Russian banks, railway giant among targets of WannaCry ransomware allegedly linked to NSA
The ‘WannaCry’ attacks were first reported worldwide on Friday and are estimated to have affected as many as 100,000 computers, including those of Russian Railways, the company reported Saturday.
“The IT system of Russian Railways has been attacked by a virus. The virus has been isolated. The work to eliminate it and upgrade anti-virus protection is currently underway,” the company told TASS news agency.
Russian Railways said the infection did not cause disruption to its transportation services.
Several Russian banks were also attacked by the malware, but their computer networks were not penetrated, the cybersecurity monitoring center FinCert, which is operated by Russia’s central bank, reported on Saturday.
Sberbank, Russia’s largest bank, released a separate statement confirming the integrity of its computers.
“The cybersecurity systems have discovered attempts to infect the bank infrastructure in due course. The bank network is protected from such attack. No virus infection happened,” it said.
Earlier on Friday, the Russian Interior Ministry and Megafon, one of the largest mobile service providers in the country, were both affected by the ransomware.
Dubbed ‘WannaCry,’ the malware uses a vulnerability in the Windows operating system to infect computers, and then encrypts files, demanding ransom to be paid in Bitcoin cryptocurrency for restoring access. The exploit was patched by Microsoft two months ago, so only computers not running updated software are vulnerable to the virus.
According to cybersecurity experts, the exploit was made public in April by Shadow Brokers – a hacker group that apparently obtained cyberwarfare tools from the NSA.
The ransomware affected NHS hospitals in Britain, Spanish telecommunication companies, and Germany’s Deutsche Bahn, among others.