Worldwide ransomware attacks: What we know

Security agencies are hunting for those behind a crippling cyber attack which has so far hit hundreds of thousands of computers worldwide, including at government agencies, factories and health services.

Here is what we know so far about the cyber ransom attacks:

– What happened? –
The cyberattacks started Friday and spread rapidly around the globe using a security flaw in Microsoft’s Windows XP operating system, an older version that is no longer given mainstream tech support by the US giant.

The so-called WannaCry ransomware locks access to user files and in an on-screen message demands payment of $300 (275 euros) in the virtual currency Bitcoin in order to decrypt the files.

Victims have been advised by security experts not to pay up.

The attack is unique, according to policing agency Europol, because it combines ransomware with a worm function, meaning once one machine is infected, the entire internal network is scanned and other vulnerable machines are infected.

– Who has been affected? –
Europol chief Rob Wainwright said computer systems in more than 150 countries were hit, with the majority of organisations affected over the weekend in Europe.

But as Asia woke up to the working week on Monday, leading Chinese security-software provider Qihoo 360 said “hundreds of thousands” of computers in the country were hit at nearly 30,000 institutions including government agencies.

In Japan, a spokesman for Hitachi said the conglomerate discovered problems on Monday morning and its computer networks were “unstable”.

Other high-profile victims include hospitals in Britain, the Spanish telecoms giant Telefonica, French carmaker Renault, US package delivery company FedEx, Russia’s interior ministry and the German rail operator Deutsche Bahn.

– Where did the malware come from? –
Brad Smith, Microsoft’s president and chief legal officer, said in a blog post Sunday that the culprits used a code developed by the US National Security Agency.

It was leaked as part of a document dump, according to researchers at the Moscow-based computer security firm Kaspersky Lab.

Smith warned governments against stockpiling such vulnerabilities and said instead they should report them to manufacturers — not sell, store or exploit them, lest they fall into the wrong hands.

“An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen,” Smith wrote.

“The governments of the world should treat this attack as a wake up call.”

– Who was behind the attack? –
Europol said on Monday it was continuing to hunt for the culprits behind the unprecedented attack.

The agency’s senior spokesman Jan Op Gen Oorth said it was still “a bit early too say who is behind it, but we are working on a decrypting tool”.

Experts think it unlikely to have been one person, with criminally minded cyber crime syndicates nowadays going underground and using ever more sophisticated encryption to hide their activities.

– How can people protect their computers? –
Microsoft took the unusual step of reissuing security patches first made available in March for Windows XP and other older versions of its operating system.

Kaspersky said it was seeking to develop a decryption tool “as soon as possible”.

Europol said European companies and governments had heeded warnings and as a result avoided further fallout from the ransomware.

“It seems that a lot of internet security guys over the weekend did their homework and ran the security software updates,” Jan Op Gen Oorth told AFP.