'Unprecedented' cyber attack hits 100 countries including India

May 14, 2017, 08:33 IST | Agencies

Expert who stopped spread of attack says criminals will 'change the code and start again'

Victims were tricked into opening malicious malware attachments
Victims were tricked into opening malicious malware attachments

A global cyber attack leveraging hacking tools widely believed by researchers to have been developed by the US National Security Agency disrupted Britain's health system and infected computers in nearly 100 countries on Friday.

The wave of cyber attacks wreaking havoc cross the globe is "at an unprecedented level", European Union's law enforcement agency Europol said yesterday.

Cyber extortionists tricked victims into opening malicious malware attachments to spam emails that appeared to contain job offers and other legitimate files. The ransomware encrypted data on the computers, demanding payments of $300 to $600 in Bitcoins to restore access.

Researchers with security software maker Avast said they had observed 75,000 infections in 99 countries with Russia, Ukraine and Taiwan the top targets.

The most disruptive attacks were reported in Britain, where hospitals and clinics were forced to turn away patients after losing access to computers.

Still, only a small number of US-headquartered organisations were hit because the hackers appear to have begun the campaign by targeting organisations in Europe.

How does WannaCry ransomware work?
Private security firms identified the ransomware as a new variant of "WannaCry" that had the ability to automatically spread across large networks by exploiting a known bug in Microsoft's Windows operating system.

Who's behind it?
The hackers likely made it a "worm," or self spreading malware, by exploiting a piece of NSA code known as "Eternal Blue" that was released last month by a group known as the Shadow Brokers.

Researcher finds 'kill switch' for WannaCry
A cybersecurity researcher appears to have accidentally discovered a "kill switch" that can prevent the spread of the ransomware. Tweeting as @MalwareTechBlog, the researcher said that registering a domain name used by the malware stops it from spreading.

Who were affected
>> International shipper FedEx Corp
>> Major hospitals in Indonesia and UK
>> Russia's central bank, Railways, interior ministry
>> Spain's Telefonica, a telecommunications firm
>> Portugal Telecom and Telefonica Argentina
>> France's carmaker Renault was forced to stop production at some sites

Andhra police also hit
Vijayawada: A section of computers of Andhra Pradesh's police departments were also affected by the cyber attack and were not able to access data. However, officials said the day-to-day functioning was not hampered.

75k
No. of infections registered

Go to top