According to CNN.com, hospitals, major companies, and government offices around the world were trying to recover from what experts are calling one of the biggest cyber attacks ever.
The victims, found in more than 150 countries all over the world, were hit by a virus that seeks to seize control of computers until a ransom is paid.
Experts said that even as the spread of the attacks apparently has been stymied. But its full ramifications are not yet known because the virus may still be lurking on computers around the world. It remained unclear how many organizations had already lost control of their data to the malicious software — and researchers warned that copycat attacks could follow.
Security experts said the spread of the ransomware had been inadvertently stopped late Friday. The ransomware was designed to repeatedly contact an unregistered domain in its code. A 22-year-old security researcher in the U.K, who goes by MalwareTech, registered that domain to analyze the attack, but it turned out the ransomware needed it to remain unregistered to keep spreading. “Thus by registering it we inadvertently stopped any subsequent infections,” he told CNNTech. However, a hacker could change the code to remove the domain and try the ransomware attack again.
Europol said Saturday that the attack was of an “unprecedented level and requires international investigation.”
The U.K. government called an emergency meeting over the crisis and U.S. Treasury Secretary Steven Mnuchin, at a meeting of world leaders in Italy, said the attack was a reminder of the importance of cybersecurity. “It’s a big priority of mine that we protect the financial infrastructure,” he said.
The ransomware, called WannaCry, locks down all the files on an infected computer and asks the computer’s administrator to pay in order to regain control of them. The exploit was leaked last month as part of a trove of NSA spy tools.
The ransomware is spread by taking advantage of a Windows vulnerability that Microsoft released a security patch for in March.
But computers and networks that hadn’t updated their systems were still at risk. In the wake of the attack, Microsoft said it had taken the “highly unusual step” of releasing a patch for computers running older operating systems including Windows XP, Windows 8 and Windows Server 2003. But the patches won’t do any good for machines that have already been hit.
“Affected machines have six hours to pay up and every few hours the ransom goes up,” said Kurt Baumgartner, the principal security researcher at security firm Kaspersky Lab. “Most folks that have paid up appear to have paid the initial $300 in the first few hours.”
On Saturday, experts said it appeared that the ransomware had made just over $20,000, although they expected that number to pop when people went back into the office Monday.
WannaCry has already caused massive disruption around the globe.
Sixteen National Health Service organizations in the UK were hit, and some of those hospitals canceled outpatient appointments and told people to avoid emergency departments if possible. The NHS said in a statement on Saturday that there was no evidence that patient information had been compromised.
In China, the internet security company Qihoo360 issued a “red alert” saying that a large number of colleges and students in the country had been affected by the ransomware, which is also referred to as WannaCrypt. State media reported that digital payment systems at PetroChina gas stations were offline, forcing customers to pay cash. “Global internet security has reached a moment of emergency,” Qihoo360 warned.
Major global companies said they also came under attack. Fed Ex said Friday it was “experiencing interference with some of our Windows-based systems caused by malware” and was trying to fix the problems as quickly as possible. Two big telecom companies, Telefónica (TEF) of Spain and Megafon of Russia, were also hit.
“This is turning into the biggest cybersecurity incident I’ve ever seen,” U.K.-based security architect Kevin Beaumont said.
Russia’s Interior Ministry released a statement Friday acknowledging a ransomware attack on its computers, adding that less than 1% of computers were affected and that the virus was now “localized” and being destroyed.
The U.S. Department of Homeland Security, in a statement late Friday, encouraged people to update their operating systems. “We are actively sharing information related to this event and stand ready to lend technical support and assistance as needed to our partners, both in the United States and internationally,” the department said.
According to David Brandley, founder of the online security firm Trust Guard, the recent cyber attacks are not surprising. “Over 85% of the websites we scan for just such vulnerabilities fail their first scan. This shows what I already knew, that many organizations do not apply updates in a timely fashion. That’s why they need Trust Guard!” Unfortunately, most online businesses don’t look to secure their websites from hackers until after they’ve been hacked. For some reason, they believe their site is bulletproof – even though all they’ve got going for them is an SSL certificate that doesn’t protect their website from hackers and their ransomware.
Trust Guard runs daily security scans for thousands of companies then gives those companies reports so that they can fix their website’s vulnerabilities – like the patches needed for Microsoft products and services.
When CNNTech first reported the Microsoft vulnerabilities leaked in April, Hickey said they were the “most damaging” he’d seen in several years and warned that businesses would be most at risk. Consumers who have up-to-date software are protected from this ransomware.
It’s not the first time hackers have used the leaked NSA tools to infect computers. Soon after the leak, hackers infected thousands of vulnerable machines with a backdoor called DOUBLEPULSAR.
Donna Borak, Samuel Burke, Paul P. Murphy, Mariano Castillo, Jessica King, Yuli Yang, Steven Jiang, Clare Sebastian and Livvy Doherty contributed to this report.
Please view updated video (from almost 100 to over 150 countries) on the same page: http://money.cnn.com/2017/05/13/technology/ransomware-attack-nsa-microsoft/