Massive Cyber-Attack Hits Targets Across the Globe
A massive cyber-attack that started today with Britain’s National Health System (NHS) organization has now spread to 74 countries. Affected countries include the UK, US, China, Russia, Ukraine, Spain, Italy and Taiwan. The malware attack is a massive infection of Windows based personal computers. Once infected, the virus locks users out of their own computers. The malware demands $300 (£230) in Bitcoin to return access to the infected computer. The ransom doubles after three days and threatens to erase all data contained on each computer after ten days elapse.
Ransomware is a type of malware that disables computers and demands something –generally money – in exchange for control or access to an IT system. Ransomware does not typically involve data loss. Ransomware can affect individual computers or entire networks.
Malware, also known as a virus, can spread from computer to computer when a user opens an attachment or forwards an infected email. Access to the infected system is restored once the ransom is paid. In the case of Friday’s cyber-attack, the malware is capable of spreading on its own.
NHS reports that no patient data is lost, although no one can access data.
The ransomware has infected computers at European firms such as FedEx, Portugal Telecom, and Megafon, which is a Russian mobile phone network. Russian Interior Ministry computers were the most frequently hit with over 1,000 computers (1%) infected with the malware. Russia reports that they have contained the malware.
British Prime Minister, Theresa May stated, “This is not targeted at the NHS, it’s an international attack and a number of countries and organisations have been affected.”
Spain’s Cybersecurity National Institute (INCIBE) stated late Friday night, that many companies that had lost control of their computers had regained Access. INCIBE did not identify the affected companies.
France’s government cyber security agency, Agence nationale de la sécurité des systèmes d’information (ANSSI) reported that no French computers were infected.
The malware has not spread to the United States.
Windows is an operating system developed by the American company, Microsoft. A patch for the vulnerability was released by Microsoft in March 2017. For unpatched computers, the recommended course of action is to disconnect computers from the internet until patches are installed and the malware is removed.
Microsoft engineers added detection and protection against the malware today and noted that the March patch provides additional protections against the malware.
The perpetrators of the attack are a group known as the Shadow Brokers who have been releasing cyber-attack programs that were stolen from the American National Security Agency’s NSA. The ransomware, Wana Decrypt0r, also known as ‘WannaCryptor’ or ‘WCRY’ is a variant of malware WannaCry and based on the (NSA) hack tool known as Eternal Blue. Many of the NSA’s spyware and hacking tools were stolen by WikiLeaks and posted online in 2016 ago. The name of the Microsoft update that patches this vulnerability is named WannaCrypt.
The Shadow Brokers have been releasing other NSA developed cyber-attack programs for months via file sharing services.
*Image Source: Gillian Hann via Twitter