New Delhi: A massive ransomware attack, which security researchers say used a Windows exploit first developed by the United States National Security Agency, shut down computer systems across several countries, including India, last night.
According to anti-virus provider Kaspersky, there were at least 45,000 attacks in 74 countries, Reuters reported. The numbers were an initial estimate and were expected to go up.
India was among the three countries worst affected by the attack, data shared by Kaspersky showed. However, there was no immediate information on what companies in India were affected in the cyberattack.
The attack made headlines for targeting hospitals in the United Kingdom. A ransomware attack infects individual computers with a malware that blocks access to all data on the system.
The malware encrypts all the data on a computer system and decrypts it only after the computer user/owner agrees to pay a ransom, usually in bitcoin.
UK publication The Guardian reported that as many as 16 National Health Service trusts, some of which oversee several hospitals, were affected in the attack and that hospital staff were unable to access patient records. (Hospitals are a common target of ransomware attacks, perhaps because their dependence on patient records makes them likely to pay up quickly and easily).
The ransomware – dubbed Wanna Cry – demanded payments between $300 (around Rs 19,000) and $600 (around Rs 39,000) in bitcoin to unlock data on a single system, news agency Reuters reported.
Wanna Cry uses an Microsoft Windows exploit that was made public after a group of hackers called Shadow Brokers released files and hacking tools purportedly belonging to the American NSA, US’s premier signals intelligence agency.
News of the cyberattack initially made headlines after systems at hospitals across the United Kingdom were affected. Reuters reported that British hospitals and clinics were forced to turn away patients because their computers were infected by Wanna Cry.
British Prime Minister Theresa May said that the hospitals weren’t deliberately targeted and were simply part of a larger attack. “This (the Wanna Cry cyberattack) was not targeted at the NHS, it’s an international attack and a number of countries and organisations have been affected,” May said.
Anti-virus provider Kaspersky conducted an analysis of the cyberattack and noted that India was among the three countries worst affected by the attack. Around five per cent of the computers infected by Wanna Cry were in India. However, there was no immediate information on which Indian companies may have been affected due to the cyberattack.
Russia was the worst affected, according to both Kaspersky and Avast, another anti-virus provider. Over 70 per cent of the computer systems affected in the Wanna Cry attack were located in Russia, Kaspersky noted. Reuters reported that around 1,000 computers at the Russian Interior Ministry were affected by the huge cyberattack.
Some of the companies that were targeted in the international cyberattack included international shipper FedEx Corp, Spanish telecommunications company Telefonica and French aircraft manufacturer Airbus.
The malware, Wanna Cry, uses an exploit named EternalBlue to infect computers running versions of Windows operating systems. EternalBlue was first made public last month after Shadow Brokers released a bunch of exploits and hacking tools developed by the US NSA. According to tech website Ars Techina, the NSA used EternalBlue to hack and remotely take over computers running Windows.
Wanna Cry works by encrypting all the data on a computer system by changing file extension names to ‘.WNCRY’. The malware then displays a window informing users that their files have been encrypted and that they can be recovered in lieu of a payment made in bitcoin. The window is accompanied by two timers – one counting down to a certain time after which the ransom amount will be raised while the other warns of the time after which users’ files will be gone for good.
Interestingly, Microsoft released a patch for the EternalBlue exploit just a few weeks before Shadow Brokers made the NSA-developed vulnerability’s existence public. However, it is possible that several computers around the world, most likely including the ones targeted in yesterday’s cyberattack, had failed to update their systems with the Microsoft patch.
Responding to Friday’s cyberattack, Reuters reported Microsoft saying that it was pushing out automatic updates to defend Windows systems from the Wanna Cry attack. “Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt,” a Microsoft spokesman said in a statement.