Tens of thousands of computers in 99 countries have been infected by a ransomware virus which extorts users by blocking Windows files and demanding payment to restore access.
14 May 2017
The cyberattack has hit some 200,000 victims in over 150 countries, Europol Director Rob Wainwright told ITV.
“The global reach is unprecedented. The latest count is over 200,000 victims in at least 150 countries, and those victims, many of those will be businesses, including large corporations,” he said.
“At the moment, we are in the face of an escalating threat. The numbers are going up; I am worried about how the numbers will continue to grow when people go to work and turn [on] their machines on Monday morning,” he added.
The UK is spending 50 million pounds ($64 million) to improve the cybersecurity of NHS computer networks, Defence Minister Michael Fallon told BBC’s Andrew Marr Show.
“We set aside 1.9 billion pounds to protect us better against cyber, and a large chunk of that went to the NHS,” the official said.
“We are spending around 50 million pounds on the NHS cyber systems to improve their security, we’ve encouraged the NHS trusts to reduce their exposure to the weakest system, the Windows XP... and there is money available to strengthen these systems.”
The WannaCry attack infection has spread to some 126,000 computers in 104 countries, cybersecurity firm Avast has reported. Russia, Ukraine, and Taiwan appear to be the countries most affected by the ransomware, with 57 percent of the infection reports coming from Russia.
13 May 2017
A young cybersecurity researcher has been credited with helping to halt the spread of the global ransomware cyberattack by accidentally activating a so-called "kill switch" in the malicious software. The Guardian newspaper reported Saturday that the 22-year-old Britain-based researcher, identified online only as MalwareTech, found that the software's spread could be stopped by registering a garbled domain name. The paper quoted the researcher as saying: "This is not over. The attackers will realize how we stooped it, they'll change the code and then they'll start again." He urged Windows users to update their systems and reboot. (The Associated Press)
Romanian car manufacturer Dacia, owned by French company Renault, said that some of its production had been hit by the WannaCry global ransomware cyberattack that has affected computers in almost 100 countries, Reuters reports. “Part of Dacia’s production in Mioveni has been affected by disfunctionalities of IT systems and some employees were sent back home,” the carmaker said in a statement. “The measure was taken to prevent extending the disfunctions, which at first glance are a consequence of the global cyber attack.”
The UK government still hasn't discovered the perpetrators of the attack, or the pattern according to which it spread.
"We're not able to tell you who's behind the attack. That work is still ongoing," Home Secretary Amber Rudd told BBC Radio. "The virus feels random in terms of where it's gone to and where it's been opened."
Deutsche Bahn, a German railway company, has confirmed on Twitter that it fell victim to the massive cyberattack.
“Trojan [malware]: train traffic hasn’t been affected. Some electronic boards at stations [announcing arrivals/departures] have been affected,” it said in a statement.
Computer networks of the German government were not affected during the cyberattack, the country’s interior ministry tweeted.
At least two of Indonesia's major hospitals have been struck in the "ransomware" cyber attack that infected computers globally, a government official said on Saturday. Dharmais Hospital and Harapan Kita Hospital in Jakarta are affected by the ransomware, said Semuel Pangerapan, a director general at Indonesia's Communication and Information Ministry. "Efforts to localise the infected server are underway to prevent (the ransomware) from spreading," he said, adding that his ministry was working with other authorities, including the Health Ministry, to solve the problem. (Reuters)
Russian Railways was among the companies compromised by the WannaCry ransomware, while Russian banks successfully blocked Friday’s hack attacks.
“The IT system of Russian Railways has been attacked by a virus. The virus has been isolated. The work to eliminate it and upgrade anti-virus protection is currently underway,” the company told TASS news agency.
Russian Railways said the infection did not cause disruption to its transportation services.
Several Russian banks were also attacked by the malware, but their computer networks were not penetrated, the cybersecurity monitoring center FinCert, which is operated by Russia’s central bank, reported on Saturday.
READ MORE: Russian banks, railway giant among targets of WannaCry ransomware allegedly linked to NSA
French multinational automobile manufacturer Renault halted production at French sites following the cyberattack, a Renault spokeswoman told AFP.
The shutdown “is a part of protection measures that have been taken to prevent the spread of the virus,” the spokeswoman added.
Britain's National Cyber Security Center says teams are working "round the clock" to restore hospital computer systems after a global cyberattack that hit dozens of countries forced British hospitals to cancel and delay treatment for patients. The attack, which locked up computers and held users' files for ransom, was believed the biggest of its kind ever recorded. British Home Secretary Amber Rudd said Saturday that 45 public health organizations were hit, but she stressed that no patient data had been stolen. (The Associated Press)
UK Home Secretary Amber Rudd said the authorities are not able to say who is behind that attack. “That work is still ongoing. We don’t know anymore about where it has come from at the moment. We know it has affected up to 100 countries and it wasn’t targeted at the NHS,” she said. According to Rudd, it is the type of virus that works particularly effectively between systems that are connected to each other, so it is more likely to impact larger organizations than individuals.
G7 finance ministers are planning to join forces against international cyberattacks, Reuters reports, citing a draft statement for a meeting which G7 finance chiefs are holding in in Bari, Italy.
“We recognise that cyber incidents represent a growing threat for our economies and that appropriate economy-wide policy responses are needed,” the draft statement reads.
Italian Finance Minister Pier Carlo Padoan said that the meetings on cyberattacks, which had been scheduled before Friday’s hacking attack, were “unfortunately very timely,” Reuters says.
Over 100,000 systems have been infected worldwide over the past 24 hours, according to the Avast reverse engineer and malware researcher as well as the public MalwareTech tracker.
Spain's National Cybersecurity Institute, INCIBE, announced late on Friday that many of the country's corporations are regaining control over their systems and resuming operations following the global ransomware attack. INCIBE also said that many Spanish companies were able to dodge the malware after being alerted on time.
Britain and Spain have asked Europol to help investigate the ransomware cyberattacks, a spokesman for the European Union's police agency, Jan Op Gen Oorth, announced without elaborating further.
Wannacry malware has so far failed to penetrate any French targets, claimed an anonymous official with the country's cybersecurity watchdog, according to AP. The watchdog – Agence nationale de la sécurité des systèmes d'information (ANSSI) – is meanwhile urging Internet users to take steps to shield themselves from ransomware.
The US Department of Homeland Security says it is ready to lend technical support in battling the malignant ransomware. The agency also announced late Friday that it is now sharing information on the virus with domestic and foreign partners.
The system used by German railways are affected by the ransomware. Twitter pictures from users show that the display monitors in some stations, including Frankfurt and Neustadt, have been jeopardized.
12 May 2017
The Russian Health Ministry has successfully fended off hacker attacks on its servers, Nikita Odintsov, assistant to the head of the Ministry announced on Twitter.
The activity of the WannaCry ransomware in the Russian Interior Ministry’s systems has been “localized,” according to spokeswoman Irina Volk.
“The leakage of official information from the information resources of the Interior Ministry is completely excluded,” she added.
Earlier, Volk said that less than one percent of the PCs at Russia’s Interior Ministry running Microsoft Windows were infected with the malware while all the critical systems based on Russian-made architecture were totally safe.
German Federal Office for Information Security (BSI0) issued a warning via Twitter “strongly advising” to install the Microsoft patch MS17-010.
In addition, the BSI stated that the Microsoft patch prevents the exploitation of a security breach and reminded that regular backups of the computer files are particularly important.
PC users with Windows updates on their computers are protected against the most recent malware attack, Microsoft said in a statement.
“Those who are running our free antivirus software and have Windows Update enabled, are protected. We are working with customers to provide additional assistance,” the company said.
“It would be deeply troubling if the NSA knew about this vulnerability but failed to disclose it to Microsoft until after it was stolen,” Patrick Toomey, a staff attorney with the ACLU National said in a statement.
“These attacks underscore the fact that vulnerabilities will be exploited not just by our security agencies, but by hackers and criminals around the world. It is past time for Congress to enhance cybersecurity by passing a law that requires the government to disclose vulnerabilities to companies in a timely manner,” he added.
Bruno Kramm, the chairman of the Berlin branch of the Pirate Party, said that a lot of vulnerabilities lie in the backdoors built into many, especially outdated, operating systems, and that we must rethink our approach to cybersecurity.
“We should much more work with open-source software, with Linux systems which are open-source, and we have to use encryption, and we have to take more security measures for the more dangerous infrastructure, for example hospitals.” he told RT.
Kramm also believes that the leaked NSA tools helped facilitate the attack.
“But the sad thing is the more we find out [about] the NSA having this software, the more we also know that this software is also of course traded. There is no software which you can keep inside of the system. From the moment the NSA works with the software, you can also get the software, and once you get the software you can use it in your own way. So basically it’s really a problem they have started.”
One of Russia's largest banks, the state-owned Sberbank, said it had also detected attempts to target its computers but no malware penetrated their systems.
FedEx Corporation, the American multinational delivery services company, said it is dealing with the same type of cyberattack.
“Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware. We are implementing remediation steps as quickly as possible. We regret any inconvenience to our customers,” a FedEx spokesperson told RT.
The UK National Health Service has been attacked by ransomware as well, presumably by Wanna Decryptor, the NHS said in a statement.
“At this stage we do not have any evidence that patient data has been accessed,” the statement said, adding, that the National Cyber Security Centre is assisting in dealing with the malware.
"Several" computers of Russia's Emergency Ministry had also been targeted, its representative told TASS, adding, that "all of the attempted attacks had been blocked, and none of the computers were infected with the virus."
In the wake of the attack, WikiLeaks reminded of its release of a series of leaks on the Central Intelligence Agency (CIA), code-named "Vault 7," back in March.
Claiming that "the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans," the whistleblowing site said the lost data "amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA."
"Once a single cyber 'weapon' is 'loose' it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike," WikiLeaks warned in their release.
Computers at Russia's Interior Ministry have been infected with the malware, the ministry said Friday evening.
Some 1,000 Windows-operated PCs were affected, which is less than one percent of the total number of such computers in the ministry, spokeswoman, Irina Volk said in a statement.
The virus has been localized and steps are being taken to eliminate it.
The servers of the ministry has not been affected, Volk added, saying it’s operated by different systems; for Russia-developed data processing machines.
Microsoft has been providing additional assistance to its clients in the wake of the attack, a spokesman said on Friday. The company added detection and protection tools to counter the major malicious software, he added.
"Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt," he said.
In Russia, telecom giant Megafon has been affected.
"The very virus that is spreading worldwide and demanding $300 to be dealt with has been found on a large number of our computers in the second half of the day today," Megafon's spokesperson Pyotr Lidov told RT.
The internal network had been affected, he said, adding that in terms of the company's customer services, the work of the support team had been temporarily hindered, "as operators use computers" to provide their services.
The company immediately took appropriate measures, the spokesperson said, adding that the incident didn't affect subscribers' devices or Megafon signal capabilities in any way.
Swedish authorities have reported that 70 computers have been infected in the locality of Timra, central Sweden. Victims have seen their computers shut down, then restart, with a message saying their files have been encrypted with access only possible after payment.
"We have around 70 computers that have had a dangerous code installed," Andreaz Stromgren, the mayor of Timra, told Reuters.
According to the New York Times, citing security experts, the ransomware exploits a "vulnerability that was discovered and developed by the National Security Agency (NSA)." The hacking tool was leaked by a group calling itself the Shadow Brokers, the report said, adding, that it has been distributing the stolen NSA hacking tools online since last year.
The virus is apparently the upgraded version of the ransomware that first appeared in February. Believed to be affecting only Windows operated computers, it changes the affected file extension names to ".WNCRY."
It then drops ransom notes to a user in a text file, demanding $300 worth of bitcoins to be paid to unlock the infected files within a certain period of time.
While the victim's wallpaper is being changed, affected users also see a countdown timer to remind them of the limited time they have to pay the ransom.
The ransomware, known as WanaCrypt0r 2.0, is believed to have infected National Health Service (NHS) hospitals in the UK and Spain's biggest national telecommunications firm, Telefonica.
British Prime Minister Theresa May has said the cyberattack on UK hospitals is part of a wider international attack.
According to Avast, the ransomware has also targeted Russia, Ukraine and Taiwan.
Seventy-four countries around the globe have been affected, with the number of victims still growing, according to the Russian multinational cybersecurity and anti-virus provider, the Kaspersky Lab.
An increase in activity of the malware was noticed starting from 8am CET (07:00 GMT) Friday, security software company Avast reported, adding that it "quickly escalated into a massive spreading."
In a matter of hours, over 57,000 attacks have been detected worldwide, the company said.