Friday’s cyber attack hit 200,000 in at least 150 countries: Europol
LONDON, MAY 14 (REUTERS): Friday's cyber attack hit 200,000 victims in at least 150 countries and that number could grow when people return to work on Monday, the head of the European Union's police agency said on Sunday.
Cyber security experts say the spread of the virus dubbed WannaCry - "ransomware" which locked up computers in car factories, hospitals, shops and schools in several countries - has slowed, but that any respite might be brief.
Europol Director Rob Wainwright told ITV's Peston on Sunday programme the attack was unique in that the ransomware was used in combination with "a worm functionality" so the infection spread automatically.
[caption id="attachment_271882" align="aligncenter" width="650"]
Map locates top 20 countries affected in the first hours of WannaCry’s ransomware cyberattack; 3c x 2 inches; 146 mm x 50 mm;[/caption]
"The global reach is unprecedented. The latest count is over 200,000 victims in at least 150 countries, and those victims, many of those will be businesses, including large corporations," he said.
"At the moment, we are in the face of an escalating threat. The numbers are going up; I am worried about how the numbers will continue to grow when people go to work and turn (on) their machines on Monday morning."
He said Europol and other agencies did not yet know who was behind the attack but "normally it is criminally minded and that is our first working theory for obvious reasons".
"Of course there are amounts that are being demanded, in this case relatively small amounts - $300 rising to $600 if you don't pay within three days," he said.
"(There have been) remarkably few payments so far that we've noticed as we are tracking this, so most people are not paying this, so there isn't a lot of money being made by criminal organisations so far."
Technical staff scrambled on Sunday to patch computers and restore infected ones, amid fears that the ransomware worm that stopped car factories, hospitals, shops and schools could wreak fresh havoc on Monday when employees log back on.
Cybersecurity experts said the spread of the virus dubbed WannaCry - "ransomware" which locked up more than 100,000 computers - had slowed, but the respite might only be brief.
New versions of the worm are expected, they said, and the extent of the damage from Friday's attack remains unclear.
Marin Ivezic, cybersecurity partner at PwC, said that some clients had been "working around the clock since the story broke" to restore systems and install software updates, or patches, or restore systems from backups.
Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm to spread across networks, a rare and powerful feature that caused infections to surge on Friday.
Code for exploiting that bug, which is known as "Eternal Blue," was released on the internet in March by a hacking group known as the Shadow Brokers. The group claimed it was stolen from a repository of National Security Agency hacking tools. The agency has not responded to requests for comment.
Hong Kong-based Ivezic said that the ransomware was forcing some more "mature" clients affected by the worm to abandon their usual cautious testing of patches "to do unscheduled downtime and urgent patching, which is causing some inconvenience."
He declined to identify which clients had been affected.
MONDAY MORNING RUSH?
Monday was expected to be a busy day, especially in Asia which may not have seen the worst of the impact yet, as companies and organisations turned on their computers.
"Expect to hear a lot more about this tomorrow morning when users are back in their offices and might fall for phishing emails" or other as yet unconfirmed ways the worm may propagate, said Christian Karam, a Singapore-based security researcher.
Targets both large and small have been hit.
Renault said on Saturday it had halted manufacturing at plants in Sandouville, France, and Romania to prevent the spread of ransomware in its systems.
Among the other victims is a Nissan manufacturing plant in Sunderland, northeast England.
Hundreds of hospitals and clinics in the British National Health Service were infected on Friday, forcing them to send patients to other facilities.
German rail operator Deutsche Bahn said some electronic signs at stations announcing arrivals and departures were infected.
In Asia, some hospitals, schools, universities and other institutions were affected. International shipper FedEx Corp said some of its Windows computers were also breached.
Telecommunications company Telefonica was among the targets in Spain. Portugal Telecom and Telefonica Argentina both said they were also targeted.
A Jakarta hospital said on Sunday that the cyber virus had infected 400 computers, disrupting the registration of patients and finding records. The hospital said it expected big queues on Monday when about 500 people were due to register.
In Singapore, a company that supplies digital signage, MediaOnline, was rushing to fix its systems after a technician's error had led to 12 kiosks being infected in two of the island's malls. Director Dennis So said the systems were not connected to the malls' or tenants' networks.
Symantec, a cybersecurity company, forecast infections so far would cost tens of millions of dollars, mostly from cleaning corporate networks. Ransoms paid amount to tens of thousands of dollars, one analyst said, but he predicted they would rise.
Governments and private security firms said on Saturday that they expected hackers to tweak the malicious code used in Friday's attack, restoring the ability to self-replicate.
"This particular attack was relatively easy to shut down," said Bryce Boland, Asia Pacific chief technology officer for FireEye, a cybersecurity company.
But he said it would be straightforward for the existing attackers to launch new releases or for other ransomware authors to start copying the way the malware replicated.
The U.S. government on Saturday issued a technical alert with advice on how to protect against the attacks, asking victims to report any to the Federal Bureau of Investigation or Department of Homeland Security.
Indian Government activates
mechanism to prevent cyber attack
New Delhi, May 14 (IANS): The government on Sunday said it has activated a “preparedness and response mechanism” to prevent any major cyber attack from a new ransomware -- “Wannacry” -- which has infected computer systems around the world. According to the Ministry of Electronics and Information Technology (MeitY), it has activated a “preparedness and response mechanism” by instructing CERT-IN (Computer Emergency Response Team) to gather “all the information of the reported ransomware”. On May 13, CERT-IN had issued an advisory for both reactive and preventive actions to deal with the ransomware. “MeitY has initiated contact with relevant stakeholders in public and private sector to ‘patch’ their systems as prescribed in the advisory issued by CERT-IN. MeitY has also requested Microsoft India to inform all their partners and customers to apply relevant patches,” the ministry said in a statement. “In India, no reports have been formally received so far regarding this ransomware attack. However, it is understood that a few systems of the police department in Andhra Pradesh were impacted. MeitY has informed AP government, to follow the CERT-In advisory.”
