WannaCry attack signals world is on brink of true cyber war
Malware encrypted data on quarter million computers in about 150 countries, demanding ransom for restoring access
19 May, 2017
An electronic display at Frankfurt am Main station is down, advising passengers to refer to timetables.
Employees monitor ransomware cyber-attacks at the Korea Internet and Security Agency (KISA) in Seoul.
The world got a hint last weekend how a cyber war in the future would look like after unprecedented in scale malware attack hit hundreds of thousands computers in no less than 150 countries across the globe. The attack by a malware called WannaCry or variants of that name started last Friday, continued throughout the weekend, but subdued last Monday. In the first day of the attack only, at least 75,000 computers in 99 countries were locked by the malware with all the data on them encrypted and ransom demanded for access to be restored.
Once locked, the computer screen showed a message sent by the WannaCry programme, which demanded a payment of $300 in virtual currency Bitcoin to unlock the files for each computer. The infections seem to be deployed via a worm, a programme that spreads by itself between computers. Most other malicious programs rely on humans to spread by tricking them into clicking on an attachment harbouring the attack code. By contrast, once WannaCry is inside an organisation it will hunt down vulnerable machines and infect them too.
European countries, including Russia, were among the worst hit. In the UK, a total of 48 National Health trusts were hit, of which by Monday all but six were back to normal, according to the Home Secretary Amber Rudd. The attack left hospitals and doctors unable to access patient data, and led to the cancellation of operations and medical appointments. The malware spread quickly last Friday, with medical staff in the UK reportedly seeing computers go down “one by one”.
Some reports say Russia has seen more infections than any other country. Mobile phone provider MegaFon, Sberbank, and the state-owned railways were hit. Russia's interior ministry said 1,000 of its computers had been infected but the virus was swiftly dealt with and no sensitive data was compromised.
In Germany, the federal railway operator said electronic boards had been disrupted; people tweeted photos of a ticket machine. France's carmaker Renault was forced to stop production at a number of sites. Its futuristic assembly line in Slovenia, where rows of robots weld car bodies together, was totally blocked. In Spain victims of the attack were large companies such as telecom giant Telefonica, and utilities Iberdrola and Gas Natural.
In Brazil, the social security system had to disconnect its computers and cancel public access. The state-owned oil company Petrobras and Brazil's Foreign Ministry also disconnected computers as a precautionary measure, while court systems went down, too. Other targets included Portugal Telecom, a university computer lab in Italy, a local authority in Sweden, the US delivery company FedEx, schools in China, hospitals in Indonesia and South Korea, etc.
Europol said its cyber-crime team, EC3, was working closely with affected countries to “mitigate the threat and assist victims.” Ironically, the attack started when finance ministers from the G7 group of leading industrial countries had been meeting to discuss namely the threat of cyber-attacks and pledged to work more closely on spotting vulnerabilities and assessing security measures.
It was not clear who was behind the attack, but the tools used to carry it out are believed to have been developed by the US National Security Agency (NSA) to exploit a weakness found in Microsoft's Windows system. The tool, known as EternalBlue, was stolen by a group of hackers known as The Shadow Brokers, who made it freely available in April, saying it was a protest against US President Donald Trump.
The worldwide effort to extort cash from computer users spread so widely that Microsoft quickly changed its policy, making security fixes available for free for the older Windows systems still used by millions of individuals and smaller businesses. Microsoft head Brad Smith criticised the manner in which governments store details about security weaknesses in computer systems. A patch for the vulnerability was released by Microsoft in March, which would have automatically protected those computers with Windows Update enabled.
And all this may be just a taste of what's coming, a cyber security expert warned. Computer users should be ready for the next big “ransomware” attack, Ori Eisen of the Trusona cybersecurity firm told the AP. The attack held hospitals and other entities hostage, but it appears to be “low-level” stuff, given the amount of ransom demanded, he pointed out adding that the same thing could be done to crucial infrastructure, like nuclear power plants, dams or railway systems. “This is child's play. This is not the serious stuff yet. What if the same thing happened to 10 nuclear power plants, and they would shut down all the electricity to the grid? What if the same exact thing happened to a water dam or to a bridge?” he asked. “Today, it happened to 10,000 computers. There's no barrier to do it tomorrow to 100 million computers,” he concluded.