More disruptions feared from worldwide ransomware cyber attack

A computer virus struck worldwide over the weekend, taking control of users' files and demanding €274 in payments to restore access

15 May 2017, 8:34am
The virus locked up more than 200,000 computers in more than 150 countries
The virus locked up more than 200,000 computers in more than 150 countries
Officials across the globe scrambled over the weekend to catch the culprits behind a massive ransomware virus that disrupted operations at car factories, hospitals, shops and schools, locking up more than 200,000 computers in more than 150 countries and demanding $300 (€274.21) in payments to restore access.

Cyber security experts said the spread of the worm dubbed had slowed but that the respite might only be brief amid fears new versions of the worm will strike.

"Expect to hear a lot more about this tomorrow [Monday] morning when users are back in their offices and might fall for phishing emails" or other as yet unconfirmed ways the worm may propagate, Christian Karam, a Singapore-based security researcher, said. 

On Sunday, Microsoft pinned blame on the US government for not disclosing more software vulnerabilities, and said that governments around the world should treat the attack as a “wake-up call”.

In a blog post on Sunday, Microsoft president Brad Smith appeared to acknowledge that the ransomware attack leveraged a hacking tool, built by the US National Security Agency, that leaked online in April.

"This is an emerging pattern in 2017," Smith wrote. "We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem."

The non-profit US Cyber Consequences Unit research institute estimated that total losses from the attack would range in the hundreds of millions of dollars, but not exceed $1 billion.

Most victims were quickly able to recover infected systems with backups, the group's chief economist, Scott Borg, said.

The effect in Asian nations so far on Monday has been limited. South Korea said just nine cases of ransomware had been found, giving no further details.

Australian officials said so far only three small-to-medium sized businesses had reported being locked out of their systems while New Zealand's ministry of business said a small number of unconfirmed incidents were being investigated.

In Japan, both Nissan and Hitachi reported some units had been affected, while in China energy giant PetroChina said that at some petrol stations customers had been unable to use its payment system.

Renault said it halted manufacturing at plants in France and Romania to prevent the spread of ransomware. 

Other victims include is a Nissan manufacturing plant in Sunderland, northeast England, hundreds of hospitals and clinics in the British National Health Service, German rail operator Deutsche Bahn and international shipper FedEx Corp.