The story appears on

Page A2

May 15, 2017

GET this page in PDF

Free for subscribers

View shopping cart

Related News

Home » Business » IT

Global cyber attack hits systems in 150 countries

AN unprecedented global “ransomware” attack has hit at least 100,000 organizations in 150 countries, Europe’s police agency said yesterday. More damage may be seen today as people return to work and switch on their computers.

The attack that began on Friday is believed to be the biggest online extortion attack yet recorded, spreading chaos by locking computers that run Britain’s hospital network, Germany’s national railway and scores of other companies, factories and government agencies worldwide.

“It was essentially an indiscriminate attack across the world,” Europol director Rob Wainwright said. “It’s a massive reminder to sectors right across the world that cyber security should be a topline strategic priority.”

Jan Op Gen Oorth, spokesman for the Netherlands-based Europol, said the number of individuals who have fallen victim to the cyber extortion attack could be much higher.

He said it was too early to say who was behind the onslaught and what their motivation was. The main challenge for investigators was the fast-spreading capabilities of the malware. So far not many people had paid the ransoms the virus demands, he said.

The attack held hospitals and other entities hostage by freezing their computers, encrypting their data and demanding money through online bitcoin payment — US$300 at first, rising to US$600 before it destroys files hours later.

The effects were felt across the globe, with Russia’s Interior Ministry and companies including Spain’s Telefonica, FedEx in the US and French carmaker Renault all reporting disruptions.

Chinese media reported yesterday that students at several universities were hit by the virus, which blocked access to their thesis papers and their dissertation presentations.

Had it not been for a young cyber security researcher’s accidental discovery of a so-called “kill switch,” the malicious software would likely have spread much farther and faster.

Experts say such widespread attacks are tough to pull off.

This one worked because of a “perfect storm” of conditions, including a known and highly dangerous security hole in Microsoft Windows, users who didn’t apply Microsoft’s March software fix, and malware designed to spread quickly once inside university, business and government networks. What’s worse, those responsible were able to borrow a weaponized “exploit,” apparently created by the US National Security Agency, to launch the attack in the first place.

Darien Huss, a 28-year-old research engineer who helped stop the malware’s spread, said he was “still worried for what’s to come in the next few days, because it really would not be so difficult for the actors behind this to re-release their code without a kill switch or with a better kill switch.

“Or we could potentially see copycats mimic the delivery or exploit method they used,” he said.

Now that the “WannaCry” malware is out there, computer systems are vulnerable unless people everywhere move quickly to install Microsoft’s security patches.

The worldwide effort to extort cash prompted Microsoft to quickly change its policy, announcing free security patches to fix the vulnerability in older Windows systems still in use.

Security officials in Britain urged organizations to protect themselves by installing the security fixes, running antivirus software and backing up data elsewhere. Experts say this vulnerability has been understood among experts for months, yet too many groups failed to take it seriously.

The ransomware exploited a vulnerability that has been patched in updates of recent versions of Windows since March.

Britain’s National Cyber Security Center said it could have been much worse if not for a 22-year-old Britain-based cyber security researcher.

The researcher, identified online as MalwareTech, said he spotted a hidden web address in the “WannaCry” code and made it official by registering its domain name. That inexpensive move redirected the attacks to the server of Kryptos Logic, the security company he works for. The server operates as a “sinkhole” to collect information about malware — and in Friday’s case kept the malware from escaping.

The Windows vulnerability in question was purportedly identified by the NSA for its own intelligence-gathering purposes. Intelligence officials wouldn’t comment on the authenticity of the claims. The tools appeared stolen by hackers, who dumped them on the Internet.



Copyright © 1999- Shanghai Daily. All rights reserved.Preferably viewed with Internet Explorer 8 or newer browsers.

沪公网安备 31010602000204号

Email this to your friend