At least 74 countries affected in 'biggest ever' cyber attack

Dozens of countries were hit with a huge cyberextortion attack at a multitude of hospitals, companies and government agencies.

By The Newsroom
Saturday, 13th May 2017, 8:43 am
Updated Monday, 15th May 2017, 9:24 am
The attack, that saw computers locked and users' files held for ransom, was believed to the biggest ever recorded.
The attack, that saw computers locked and users' files held for ransom, was believed to the biggest ever recorded.

The attack, that saw computers locked and users' files held for ransom, was believed to the biggest ever recorded.

The malicious software behind the onslaught appeared to exploit a vulnerability in Microsoft Windows that was supposedly identified by the US National Security Agency for its own intelligence-gathering purposes and was later leaked to the internet.

Sign up to our daily newsletter

The UK's National Health Service fell victim, its hospitals forced to close wards and emergency rooms and turn away patients.

Russia appeared to be the hardest hit, according to security experts, with the country's Interior Ministry confirming it was struck.

All told, several cybersecurity firms said they had identified the malicious software, which so far has been responsible for tens of thousands of attacks, in more than 60 countries.

That includes the United States, although its effects there did not appear to be widespread, at least initially.

The attack infected computers with what is known as "ransomware", software that locks up the user's data and flashes a message demanding payment to release it.

In the US, FedEx reported its Windows computers were "experiencing interference" from malware, but would not say if it had been hit by ransomware.

Mikko Hypponen, chief research officer at the Helsinki-based cybersecurity company F-Secure, called the attack "the biggest ransomware outbreak in history".

Security experts said the attack appeared to be caused by a self-replicating piece of software that enters companies and organisations when employees click on email attachments, then spreads quickly internally from computer to computer when employees share documents and other files.

Its ransom demands start at 300 dollars and increase after two hours to 400, 500 and then 600 dollars, said Kurt Baumgartner, a security researcher at Kaspersky Lab.

Affected users can restore their files from backups, if they have them, or pay the ransom; otherwise they risk losing their data entirely.

Chris Wysopal of the software security firm Veracode said criminal organisations were probably behind the attack, given how quickly the malware spread.

"For so many organisations in the same day to be hit, this is unprecedented," he said.

The security holes it exploits were disclosed several weeks ago by TheShadowBrokers, a group that has published what it says are hacking tools used by the NSA as part of its intelligence-gathering.

Shortly after that disclosure, Microsoft announced it had already issued software "patches" for those holes.

But many companies and individuals have not installed the fixes yet or are using older versions of Windows that Microsoft no longer supports and did not fix.

By Kaspersky Lab's count, the malware struck at least 74 countries.

In addition to Russia, the biggest targets appeared to be Ukraine and India, nations where it is common to find older, unpatched versions of Windows in use, according to the security firm.

Spain, meanwhile, took steps to protect critical infrastructure in response to the attack.

Authorities said they were communicating with more than 100 energy, transportation, telecommunications and financial services providers about the attack.

Spain's Telefonica, a global broadband and telecommunications company, was among the companies hit.

Ransomware attacks are on the rise around the world.

In 2016, Hollywood Presbyterian Medical Centre in California said it had paid a 17,000 dollars ransom to regain control of its computers from hackers.