Published: Mon, May 15, 2017
Business | By Max Garcia

A 'second wave' of ransomware could broaden global cyberattack


As almost 45 NHS organizations from London to Scotland were hit in the "ransomware" attack on Friday, patients of the state-funded countrywide service faced chaos as appointments and surgeries had to be canceled.

The assault, which began Friday and was being described as the biggest-ever cyber ransom attack, struck state agencies and major companies around the world - from Russian banks and British hospitals to FedEx and European vehicle factories.

The countries, including India, were hit by what is believed to be the biggest-ever recorded cyberattack on Friday with investigators looking for those behind the hack that affected systems at banks, hospitals, and government agencies globally, media reports said.

Europol said a special task force at its European Cybercrime Centre was "specially created to assist in such investigations and will play an important role in supporting the investigation".

The pace of the attack by a destructive virus dubbed "WannaCry" slowed late on Friday, after the so-called ransomware locked up more than 100,000 computers, demanding owners pay $300 to $600 get their data back.

The perpetrators demand payment within three days or the price will double, and they threaten to delete the files altogether if payment is not received within seven days.

An Indian-origin doctor based in London had warned against the cyber-hack of the NHS just days before it crippled the country's network.

Old software, older hardware, and other problems make it very hard for IT departments to have much say in system upgrades.

"It only guarantees that the malicious actors receive the victim's money, and in some cases, their banking information". In past ransomware attacks, some victims have paid, only to find the key they are given doesn't work, while others have found their files are corrupted and can't be properly restored, he said.

Europol said its cybercrime specialists will support affected countries as a "complex worldwide investigation" to identify the culprits begins, as security experts warned that another major attack could happen soon.

Officials urged companies and organizations to update their Microsoft operating systems immediately to ensure networks aren't still vulnerable to more powerful variants of the malware known as WannaCry or WannaCrypt.

In a blog post, the US tech giant recalled that it had published an update in March to address the weakness exploited in Friday's attacks, a security flaw exposed in documents leaked from the US National Security Agency. "Organisations across Australia have been taking active steps to protect their networks over the weekend", the statement said.

United States software firm Symantec said the majority of organizations affected were in Europe, and the attack was believed to be indiscriminate.

In Russia, government agencies insisted that all attacks had been resolved.

Mr. Ashworth demanded to know why NHS organizations had failed to act on a critical note from Microsoft two months ago, what resources were being given to the NHS to bring the situation under control and what arrangements were in place to protect the NHS against cyber attacks.

Hospitals in London, northwest England and other parts of the country reported problems with their computer systems Friday.

German rail operator Deutsche Bahn said some electronic signs at stations announcing arrivals and departures were infected. But UK hospitals, Chinese universities and global firms like FedEx also reported they had come under assault.

After denying reports that its computers had been targeted, the Russian Interior Ministry later confirmed that "around 1,000 computers were infected".

"You're only safe if you patch ASAP", he wrote on Twitter.

Renault on Saturday said it had halted manufacturing at plants in Sandouville, France, and Romania to prevent the spread of ransomware in its systems.

"I highly suspect that, with the amount of coverage that this incident is getting, there are probably already people that are working to incorporate the exploit that was used for spreading", he said.

A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the NSA, Kaspersky said. The malware spreads through email.

Like this: