Cyberattack strikes 100K groups in at least 150 countries


By SYLVIA HUI, SARA BURNETT and ALLEN G. The attack, which started on Friday, is suspected to be the largest attack, with victims including Britain's hospital network and Germany's national railway.

Hospitals, major companies and government offices were among those that were badly affected. But computers and networks that didn't update their systems remained at risk.

He began analyzing a sample of the malicious software and noticed its code included a hidden web address that wasn't registered.

Dr Krishna Chinthapalli said the havoc wreaked on some health services in an global cyber attack could encourage hackers to target hospitals.

In his interview, MalwareTech referred to the case of another security blogger who was subject to intimidation, including death threats, after his identity was leaked online.

Ryan Kalember, senior vice president at Proofpoint Inc. which helped stop its spread, said the version without a kill switch could spread. Huss took a screen shot of his discovery and shared it on Twitter.

Senior security staff held another meeting in the White House Situation Room on Saturday, and the Federal Bureau of Investigation and National Security Agency were trying to identify the perpetrators of the massive cyber attack, said the official, who spoke on condition on anonymity to discuss internal deliberations. It's not uncommon for them to use aliases, either to protect themselves from retaliatory attacks or for privacy.

"These ransomware attacks have been on the rise over the last three years, it wasn't exactly something that was a shock - what was surprising is the scale of this one".

It was too early to say who was behind the onslaught, which struck 100,000 organizations, and what their motivation was, aside from the obvious demand for money.

WannaCry has already caused massive disruption around the globe. The NSA tools were stolen by hackers and dumped on the internet. Britain canceled or delayed treatments for thousands of patients. Renault's futuristic assembly line in Slovenia, where rows of robots weld vehicle bodies together, was stopped cold.

Always update systems and software with the latest security updates.

But while FedEx Corp. reported that its Windows computers were "experiencing interference" from malware - it wouldn't say if it had been hit by the ransomware - other impacts in the USA were not readily apparent on Saturday.

The virus exploits a vulnerability in Microsoft Windows software, first identified by the US National Security Agency.

In England, 48 National Health Service (NHS) trusts fell victim, as did 13 NHS bodies in Scotland.

All this may be just a taste of what's coming, another cyber security expert warned.

"There are other criminals who've launched this attack, and they are ultimately responsible for this", he said.

Attackers have demanded $300 to $600 to unlock encrypted files.

This is already believed to be the biggest online extortion attack ever recorded, disrupting computers that run factories, banks, government agencies and transport systems in nations as diverse as Russia, Ukraine, Brazil, Spain, India and the U.S.

Europol, the European Union's police agency, says the worldwide "ransomware" cyberattack has so far hit more than 100,000 organizations in at least 150 countries.

However, Mr Wainwright said that so far "remarkably few" payments had been made by victims of the attack.

The MalwareTech researcher agreed that the threat hasn't disappeared.

The 22-year-old told the BBC it was very important for people to patch their systems as soon as possible.

Just one click on an infected attachment or bad link would lead to all computers in a network becoming infected, said Vikram Thakur, technical director of Symantec Security Response. Short of paying, options for these individuals and companies are usually limited to recovering data files from a backup, if available, or living without them.

Don't click on links in emails unless you are expecting the email to contain a link.

The security holes it exploits were disclosed weeks ago by TheShadowBrokers, a mysterious hacking group.

Burnett reported from Chicago and Breed from Raleigh, North Carolina.