Disruptions from global cyberattack continue to ripple worldwide

Evidence of the cyberattack that hit up to 100 countries continued to ripple around the world Saturday with reports of Chinese students unable to access their graduation theses, British doctors canceling operations and passengers at train stations in Germany greeted by hacked messages on arrival and departure screens.

Individuals and organizations around the world were scrambling after the international attack, which began Friday and spread like wildfire, to limit the damage or put in place preventive measures.

The attack was a form of ransomware that locks up computer systems and prevents access to data or systems until a payment is made.

It hit Britain’s beloved but creaky National Health Service particularly hard, causing widespread disruptions and interrupting medical procedures across hospitals in England and Scotland. Thousands of operations, as well as routine weekend appointments, were canceled.

During the attack on Britain’s NHS system, computer screens were locked by the malware that prompted the user to pay $300 in bitcoins or risk having their files erased.

Similar messages — written in local languages — popped up on screens across Europe.

In Germany, people posted pictures on social media of scheduling screens at train stations displaying the ransomware message. Deutsche Bahn, Germany’s national railway service, tweeted that its train service had not been compromised and that it was working full speed to solve the problems. According to DPA news agency, Deutsche Bahn’s video surveillance has also been hit.

Other targets in Europe included Telefónica, the Spanish telecom giant and a local authority in Sweden, which said about 70 computers were infected. Odd, a Norwegian football club, said that its online ticketing system was hit by the bug.

On Saturday, it was still unclear who was behind the sophisticated attack, which spread rapidly via email.

“We’re not able to tell you who is behind that attack. That work is still ongoing,” Amber Rudd, Britain’s home secretary told the BBC. She said that it has affected “up to 100 countries” and that it wasn’t specifically targeted at Britain’s NHS.

TMT post, a Chinese online news outlet focusing on the Internet industry, reported that a number of Chinese universities had been affected by the attack.

Several schools — including Nanchang University, Shandong University and University of Electronic Science and Technology of China — issued alerts on their Weibo social media feeds warning faculties and students to backup important files and not to open suspicious emails.

According to Chinese magazine Caijing, some students’ graduation theses and projects have reportedly been encrypted.

In Russia, hacking attacks had been confirmed Saturday at the country’s Interior Ministry, which manages the police force, the Ministry of Health, the state-run Russian Railways and the telecommunications company Megafon. There were also reports that the powerful Investigative Committee, which investigates high-level crime, and several other telecommunications companies had been targeted.

The Interior Ministry said that 1,000 of its computers had been blocked by prompts demanding payment. By Friday evening, the ministry said it had “contained” the attack and denied that any of its information had been stolen.

Jakub Kroustek, a malware researcher with Avast, a security software company in the Czech Republic, said in a blog post that Russia was the most affected country so far. “We are now seeing more 75,000 detections of WanaCrypt0r 2.0 in 99 countries,” he wrote Friday night.

Kaspersky Lab, a Moscow-based Internet security firm, also said that the attacks were mostly in Russia.

One reason Russia may have been so hard hit is the use of outdated software by government agencies.

“Russia has a very rickety, out-of-date infrastructure, using not just outdated software but pirated, out-of-date software,” said Mark Galeotti, a senior researcher at the Institute of International Relations Prague. According to Galeotti, one Interior Ministry official in 2013 estimated that 40 percent of the ministry’s computers could be using pirated Windows software, which is widely available in Russia for download or at local computer markets.

The bug, called Wanna Decrypt0r 2.0 — also known by names including WCry, WannaCry and WanaCrypt0r 2.0 — exploits a flaw that was identified in a stolen National Security Agency document.

Microsoft released a patch to fix the problem in March, but computer systems that did not install the update remain vulnerable.

In Britain, which is in the middle of an election campaign, the cyberattack triggered criticism about the NHS’s aging computer systems. The vast majority of computers in the NHS reportedly use Windows XP, which doesn’t have the same level of defense against cyberattacks as newer operating systems.

The opposition Labour Party’s Jonathan Ashworth tweeted that the government had been complacent over cybersecurity. “We need answers on whether funding squeeze compromised security,” he wrote.

Rudd, the home secretary, stressed that there was no evidence that patient data had been compromised but said that there were lessons to learn.

She told the BBC that Windows XP was “not a good platform for keeping your data as secure as the modern ones because you can’t download the effective patches and anti-virus software.”

“I would expect NHS trusts to learn from this and to make sure that they do upgrade,” she said.

Source: The Washington Post