Ransomware attack creates global havoc

Washington/London, May 13 

Nearly hundred countries, including India, were hit by what is believed to be the biggest-ever recorded cyberattack that used “cyber weapons” stolen from the US’ National Security Agency to lock up computers and hold users’ files for ransom.

The cyber attack was first reported from Sweden, Britain and France, US media outlets reported. An increase in activity of the malware was noticed yesterday, security software company Avast reported, adding that it “quickly escalated into a massive spreading”.

Within hours, over 75,000 attacks were detected worldwide, the company said.

Meanwhile, the MalwareTech tracker detected over 100,000 infected systems over the past 24 hours. Security researchers with Kaspersky Lab have recorded more than 45,000 attacks in 99 countries, including the UK, Russia, Ukraine, India, China, Italy, and Egypt.

In Spain, major companies including telecommunications firm Telefonica were infected. The most disruptive attacks were reported in the UK, where hospitals and clinics were forced to turn away patients after losing access to computers.

The US Computer Emergency Readiness Team (USCRT) under the Department of Homeland Security said it has received multiple reports of WannaCry ransomware infections in many countries around the world. It was believed to the biggest attack of its kind.

A Microsoft spokeswoman said that the company was aware of the reports and was looking into the situation.

According to The Wall Street Journal, the malware believed to be behind the attacks, encrypts data on infected computers and essentially holds it for ransom. “Known as WannaCry or Wanna Decryptor, the so-called ransomware programme homes in on vulnerabilities in Microsoft Windows systems,” the daily said.

In a statement, international shipper FedEx said it has been badly hit by the cyber attack. “Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware. We are implementing remediation steps as quickly as possible,” it said.

The Department of Homeland Security (DHS) said it is actively sharing information related to this event and stands ready to “lend technical support and assistance as needed to our partners, both in the US and internationally”.

The DHS has a cadre of cyber security professionals that can provide expertise and support to critical infrastructure entities.

The malware was made available online on April 14 through a dump by a group called Shadow Brokers, which claimed last year to have stolen a cache of “cyber weapons” from the National Security Agency (NSA). At the time, there was scepticism about whether the group was exaggerating the scale of its hack.

Former NSA contractor Edward Snowden blamed the NSA for not preventing the global cyber attack. “Despite warnings, (NSA) built dangerous attack tools that could target Western software,” he said. “Today we see the cost”.

Experts have been working round-the-clock to restore IT systems of Britain’s National Health Service (NHS) after they were hit by the large-scale cyber-hack by an international criminal gang that wreaked havoc around the globe.

With nearly 45 NHS organisations from London to Scotland hit in the “ransomware” attack yesterday, patients of the state-funded countrywide service are facing days of chaos as appointments and surgeries have been cancelled.

An Indian-origin doctor based in London had warned against the cyber-hack of the NHS just days before it crippled the country’s network.

Dr Krishna Chinthapalli, a neurology registrar at the National Hospital for Neurology and Neurosurgery in London, had warned that an increasing number of hospitals could be shut down by ransomeware attacks in an article on the vulnerability of the NHS network in the ‘British Medical Journal’ on Wednesday, two days before the major cyber-hack.

He had highlighted an incident at Papworth Hospital near Cambridge where a nurse clicked on a malicious link and malware infected her computer and started to encrypt sensitive files. — PTI

What is ransomware?

• The ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. It demands users pay $300 worth of cryptocurrency Bitcoin to retrieve their files, though it warns that the payment will be raised after a certain amount of time
• The malware spreads through e-mail. Individuals and organisations are discouraged from paying the ransom, as this does not guarantee access will be restored. Ransomware spreads easily when it encounters unpatched or outdated software

The modus operandi

• Cyber extortionists tricked victims into opening malicious malware attachments to spam emails that seemed to contain invoices, job offers, security warnings and other legitimate files
• Once inside the targeted network, so-called ransomware made use of recently revealed spy tools to silently infect other out-of-date machines without any human intervention
• The ransomware encrypted data on the computers, demanding payments of $300 to $600 to restore access

‘Kill switch’ can stop spread of malicious software

• A cybersecurity researcher appears to have discovered a “kill switch” that can prevent the spread of the WannaCry ransomware—for now—that has caused the cyberattacks
• The researcher, tweeting as @MalwareTechBlog, said the discovery was accidental, but that registering a domain name used by the malware stops it from spreading
• The researcher warned that people “need to update their systems ASAP” to avoid attack. “The crisis isn’t over, they can always change the code and try again,” @MalwareTechBlog said

Politically sensitive timing

• The spread of the ransomware capped a week of cyber turmoil in Europe that began when hackers posted a trove of campaign documents tied to French candidate Emmanuel Macron just before a run-off vote in which he was elected president of France
• The hack happened four weeks before a British general election in which national security and the management of the state-run National Health Service are important issues.
• Authorities in Britain have been braced for cyber attacks in the run-up to the election, as happened during last year’s US election and on the eve of the French run-off vote on May 7
• But those attacks, blamed on Russia, followed a different modus operandi involving penetrating the accounts of individuals and political organisations and then releasing hacked material online

India’s cyber security arm issues alert

• Government’s cyber security arm CERT-In has alerted vital institutions including RBI, stock markets and NPCI against the latest cyber attack that has infected thousands of systems globally
• It has issued a list of do’s and dont’s to these agencies and advised installation of relevant “patches” to protect against any data breaches
• The government has made necessary arrangements to handle the situation. “No major incident of cyber attack has been brought to notice of Indian Computer Emergency Response Team (CERT- In) yet,” a statement said