Worldwide ransomware cyberattacks: what we know so far about WannaCry

The WannaCry ransomware locks access to files and, in an on-screen message, demands payment of $300 in the virtual currency Bitcoin in order to decrypt the files


Patients wait near a queue number dispenser affected by the “WannaCry” ransomware cyber attack at Dharmais Cancer Hospital in Jakarta on Monday. Photo: Dita Alangkara/AP
Patients wait near a queue number dispenser affected by the “WannaCry” ransomware cyber attack at Dharmais Cancer Hospital in Jakarta on Monday. Photo: Dita Alangkara/AP

London: Security agencies are hunting for those behind a crippling cyber attack which has so far hit hundreds of thousands of computers worldwide, including at government agencies, factories and health services.

Here is what we know so far about the cyber ransom attacks.

The cyber attacks started on Friday and spread rapidly around the globe using a security flaw in Microsoft’s Windows XP operating system, an older version that is no longer given mainstream tech support by the US giant.

The so-called WannaCry ransomware locks access to user files and, in an on-screen message, demands payment of $300 (€275 ) in the virtual currency Bitcoin in order to decrypt the files.

Victims have been advised by security experts not to pay up.

The attack is unique, according to policing agency Europol, because it combines ransomware with a worm function, meaning once one machine is infected, the entire internal network is scanned and other vulnerable machines are infected.

Europol chief Rob Wainwright said computer systems in more than 150 countries were hit, with the majority of organisations affected over the weekend in Europe.

But as Asia woke up to the working week on Monday, leading Chinese security-software provider Qihoo 360 said “hundreds of thousands” of computers in the country were hit at nearly 30,000 institutions including government agencies.

In Japan, a spokesman for Hitachi said the conglomerate discovered problems on Monday morning and its computer networks were “unstable”.

Other high-profile victims include hospitals in Britain, Spanish telecom giant Telefonica, French carmaker Renault, US package delivery company FedEx, Russia’s interior ministry and the German rail operator Deutsche Bahn.

Brad Smith, Microsoft’s president and chief legal officer, said in a blog post on Sunday that the culprits used a code developed by the US National Security Agency.

It was leaked as part of a document dump, according to researchers at the Moscow-based computer security firm Kaspersky Lab.

Smith warned governments against stockpiling such vulnerabilities and said instead they should report them to manufacturers—not sell, store or exploit them, lest they fall into the wrong hands.

“An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen,” Smith wrote.

“The governments of the world should treat this attack as a wake up call.”

Europol said on Monday it was continuing to hunt for the culprits behind the unprecedented attack.

The agency’s senior spokesman Jan Op Gen Oorth said it was still “a bit early too say who is behind it, but we are working on a decrypting tool”.

Experts think it unlikely to have been one person, with cyber crime syndicates nowadays going underground and using ever more sophisticated encryption to hide their activities.

Microsoft took the unusual step of reissuing security patches first made available in March for Windows XP and other older versions of its operating system.

Kaspersky said it was seeking to develop a decryption tool “as soon as possible”.

Europol said European companies and governments had heeded warnings and as a result avoided further fallout from the ransomware.

“It seems that a lot of internet security guys over the weekend did their homework and ran the security software updates,” Jan Op Gen Oorth said.

More From Livemint