Hospitals, government offices, and high profile organizations are still reeling today after what cyber experts are calling one of the largest cyber attacks ever. This virus, identified as ransomware, seizes control of the user’s computer until a ransom has been paid. The user is given six hours to pay the $300 ransom, with the price increasing every three hours after that.
While it remains unclear exactly how many have been affected, the estimate has already reached more than 75,000 computers in over 150 countries worldwide. A vast majority of these ransomware attacks targeted Russia, but the effects were felt as far as the United States, Taiwan, and Ukraine. A major telecommunications enterprise in Spain reported a freeze on their entire network, as their ransom climbed to almost $550,000.
Who’s at Risk?
The latest in a recent string of cyber attacks was first discovered May 12 and has been linked to vulnerabilities in Windows. Aptly named ‘WannaCry,’ the ransomware targeted Windows XP, Windows 8, and Windows Server 2003 customers who had not yet installed the security update released by Microsoft in March. The National Security Agency (NSA) has received much criticism over the last week, with many blaming their handling of the ‘cyber weapon’ theft last month for the attack. In April, the group called ‘Shadow Brokers’ claimed responsibility for the piracy, but many feel the threat wasn’t taken seriously by the NSA.
While the attack was initially revealed on the 12th, analysts indicate the ransomware software was likely spreading for several weeks, laying dormant, waiting for the kill switch to be pulled. This exceptionally well-written code makes it virtually impossible to unlock encrypted files once they’ve been infected.
In the United Kingdom, outpatient appointments for sixteen National Health Service facilities were canceled and patients were advised to steer clear of emergency rooms if at all possible. China reported PetroChina gas stations were also experiencing difficulties, forcing consumers to pay cash for goods and services. Both countries have reported no evidence of personal information being compromised.
With Russia at the center of a large portion of the attacks, cyber experts indicate that the attack may have originated in Russia. Evidence points to the hacking of an extensive Russian email database as the likely source.
The ransomware was discovered by a British security researcher, who goes by the name MalwareTech. It was configured to continually contact an unregistered domain that was built into its coding. During his analysis of the attack, MalwareTech registered the domain, which, unbeknownst to him, was what was necessary to halt the ransomware attack from spreading any further.
While Microsoft customers were the target of this attack, all software users are urged to update their operating systems immediately. Windows users who haven’t installed the update Microsoft released in March can prevent an attack on their system by doing so now. Unfortunately, the update won’t help those who have already been targeted in this recent attack. Laptop users should use extreme caution when utilizing public WiFi connections, as the ransomware is equipped with a ‘hunter module,’ which helps spread the virus to anyone on the shared network.
Recent studies reveal that cyber attacks are on the rise, showing no signs of slowing down in the near future. A published FBI report indicates an average of 4,000 ransomware attacks occurred each day in 2016, with an attack on U.S. enterprises occurring once every forty seconds. Businesses and individual users are urged to keep their firewalls up-to-date and configure them to block any malicious IP addresses. Anti-virus and anti-malware programs should also be configured to automatically perform regular scans.