A cyber weapon believed to have escaped the control of the United States’ top-secret National Security Agency appears to be behind a massive wave of cyber ransom attacks Friday in scores of countries around the globe that researchers said was the largest computer hack ever.
Computers seized in the attack flashed a message on a black screen with red letters: “Oops, your important files are encrypted.” Users were then unable to access their files and told to pay a ransom to regain access to their machines.
A Czech security research firm, Avast Software, said it had detected more than 57,000 computers frozen by the attack. The Moscow-based Kaspersky Lab said 74 countries had been hit, with Russia, Ukraine, India and Taiwan suffering the biggest impact. The global criminal attacks crippled 16 hospitals and clinics in Britain and affected telecommunications in Spain and Portugal.
Over the weekend, security experts warned that the global cyber attack that began on Friday (May 12) is likely to be magnified in the new workweek as users return to their offices and turn on their computers.
Many workers, particularly in Asia, had logged off on Friday before the malicious software, stolen from the US government, began proliferating across computer systems around the world. So the true effect of the attack may emerge Monday (May 15) as employees return and log in.
Moreover, copycat variants of the malicious software behind the attacks have begun to spread, according to experts.
The size of the attack
The cyberattack has hit 200,000 computers in more than 150 countries, according to Rob Wainwright, the executive director of Europol, the European Union’s police agency.
Among the organizations hit were FedEx in the United States, the Spanish telecom giant Telefónica, the French automaker Renault, universities in China, Germany’s federal railway system and Russia’s Interior Ministry. The most disruptive attacks infected Britain’s public health system, where surgeries had to be rescheduled and some patients were turned away from emergency rooms.
A 22-year-old British researcher who uses the Twitter name MalwareTech has been credited with inadvertently helping to stanch the spread of the assault by identifying the web domain for the hackers’ “kill switch” — a way of disabling the malware. Mr. Suiche of Comae Technologies said he had done the same for one of the new variants of malware to surface since the initial wave. The temporary fix initially helped slow down the rate of infected computers.
On Sunday, MalwareTech was one of many security experts warning that a less-vulnerable version of the malware is likely to be released. On Twitter, he urged users to immediately install a security patch for older versions of Microsoft’s Windows, including Windows XP. (The attack did not target Windows 10.)
Officials urged companies and organizations to update their Microsoft operating systems immediately to ensure networks aren’t still vulnerable to more powerful variants of the malware known as WannaCry or WannaCrypt. A prominent computer security expert, Chris Wysopal, co-founder of the application security company Veracode, in Burlington, Massachusetts, said in a tweet that the WanaCrypt0r ransomware epidemic may be an indicator of how powerful some NSA hacking tools are.
The outbreak, which began last Friday, is already believed to be the biggest online extortion scheme ever recorded.
What exactly does the malware do and how it happens
WannaCry locks up computers, encrypts their data, and demands large Bitcoin payments, which begin at $300 and rise to $600 before the software destroys files hours later. Cyber criminals targeted users in 150 nations, including the U.S., Russia, Brazil, Spain, and India, along with major government agencies, such as the U.K.’s National Health Service and Germany’s national railway.
But some networks may have caught the malicious bug after workers went home, meaning the malware is already there, waiting for employees to power up their computers.
The WannaCry malware exploits a vulnerability in Microsoft Windows that was reportedly developed and used by the U.S. National Security Agency. Experts said this vulnerability has been known for months, and Microsoft had fixed the problem in updates of recent versions of Windows. But many users did not apply the software patch, AP reported.
So, in case you needed another reminder, update your software often. And maybe change your passwords while you’re at it.
Many images popped up of companies computers affected by the attack. This one below shows Russia railway operating room screens affected by the malware, in a tweet shared by Kevin Beaumont.
Above, a billboard in Thailand shows the alert message caused by the WannaCrypt vulnerability.
And here, a German train station shows the alert caused by the malware.