The wave of cyberattacks that wreaked havoc in nearly a hundred countries, including India, since Friday is “at an unprecedented level”, according to European Union’s law enforcement agency Europol. The attacks would require “a complex international investigation to identify the culprits,” the agency said, as it worked with the countries and company hit by the attack world-over. The wave of attacks allegedly exploited a flaw exposed in documents leaked from the US National Security Agency (NSA).
The cyberattacks which were first reported from Sweden, Britain and France, used a technique called ransomware, where the users’ files get locked until they pay the attackers a designated sum of money in the virtual Bitcoin currency. A new ransomware called “Wcry” or “Wannacry” was being used to encrypt files on the infected Windows computers. Security experts said the attack appeared to be caused by a self-replicating piece of software that enters companies and organisations when employees click on email attachments, then spreads quickly internally from computer to computer when employees share documents.
The security holes it exploits were disclosed several weeks ago by TheShadowBrokers, a mysterious group that has published what it says are hacking tools used by the NSA as part of its intelligence-gathering.
Teams of technicians from the National Cyber Security Center worked “round the clock” Saturday to restore hospital computer systems vital to health services in Britain, and check transport services in other nations, after the attack that crippled the UK’s health system. Pictures posted on social media showed screens of NHS computers with images demanding payment of USD 300 (275 euros) in Bitcoin, saying: “Ooops, your files have been encrypted!”
British Home Secretary Amber Rudd, who was chairing a government emergency security meeting Saturday in response to the attack, said 45 public health organisations were hit, though she stressed that no patient data had been stolen. The attack froze computers at hospitals across the country, with some canceling all routine procedures. Patients were asked not to go to hospitals unless it was an emergency and even some key services like chemotherapy were canceled.
British media had reported last year that most public health organisations were using an outdated version of Microsoft Windows that was not equipped with security updates.
Krishna Chinthapalli, a doctor at Britain’s National Hospital for Neurology & Neurosurgery who wrote a paper on cybersecurity for the British Medical Journal, said many British hospitals still use Windows XP software, introduced in 2001.
Russia’s central bank on Saturday said that the country’s banking system had been hit by a mass cyberattack, and a number of ministries and the railway system also reported attempted breaches. The central bank’s IT attack monitoring centre “detected mass distribution of harmful software of the first and second type,” a central bank statement said according to Russian news agencies. Adding that “it did not detect instances of compromise” of the systems of the country’s banks.
A number of attacks were reported by various Russian government agencies yesterday, including the interior ministry, that said a 1,000 of its computers had been hit by a virus, after which it was localised. Russian health ministry aide Nikita Odintsov said on Twitter, that the ministry had “quickly thwarted” the attempted attacks.
Sberbank, Russia’s largest bank, is quoted to have said that its systems “detected in time the attempts to penetrate bank infrastructure.” Adding, “The bank’s network has provisions for defending from such attacks. There was no penetration of the system by viruses.”
Russia’ emergency ministry said it had “blocked all attempts of viral attacks on its computers.” The country’s state railway monopoly Russian Railways said it had also “localised” an attack.
French carmaker Renault’s assembly plant in Slovenia halted production after it was targeted in the global cyberattack. Radio Slovenia said Saturday the Revoz factory in the southeastern town of Novo Mesto stopped working on Friday evening to stop the malware from spreading. The radio said the factory is working with the central office in France to resolve the problem.
Elsewhere in Europe, the attack hit companies including Spain’s Telefonica, a global broadband and telecommunications company.
Germany’s national railway said Saturday that departure and arrival display screens at its train stations were affected, but there was no impact on actual train services. Deutsche Bahn said it deployed extra staff to busy stations to provide customer information, and recommended that passengers check its website or app for information on their connections.
Other European organisations hit by the massive cyberattack included soccer clubs in Norway and Sweden, with IF Odd, a 132-year-old Norwegian soccer club, saying its online ticketing facility was down.
FedEx Corp. in the US reported that its Windows computers were “experiencing interference” from malware, but wouldn’t say if it had been hit by ransomware.
The Indian government’s cyber security arm CERT-In has alerted vital institutions including RBI, stock markets and NPCI against the recent cyberattack. It issued a list of do’s and dont’s to these agencies and advised installation of relevant “patches” to protect against any data breaches. “No major incident of cyber attack has been brought to the notice of Indian Computer Emergency Response Team (CERT-In) yet,” according to official sources, reported news agency PTI.
G7 finance ministers in their meeting today turned their focus to combating cybercrime, in what Italy’s Pier Carlo Padoan described as an “unfortunately very timely” discussion. The talks, which had been scheduled before Friday’s cyberattacks, highlighted the potential threat to the global financial system as hackers tried to infiltrate the computer systems that run the global banking system, capital and equity markets.