Europol is investigating an “unprecedented” global cyber attack that tricked victims into opening malicious malware attachments to spam emails.
Computers in almost 100 countries have been infected by the attack.
See here where has been affected.
The UK health system is among the organisations thrown into chaos.
French carmaker Renault says it has halted production at some sites because of the bug.
What is Europol doing?
#BREAKING Global cyberattack is of “unprecedented level”: Europol— AFP news agency (@AFP) 13 mai 2017
The organisation has been asked to investigate the cyber attack by some EU member states.
Spokesperson Jan Op Gen Oorth told Euronews: “The European Cybercrime Centre, EC3, at Europol is working closely with affected countries’ cybercrime units and key industry partners to mitigate the threat and assist victims.”
“The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits.”
“The Joint Cybercrime Action Taskforce (JCAT) at EC3 is a group of specialist international cyber investigators and is specially designed to assist in such investigations and will play an important role in supporting the investigation.”
“For furher information on Ransomware, how to protect your data devices, what to do when infected with ransomware and access to unlocking tools please visit https://www.nomoreransom.org/, a free online resource developed by Europol, Dutch police and industry partners.”
Hackers tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.
The ransomware encrypted data on computers.
Researchers say there were 57,000 infections in 99 countries, with Russia, Ukraine and Taiwan the top targets.
The hackers, who have not come forward to claim responsibility or have been identified, are thought to have made a “worm” or self-spreading malware by exploiting a piece of NSA code known as “Eternal Blue”.
Researchers say this was released last month by a group known as the Shadow Brokers.
“Eternal Blue” is part of a trove of hacking tools they said belonged to the US agency.
Which country is the worst affected?
The most disruptive attacks were reported in the UK. Hospitals and clinics were forced to turn patients away after losing access to computer networks.
NHS Digital (@NHSDigital) 12 mai 2017
Britain: Cyber security teams working “round the clock” to restore hospital systems hit by global cyberattack. https://t.co/5OnUcM3TWF— The Associated Press (@AP) 13 mai 2017
Experts say the hackers appear to have begun the campaign by targeting organisations in Europe.
Telecommunications giant Telefonica was among many targets in Spain. The company said the attack was limited to some computers on an internal network and clients and services have not been affected.
Comunicado de Telefónica sobre incidencia de ciberseguridad https://t.co/4WdjICfz0P— Telefónica (@Telefonica) 12 mai 2017
Portugal Telecom and Telefonica Argentina both say they were also targeted.
Russia’s interior and emergencies ministries, as well as the country’s biggest bank, Sberbank, say they were affected.
On its website, the interior ministry says around 1,000 computers have been infected but the virus has been localised.
The emergencies ministry told Russian news agencies it has repelled the cyberattacks. Sberbank says its cyber security systems have prevented the virus from gaining access.
#BREAKING Renault says production halted at French sites after cyberattack— AFP news agency (@AFP) 13 mai 2017
French carmaker Renault said on Saturday it has been affected by the WannaCry cyber attack.
The company says production has been halted at some sites as a result.
Do they know what software was used?
Yes. Private security firms have identified the ransomware as a new variant of “WannaCry”. The bug has the ability to automatically spread across large networks by exploiting a known bug in Microsoft’s Windows operating system.
On Friday, Microsoft said it is pushing out automatic Windows updates to defend clients from WannaCry.
“Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt,” Microsoft said in a statement.
Have there been any demands?
Yes. Payments were demanded of $300 to $600 to restore access.
Security researchers said they observed some victims paying via the digital currency Bitcoin.
What they are saying
“This is one of the largest global ransomware attacks the cyber community has ever seen,” – Rich Barger, director of threat research with Splunk, one of the firms that linked WannaCry to the NSA.
“Once it gets in and starts moving across the infrastructure, there is no way to stop it,” – Adam Meyers, a researcher with cyber security firm CrowdStrike.
“Seeing a large telco like Telefonica get hit is going to get everybody worried. Now ransomware is affecting larger companies with more sophisticated security operations,” – Chris Wysopal, chief technology officer with cyber security firm, Veracode.