Tens of thousands of computers in nearly 100 countries were infected, Britain's health system was disrupted and global shipper FedEx was impacted by a global cyber attack leveraging hacking tools believed to have been developed by the U.S. National Security Agency.
Malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files, were sent to users and then cyber extortionists tricked victims into opening such attachments.
Demanding payments of $300 to $600 to restore access, the ransomware encrypted data on the computers. Though they did not know what percent had given in to the extortionists, they observed some victims paying via the digital currency bitcoin, security researchers said.
they had observed 57,000 infections in 99 countries, with Russia, Ukraine and Taiwan the top targets, said researchers with security software maker Avast.
Thanks in part to a British-based researcher, who declined to give his name, registered a domain that he noticed the malware was trying to connect to, limiting the worm's spread, some experts said the threat had receded for now.
"We are on a downward slope, the infections are extremely few, because the malware is not able to connect to the registered domain," said Vikram Thakur, principal research manager at Symantec.
"The numbers are extremely low and coming down fast."
But the cycle can be restarted by attackers by tweaking the code. He had not seen any such tweaks yet, "but they will," said the British-based researcher who may have foiled the ransomware's spread.
Although the full extent of the damage is not yet known because it is the weekend, some hospitals, schools, universities and other institutions were affected in Asia.
"I believe many companies have not yet noticed," said William Saito, a cyber security adviser to Japan's government.
"Things could likely emerge on Monday."
Some secondary schools and universities had been affected, China's official Xinhua news agency said.
Dozens of cases of infection had been reported in Vietnam, Vu Ngoc Son, a director of Bkav Anti Malware, said.
While a communications official in Indonesia said two hospitals there had been affected, South Korea’s Yonhap news agency reported a university hospital had been affected.
Britain, where hospitals and clinics were forced to turn away patients after losing access to computers on Friday, was the place where the most disruptive attacks were reported from.
Some of its Windows computers were also infected., said international shipper FedEx Corp. "We are implementing remediation steps as quickly as possible," it said in a statement.
Among many targets in Spain was telecommunications company Telefonica. They were also targeted, said both Portugal Telecom and Telefonica Argentina.
Thakur said that because the hackers appear to have begun the campaign by targeting organizations in Europe, only a small number of U.S.-headquartered organizations were hit. He added that spam filters had identified the new threat and flagged the ransomware-laden emails as malicious by the time they turned their attention to the United States.
(Source:www.reuters.com)
Malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files, were sent to users and then cyber extortionists tricked victims into opening such attachments.
Demanding payments of $300 to $600 to restore access, the ransomware encrypted data on the computers. Though they did not know what percent had given in to the extortionists, they observed some victims paying via the digital currency bitcoin, security researchers said.
they had observed 57,000 infections in 99 countries, with Russia, Ukraine and Taiwan the top targets, said researchers with security software maker Avast.
Thanks in part to a British-based researcher, who declined to give his name, registered a domain that he noticed the malware was trying to connect to, limiting the worm's spread, some experts said the threat had receded for now.
"We are on a downward slope, the infections are extremely few, because the malware is not able to connect to the registered domain," said Vikram Thakur, principal research manager at Symantec.
"The numbers are extremely low and coming down fast."
But the cycle can be restarted by attackers by tweaking the code. He had not seen any such tweaks yet, "but they will," said the British-based researcher who may have foiled the ransomware's spread.
Although the full extent of the damage is not yet known because it is the weekend, some hospitals, schools, universities and other institutions were affected in Asia.
"I believe many companies have not yet noticed," said William Saito, a cyber security adviser to Japan's government.
"Things could likely emerge on Monday."
Some secondary schools and universities had been affected, China's official Xinhua news agency said.
Dozens of cases of infection had been reported in Vietnam, Vu Ngoc Son, a director of Bkav Anti Malware, said.
While a communications official in Indonesia said two hospitals there had been affected, South Korea’s Yonhap news agency reported a university hospital had been affected.
Britain, where hospitals and clinics were forced to turn away patients after losing access to computers on Friday, was the place where the most disruptive attacks were reported from.
Some of its Windows computers were also infected., said international shipper FedEx Corp. "We are implementing remediation steps as quickly as possible," it said in a statement.
Among many targets in Spain was telecommunications company Telefonica. They were also targeted, said both Portugal Telecom and Telefonica Argentina.
Thakur said that because the hackers appear to have begun the campaign by targeting organizations in Europe, only a small number of U.S.-headquartered organizations were hit. He added that spam filters had identified the new threat and flagged the ransomware-laden emails as malicious by the time they turned their attention to the United States.
(Source:www.reuters.com)