A global cyber attack has infected tens of thousands of computers in 99 countries on Friday. Britain’s health system was paralyzed, global shipper FedEx were disrupted. The hackers blocked computers and demanded a ransom of 300 USD in bitcoins. It is believed that the hacking tools have been developed by the U.S. National Security Agency.
The cyber attacks is considered ot be the biggest ever.
According to Europol the virus infected 200,000 computers in 150 countries.
First, there were reports of Spain’s largest telecom being hit with pop-up windows demanding a $300 ransom to access files. Also Portugal’s and Argentina’s Telecom were infected.
At least 16 hospitals in England’s National Health Service were affected, locking doctors and nurses out of patients’ records unless they paid up. Then came word that networks around the world were under attack Friday.
In Asia, some hospitals, schools, universities and other institutions were affected, although the full extent of the damage is not yet known because it is the weekend.
Avast, a security software company, wrote that they detected more than 75,000 cases of ransomware in 99 countries as of Friday afternoon.
“According to our data, the ransomware is mainly being targeted to Russia, Ukraine and Taiwan, but the ransomware has successfully infected major institutions,” like hospitals and companies, an Avast analyst wrote.
Friday’s attacks are being blamed on a piece of malware called WCry, WannaCry, or Wana Decryptor, that’s now been tracked in large-scale attacks across Europe and Asia — particularly Russia and China — as well as attacks in the U.S. and South America, according to a map on the Malware Tech site.
What was the attack and how does it work?
Hackers have been spreading “ransomware” called WannaCry, also known as WanaCrypt0r 2.0, WannaCry and WCry. It is often delivered via emails which trick the recipient into opening attachments and releasing malware onto their system in a technique known as phishing.
Some of the virus infected emails were titled as invoices, orders and other titles attracting owners to open them.
Once your computer has been affected, it locks up the files and encrypts them in a way that you cannot access them anymore. It then demands payment in bitcoin in order to regain access.
Security experts warn there is no guarantee that access will be granted after payment. Some ransomware that encrypts files ups the stakes after a few days, demanding more money and threatening to delete files altogether.
Victims of the attack are confronted with a pop-up window that tells them their files are now encrypted and that they need to send $300 via the bitcoin cryptocurrency.
“You can decrypt some of your files for free,” reads the message, which we’re seeing today in a variety of languages. “But if you want to decrypt all your files, you need to pay. You only have 3 days to submit the payment. After that the price will be doubled.”
The window includes a countdown clock that threatens the files will be lost permanently in seven days.
Who was behind the attack?
A cyber gang – called Shadow Brokers – is being blamed for the hack, UK’s Telegraph notes. The mysterious organisation said in April it had stolen a ‘cyber weapon’ from the National Security Agency (NSA), America’s powerful military intelligence unit.
Wana Decryptor exploits a Windows flaw that was patched in Microsoft’s Security Bulletin MS17-010 in March. But on machines that haven’t been updated or patched, the malicious code encrypts all of an infected machine’s files — and then spreads itself.
“Infection of a single computer can end up compromising the entire corporate network,” Spain’s National Cryptologic Center says.
The cyber attack and the spread of the ransomware capped a week of cyber turmoil in Europe that began the previous week when hackers posted a trove of campaign documents tied to French candidate Emmanuel Macron just before a run-off vote in which he was elected president of France.
On Wednesday, hackers disrupted the websites of several French media companies and aerospace giant Airbus.The hack happened four weeks before a British general election in which national security and the management of the state-run National Health Service are important issues.
Sources from the Greek Police Electronic Crime Department told media that Greece was not affected by the cyber attack. There have been no reports or complains on cyber attack, the source said.
UPDATE Hours later, Greek police discovered that at least one system of a university was infected by the global attack.