International Security Experts Race to Contain Fallout from Biggest Ransomware Attack Ever
Governments, companies and security experts from China to the United Kingdom on Saturday raced to contain the fallout from an audacious cyberattack that spread quickly across the globe, raising fears that people would not be able to meet ransom demands before their data are destroyed.
The global efforts come less than a day after malicious software, transmitted via email and stolen from the National Security Agency, exposed vulnerabilities in computer systems in almost 100 countries in one of the largest “ransomware” attacks on record.
The cyberattackers took over the computers, encrypted the information on them and then demanded payment of $300 or more from users to unlock the devices. Some of the world’s largest institutions and government agencies were affected, including the Russian Interior Ministry, FedEx in the United States and Britain’s National Health Service.
As people fretted over whether to pay the digital ransom or lose data from their computers, experts said the attackers might pocket more than $1 billion worldwide before the deadline ran out to unlock the machines.
The coordinated attack was first reported in the United Kingdom and spread globally. It has set off fears that the effects of the continuing threat will be felt for months, if not years. It also raised questions about the intentions of the hackers: Did they carry out the attack for mere financial gain or for other unknown reasons?
“Ransomware attacks happen every day — but what makes this different is the size and boldness of the attack,” said Robert Pritchard, a cybersecurity expert at the Royal United Services Institute, a think tank, in London. “Despite people’s best efforts, this vulnerability still exists, and people will look to exploit it.”
While most cyberattacks are inherently global, the current one, experts say, is more virulent than most. Security firms said the attacks had spread to all corners of the globe, with Russia hit the worst, followed by Ukraine, India and Taiwan, said Kaspersky Lab, a Russian cybersecurity firm.
The attack is believed to be the first in which such a cyberweapon developed by the N.S.A. has been used by cybercriminals against computer users around the globe.
Across Asia, several universities and organizations said they had been affected. In China, the virus hit the computer networks of both companies and universities, according to the state-run news media. News about the attack began trending on Chinese social media on Saturday, though most attention was focused on university networks, where there were concerns about students losing access to their academic work.
The attack also spread like wildfire in Europe. Companies like Deutsche Bahn, the German transport giant; Telefónica, a Spanish telecommunications firm, though no major service problems had been reported across the region’s transportation or telecom networks.
Renault, the European automaker, said on Saturday that its French operations had been hit by the attack, while one of its plants in Slovakia was shut down because of the digital virus. Nissan, the Japanese auto giant, said that its manufacturing center in Sunderland in the north of England had been affected, though a spokesman declined to comment on whether the company’s production had been stopped.
The British National Health Service said that 45 of its hospitals, doctors’ offices and ambulance companies had been crippled — making it perhaps one of the largest institutions affected worldwide. Surgical procedures were canceled and some hospital operations shut down as government officials struggled to respond to the attack.
“We are not able to tell you who is behind that attack,” Amber Rudd, Britain’s home secretary, told the British Broadcasting Corporation on Saturday. “That work is still ongoing.”
While American companies like FedEx said they had also been hit, experts said that computer users in the United States had so far been less affected than others after a British cybersecurity researcher inadvertently stopped the ransomware attack from spreading more widely.
As part of the digital attack, the hackers, who have yet to be identified, had included a way of disabling the malware in case they wanted to shut down their activities. To do so, the assailants included code in the ransomware that would stop it from spreading if the virus sent an online request to a website created by the attackers.
SOURCE: MARK SCOTT
The New York Times