Begin typing your search...

    From UK to India, massive ransomware attack creates havoc

    A day after a massive ransomeware attack hit nearly 100 countries, including India, terrifying details were slowly emerging on Saturday as computers from hospitals in Britain to police stations in Andhra Pradesh were hacked into, keeping cyber security experts on tenterhooks.

    From UK to India, massive ransomware attack creates havoc
    X
    Representative Image

    New Delhi

    In India, a section of computers of the police departments in Andhra Pradesh were hacked. Computers in 18 police units in Chittoor, Krishna, Guntur, Visakhatpatnam and Srikakulam districts were affected.

    According to Director General of Police N Sambasiva Rao, systems using the Windows operating system were hit by the cyber-attack. However, the police chief's computer with Apple's iOS operating system was safe.

    R. Jaya Lakshmi, Superintendent of Police, Tirupati Urban, said the 'ransomware' encrypted data in some police stations, adding that they were not able to access data and hackers were demanding ransom in digital currency bitcoin to restore access.

    "The impact is minimal as we also keep offline record of FIRs and other documents," Lakshmi added.

    Among the government agencies and companies affected globally were Britain's National Health Service (NHS), the Russian Interior Ministry, Spain's communications giant Telefonica, power firm Iberdrola, utility provider Gas Natural and FedEx in the US.

    According to media reports, teams were working around the clock in response to the attack, which resulted in operations being cancelled, ambulances being diverted and documents such as patient records made unavailable in England and Scotland.

    After denying reports that its computers had been targeted, the Russian Interior Ministry later confirmed that "around 1,000 computers were infected". The ministry said the technicians had contained the attack.

    Moscow-based Kaspersky Lab detected that variants of a malware called "WannaCry" were used that encrypted the files.

    "Once inside the system, the attackers install a rootkit, which enables them to download the software to encrypt the data. The malware encrypts the files. A request for $600 in Bitcoin is displayed along with the wallet -- and the ransom demand increases over time," Altaf Halde, Managing Director Kaspersky Lab (South Asia), said.

    Kaspersky Lab confirmed that the company's protection subsystems detected at least 45,000 infection attempts in 74 countries, mostly in Russia.

    "This is big and set to get bigger. We haven't seen anything like this since Conficker in 2008," Amit Nath, Head of Asia Pacific-Corporate Business at cyber security firm F-Secure Corporation, said.

    Another cybersecurity firm Avast said it had seen 75,000 cases of the ransomware around the world.

    Europol also warned a "complex international investigation" was required "to identify the culprits".

    Rail passengers in Germany were confronted with the ransom message when looking up train information at stations after Berlin-based railway company Deutsche Bahn was targeted.

    Carmaker Renault was France's first company to be affected by the ransomware while Portugal Telecom and a local authority in Sweden also faced a similar fate.

    The ransomware infects victims by exploiting a Microsoft Windows vulnerability described and fixed in "Microsoft Security Bulletin MS17-010".

    Microsoft also said it would roll out the update to users of older operating systems "that no longer receive mainstream support", such as Windows XP, Windows 8 and Windows Server 2003.

    The seeds of the massive cyber-attack were sown by a mysterious hacking group "Shadow Brokers" in April when it leaked a hacking tool called "Eternal Blue" developed by the US National Security Agency (NSA).

    Interestingly, the same tool is believed to have been used by another anonymous hacking group to gain remote access to computers, that brought parts of the NHS to a standstill.

    "It's likely that regular online criminals simply used the information that the 'Shadow Brokers' put on the internet and thought 'how can we monetise this'," telegraph.co.uk quoted Graham Cluley, a computer security expert, as saying on Saturday.

    The attack was the latest in the growing menace of ransomware in which hackers deliver files to computers that automatically encrypt their data, making it unusable until a ransom is paid.

    "This is not targeted at the NHS," British Prime Minister Theresa May was quoted as saying in BBC. "It's an international attack, and a number of countries and organisations have been affected."

    Visit news.dtnext.in to explore our interactive epaper!

    Download the DT Next app for more exciting features!

    Click here for iOS

    Click here for Android

    migrator
    Next Story