack — with the aim of developing a decryption tool as soon as possible.”
On Saturday, a cyber security researcher told AFP he had accidentally discovered a “kill switch” that could prevent the spread of the ransomware. The researcher, tweeting as @MalwareTechBlog, said that the discovery was accidental, but that registering a domain name used by the malware stops it from spreading. Computers already affected will not be helped by the solution.
But @MalwareTechBlog warned that the “crisis isn’t over” as those behind it “can always change the code and try again”. The malware’s name is WCry, but analysts were also using variants such as Wanna- Cry. Britain’s National Cyber Security Centre and its National Crime Agency were looking into the UK incidents, which disrupted care at National Health Service facilities, forcing ambulances to divert and hospitals to postpone operations.
Pictures on social media showed screens of NHS computers with images demanding payment of $300 (230 pounds, 275 euros) in Bitcoin, saying: “Ooops, your files have been encrypted!” It demands payment in three days or the price is doubled, and if none is received in seven days the files will be deleted, according to the screen message. “Ransomware becomes particularly nasty when it infects institutions like hospitals, where it can put people’s lives in danger,” said Kroustek, the Avast analyst. A hacking group called Shadow Brokers released the malware in April claiming to have discovered the fl aw from the NSA, Kaspersky said.
The worldwide attack was so unprecedented that Microsoft quickly changed its policy and announced that it will make security fixes available for free for older Windows systems, which are still used by millions of individuals and smaller businesses.
In Russia, where a wide array of systems came under attack, officials said services had been restored or the virus contained. The extortion attack, which locked up computers and held users’ files for ransom, is believed to be the biggest of its kind ever recorded, disrupting services in nations as diverse as the US, Russia, Ukraine, Spain and India. Europol, the European Union’s police agency, said the onslaught was at “an unprecedented level and will require a complex international investigation to identify the culprits.” The ransomware appeared to exploit a vulnerability in Microsoft Windows that was purportedly identified by the US National Security Agency for its own intelligence-gathering purposes and was later leaked to the internet.
Before Friday’s attack, Microsoft had made fixes for older systems, such as 2001’s Windows XP, available only to mostly larger organizations that paid extra for extended technical support. Microsoft says now it will make the fixes free for everyone. It was not yet known who perpetrated Friday’s attacks. Two security firms — Kaspersky Lab and Avast —said they had identified the malicious software behind the attack in over 70 countries, although both said the attack had hit Russia the hardest. In Britain, the National Cyber Security Center said it is “working round the clock” with experts to restore vital health services. British Home Secretary Amber Rudd — who was chairing a government emergency security meeting Saturday in response to the attack — said 45 public health organizations were hit, though she stressed that no patient data had been stolen.
The attack froze computers at hospitals across the country, with some canceling all routine procedures. Patients were asked not to go to hospitals unless it was an emergency and even some key services like chemotherapy were canceled. Security officials in Britain urged organizations to protect themselves from ransomware by updating their security software fixes, running antivirus software and backing up data elsewhere.