Nearly hundred countries, including India, were hit by a massive cyber attack which experts said was carried out with the help of “cyber weapons” stolen from the US' National Security Agency.
The cyber attack was first reported from Sweden, Britain and France, US media outlets reported.
Advertisement
An increase in activity of the malware was noticed yesterday, security software company Avast reported, adding that it “quickly escalated into a massive spreading”.
Within hours, over 75,000 attacks have been detected worldwide, the company said. Meanwhile, the MalwareTech tracker detected over 100,000 infected systems over the past 24 hours.
Security researchers with Kaspersky Lab have recorded more than 45,000 attacks in 99 countries, including the UK, Russia, Ukraine, India, China, Italy, and Egypt. In Spain, major companies including telecommunications firm Telefonica were infected.
The most disruptive attacks were reported in the UK, where hospitals and clinics were forced to turn away patients after losing access to computers.
The US Computer Emergency Readiness Team (USCRT) under the Department of Homeland Security said it has received multiple reports of WannaCry ransomware infections in many countries around the world.
The ransomware is a type of malicious software that infects a computer and restricts users' access to it until a ransom is paid to unlock it. It demands users pay USD 300 worth of cryptocurrency Bitcoin to retrieve their files, though it warns that the payment will be raised after a certain amount of time. The malware spreads through email.
Individuals and organisations are discouraged from paying the ransom, as this does not guarantee access will be restored, the USCERT said.
According to it, ransomware spreads easily when it encounters unpatched or outdated software.
A Microsoft spokeswoman said that the company was aware of the reports and was looking into the situation.
According to The Wall Street Journal, the malware believed to be behind the attacks encrypts data on infected computers and essentially holds it for ransom.
“Known as WannaCry or Wanna Decryptor, the so-called ransomware programme homes in on vulnerabilities in Microsoft Windows systems,” the daily said.
In a statement, international shipper FedEx said it has been badly hit by the cyber attack.
“Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware. We are implementing remediation steps as quickly as possible,” it said.
“This event should serve as a globalwake-upcall the means of delivery and the delivered effect is unprecedented,” Rich Barger, the director of threat research at security firm Splunk, said in a separate statement.
The Department of Homeland Security (DHS) said it is actively sharing information related to this event and stands ready to “lend technical support and assistance as needed to our partners, both in the United States and internationally”.
The DHS has a cadre of cyber security professionals that can provide expertise and support to critical infrastructure entities, it said in a statement.
The malware was made available online on April 14 through a dump by a group called Shadow Brokers, which claimed last year to have stolen a cache of “cyber weapons” from the National Security Agency (NSA). At the time, there was scepticism about whether the group was exaggerating the scale of its hack.
Whistleblower Edward Snowden blamed the NSA for not preventing the global cyber attack.
“Despite warnings, (NSA) built dangerous attack tools that could target Western software,” Snowden said. “Today we see the cost.”
“If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened,” he said.
Some cyber security experts and privacy advocates said the massive attack reflected a flawed approach by the US to dedicate more cyber resources to offence rather than defence, a practice they argued makes the internet less secure.