The Wanna Cry ransomware attack - one of the largest ever cyber attacks - appeared to be slowing around 24 hours after it wrecked havoc and shut down tens of thousands of computer systems across 104 countries. The slow down happened soon after 'MalwareTech', a Britain-based security researcher, accidentally discovered a 'kill switch' to halt the W ...ymakarius
The Wanna Cry ransomware attack - one of the largest ever cyber attacks - appeared to be slowing around 24 hours after it wrecked havoc and shut down tens of thousands of computer systems across 104 countries.
The slow down happened soon after 'MalwareTech', a Britain-based security researcher, accidentally discovered a 'kill switch' to halt the Wanna Cry attack. Experts, however, warned that enterprising hackers could circumvent MalwareTech's fix.Â
Over 200,000 systems around the world were affected in the Wanna Cry attack, a tracker developed by a security researcher called 'MalwareTech' showed. Czech Republic-based anti-virus provider Avast, however, gave a more conservative estimate of around 126,000 systems being affected, news agency Reuters reported.
India was among the countries worst affected by the Wanna Cry attack, data shared by Kaspersky, a Russian anti-virus company, showed. According to initial calculations performed soon after the malware struck on Friday night, around five per cent of all computers affected in the attack were in India.
Mikko Hypponen, chief research officer at a Helsinki-based cyber security company called F-Secure, told news agency AFP that the it was the biggest ransomware outbreak in history and estimated that 130,000 systems in more than 100 countries had been affected.
Hypponen added that Russia and India were hit particularly hard, largely because Microsoft's Windows XP - one of the operating systems most at risk - was still widely used in the countries.
News agency IANS reported that police computers across 18 units in Andhra Pradesh's Chittoor, Krishna, Guntur, Visakhatpatnam and Srikakulam districts were affected. However, apart from that, there was no immediate information on the extent of the ransomware's hold on Indian systems.
OFFICIAL: NO CAUSE FOR CONCERN
However, India's top cyber security official indicated there was no need for concern.
National Cyber Security Advisor Gulshan Rai, who works out of the Prime Minister's Office, said, "There are about a 100 systems attacked in India and as of now there are no more threats," according to a Times of India report published late Saturday night.
"We understand systems in Andhra Pradesh are impacted, but so far our assessment is that there isn't much impact," Rai said in another report. Rai went on to add that a better understanding of the ransomware's effect in India would only happen on Monday after offices open.
RUSSIA WORST HIT, UK NHS CLAMBERS BACK ON FEET
Russia was the worst affected with Avast telling Reuters that 60 per cent of all infected computers were located in that country. Reports from Saturday morning also indicated that hundreds of computers at the Russian interior ministry. Â
However, it was Britain where the Wanna Cry cyber attack caused the worst disruptions. The ransomware took down hospitals across the United Kingdom causing them to lose access to patient data. Hospitals and clinics were forced to turn away patients, including those suffering from serious ailments.
As of Saturday night, all but six of the 48 National Health Service trusts, some of which oversee several hospitals, were back to normal, news agency Associated Press reported. British Prime Minster Theresa May had earlier said that the NHS wasn't deliberately targeted and that computer systems at Britain's hospitals were swept up in what was an international attack.
Message displayed by the Wanna Cry ransomware
US INTELLIGENCE CRITICISED
Wanna Cry, researchers say, uses an exploit first developed by the United States National Security Agency. The exploit called EternalBlue was first made public last month after a group of hackers called Shadow Brokers released data and hacking tools purportedly belonging to the NSA.
NSA is the US's premier signals intelligence agency that has for long been associated with both offensive as well as defensive cyber capabilities.
The attack fueled concerns that the international intelligence community, especially the US's NSA, often does not make public information about vulnerabilities in technology products so that such vulnerabilities can be used by the agencies for offensive purposes.
Former NSA contractor and ardent cyber security expert Edward Snowden said, "Despite warnings, (NSA) built dangerous attack tools that could target Western software," Snowden said. "Today we see the cost".
"If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened," he also said in a series of tweets.
He also indirectly blamed the NSA for the cyber attack, saying the agency's actions had allowed low-skill criminals to launch "government-scale attacks."
"Low-sophistication attackers are often unable to independently develop exploits, lacking the skill and resources to even reverse patches", Snowden said, adding, ".@NSAGov's choices risked permitting low-skill criminals launch government-scale attacks, and then it happened. There's no waving that away".
MICROSOFT RELEASES PATCH
Microsoft on Saturday took the unusual step of releasing free software patches for older, unsupported Windows systems like the XP.
The US tech company had already developed a patch for the EternalBlue exploit and had released it as part of an optional security upgrade for Windows users a few weeks before EternalBLue's existence was made public.
However, it is likely several computers, most likely included ones affected in the Wanna Cry ransomware attack, failed to upgrade to the new patch level. Also, the patch was not offered for Windows XP, a version of the operation system that is no longer supported by Microsoft.
However, that changed on Saturday with Microsoft releasing security fixes available for free for the older Windows systems as well. Notably, a Kaspersky report from last October had warned that most ATMs in India were at risk since they used Windows XP.
On Friday, media reports started highlighting that a ransomware attack had brought down computer systems in UK hospitals. It soon emerged that the attack was global with reports of affected computers coming in from all over the globe.
The ransomware - Wanna Cry - infected computers and encrypted all the data stored on the hard drives. In lieu of decrypting the data, Wanna Cry demanded payment ranging between $300 (around Rs 19,000) to $600 (around Rs 39,000) in bitcoin.
As of Saturday, no hacker or hacker group had come forward to claim responsibility for the cyber attack, which used an exploit first developed by the US NSA. The European Cybercrime Centre said, "The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits.
Some experts said the threat had receded as of Sunday, in part because MalwareTech registered a domain that he noticed the malware was trying to connect to, limiting Wanna Cry's spread. Microsoft also issued emergency security patches for a range of Windows versions.
The Indian Computer Emergency Response Team (ICERT or CERT-In) was said to be monitoring the situation continuously. Earlier on Saturday CERT-In was reported to have issued an adivsory asking computer users in India to upgrade their systems to the latest Windows patch level.
In Brazil, the social security system had to disconnect its computers and cancel public access. The state-owned oil company Petrobras and Brazil's Foreign Ministry also disconnected computers as a precautionary measure, and court systems went down, too.
In Russia, government agencies insisted that all attacks had been resolved. Russian Interior Ministry, which runs the national police, said the problem had been "localized" with no information compromised. Russia's health ministry said its attacks were "effectively repelled."
Germany's national railway said Saturday departure and arrival display screens at its train stations were affected, but there was no impact on actual train services. Deutsche Bahn said it deployed extra staff to help customers.
French carmaker Renault's assembly plant in Slovenia halted production after it was targeted. Radio Slovenia said Saturday the Revoz factory in the southeastern town of Novo Mesto stopped working Friday evening to stop the malware from spreading.
Elsewhere in Europe, the attack hit Spain's Telefonica, a global broadband and telecommunications company, and knocked ticketing offline for Norway's IF Odd, a 132-year-old soccer club.
"I believe many companies have not yet noticed," said William Saito, a cyber security adviser to Japan's government. "Things could likely emerge on Monday" as staff return to work.
China's information security watchdog said "a portion" of Windows systems users in the country were infected, according to a notice posted on the official Weibo page of the Beijing branch of the Public Security Bureau on Saturday. Xinhua state news agency said some secondary schools and universities were hit.
(Story has been updated to add Mikko Hypponen's quotes)
(With inputs from agencies)
diambil dari: indiatoday