World Capitals – Tens of thousands of computers in almost 150 countries were infected with ransomware demanding ransom payments during an international cyberattack, which some experts believe was inspired by a National Security Agency (NSA) tool kit that was leaked last year.
Ransomware is a type of malware that essentially takes over a computer and prevents users from accessing data on their own computer until a ransom is paid.
The virus is believed to be linked with the NSA’s stash of exploits exposed by Shadow Brokers hacker group. It uses a vulnerability in the Windows operating system to infect computers, and then encrypts files, demanding ransom to be paid in Bitcoin cryptocurrency for restoring access. The exploit was patched by Microsoft two months ago, so only computers not running updated software are vulnerable to the virus.
According to cybersecurity experts, the exploit was made public in April by Shadow Brokers, a hacker group that apparently obtained cyberwarfare tools from the NSA.
The malware called “WanaCrypt0r 2.0” infected the British Heath system with more than 20 British hospitals and major companies and FedEx.
Persons behind the attack demanded a ransom between $300 to $600 in Bitcoin per computer to provide the decryption key.
In a statement Saturday, Europol’s European Cybercrime Center, EC3, said the attack “is at an unprecedented level and will require a complex international investigation to identify the culprits.”
EC3 says its Joint Cybercrime Action Taskforce, made up of experts in high-tech crime, “is specially designed to assist in such investigations and will play an important role in supporting the investigation.”
US and British authorities advised companies and people affected by the attack not to pay the ransom demanded to decrypt files that were inflicted.
British National Health Service (NHS) was also affected as British Prime Minister Theresa May announced that a cyberattack initially believed to be targeting only hospitals in the UK has now gone beyond, involving potentially dozens of countries.
A number of NHS organizations have reported they suffered from a ransomware attack.
British Interior Minister Amber Rudd announced on Saturday that 48 of 248 health services in England had been impacted by Friday’s attack, but that all except six were now functioning normally.
British National Cyber Security Centre said it was working round the clock with UK and international partners and with private sector experts to lead the response to these cyber attacks.
Ciaran Martin, CEO of the National Cyber Security Centre, said in a statement that in order to protect against this sort of attack, organizations should “make sure your security software patches are up to date” and “make sure that you are running proper anti-virus software”
French carmaker Renault stopped production at two French sites on Saturday to prevent the spread of a global cyber attack that hit its computer systems, a spokesman said.
“Proactive measures have been put in place, including the temporarily suspension of industrial activity at some sites,” the spokesman said.
Also Nissan announced that its Sunderland plant has been hit by the worldwide ransomware attack with production affected, but had no major impact on the business.
“Like many organizations our plant was subject to a ransomware attack affecting some of our systems on Friday evening,” a spokeswoman confirmed.
In Germany, customer information screens at railway stations were hit but there was no impact on services.
FedEx Corporation confirmed that it is suffering a malware attack and issued a statement on Friday saying its Windows-based systems were “experiencing interference” due to malware and that it was trying to fix the issue as quickly as possible, but it gave no further details.
In Spain, telecommunications giant Telefonica was also infected with malicious ransomware.
Telefonica’s chief data officer, Chema Alonso said on Twitter: “News [of the attack] has been exaggerated and our colleagues are working on it right now.”
In an unusual step, Microsoft provided direct support to unsupported systems that were impacted by ransomware attack across the globe.
In order to ensure as many systems as possible are protected against WannaCrypt ransomware and other attacks, Microsoft has made security patches for Windows XP and other operating systems broadly available to download.
“This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind,” the company told customers.
Russia has been accused of being responsible for the attack, which was denied by authorities as Russian Railways was among the companies compromised by WannaCry, but it didn’t disrupt the services.
“The IT system of Russian Railways has been attacked by a virus. The virus has been isolated. The work to eliminate it and upgrade anti-virus protection is currently underway,” the company told TASS news agency.
Several Russian banks were also attacked by the malware, but their computer networks were not penetrated, the cybersecurity monitoring center FinCert, which is operated by Russia’s central bank, reported on Saturday.