Spotlight: Ransomware attack hits dozens of countries
Xinhua, May 13, 2017 Adjust font size:
Kaspersky Lab has recorded more than 45,000 attacks of ransomware in 74 countries around the world as of Friday, mostly in Russia.
The attack, boiling down to a computer virus that makes users' computers useless unless a payment is made to those who hacked their system, has prompt wide alarm around the globe.
"WANNACRY"
The multinational cybersecurity and anti-virus provider's Global Research and Analysis Team said in a web posting that in these attacks, data is encrypted with the extension ".WCRY" added to the filenames.
The attack by the ransomware, dubbed "WannaCry," is initiated through an SMBv2 remote code execution in Microsoft Windows.
The exploit, codenamed "EternalBlue," has been made available on the internet through the Shadowbrokers dump on April 14 and patched by Microsoft on March 14.
"It's important to understand that while unpatched Windows computers exposing their SMB services can be remotely attacked with the 'EternalBlue' exploit and infected by the WannaCry ransomware," Kaspersky Lab noted.
"The lack of existence of this vulnerability doesn't really prevent the ransomware component from working. Nevertheless, the presence of this vulnerability appears to be the most significant factor that caused the outbreak," it warned.
The WannaCry malware encrypts the files and also drops and executes a decryptor tool. The request for 600 U.S. dollars in Bitcoin, a cryptocurrency, is displayed along with the wallet.
As not all ransomware provides this timer countdown, the WannaCry attack shows computer users that "payment will be raised" after a specific countdown, along with another display raising urgency to pay up, threatening that the user will completely lose their files after the set timeout, the team said.
It added that to make sure the user doesn't miss the warning, the tool changes the user's wallpaper with instructions on how to find the decryptor tool dropped by the malware.
WIDE VICTIMS
Kaspersky Lab has confirmed additional infections in a group of countries, including Ukraine and India.
The cryptology branch of Spain's National Center for Intelligence (CNI) also confirmed on Friday that several Spanish companies, including multinational telecommunications giant Telefonica, have suffered the "massive" cyber attack.
The Spanish media reported that Telefonica bore the brunt of the attack, which caused the crash of the computers of Telefonica personnel at the company's Madrid headquarters, leaving them with blue screens and also halting other devices.
Other businesses thought to have been attacked by the virus included consultancy firms, banks and energy companies.
Hospitals in Britain also suffered from a similar attack on Friday. The National Health Service (NHS) issued an alert and confirmed infections at 16 medical institutions, but it remained unclear whether the incidents are connected with each other.
Sweden's Timra municipality was struck by WannaCry Friday afternoon, Swedish public broadcaster SVT reported.
A variation of the virus has infected Windows system and encrypts files locally and on shared services, and at least 70 computers were affected, as screens turned blue and then black on several of the municipalities' computers.
After the computers were rebooted, users got a message saying that the computers were encrypted and they had to pay to regain access to the content. Right now it appeared that there was no risk to life or health, according to Sweden's national Computer Emergency Response Team, although some of the administrative personnel were not able to do their work.
Andreaz Stromgren, head of the municipality's administrative offices, estimated that as many as 100 could have been infected before they stopped it from spreading.
Denmark is also one of the victims affected by the massive hacker attack.
"I can see on our map that Denmark has been tried to be attacked in the first hours of the attack," Leif Jensen, director of IT security company Kaspersky's Nordic department, was quoted by Danish TV2 channel as saying.
So far it is unclear who is behind the attack. Endi