MS Risk Blog

Ransomware Global Attack is Largest in History

Posted on in Uncategorized title_rule

Experts are describing a global ransomware attack that occurred this month as “the biggest ransomware outbreak in history,” adding that Russia appears to be the hardest hit.

According to some experts, up to 99 countries may have been affected by the ransomware cyberattack that struck the NHS health service in the United Kingdom. It is believed to be the biggest attack of its kind ever recorded.

Russia appears to be the hardest hit nation, with its interior nad emergencies ministries and biggest bank, Sberbank, reporting that they wer targeted. According to Russia’s Interior Ministry, around 1,000 computers had been infected, adding however that it had localized the virus. According to researchers from the Kaspersky Lab, Spain, India and Ukraine were also severely affected, with the group stating that the malware struck at least 74 counties. Research with security software maker Avast however have reported that they had observed 57,000 infections in 99 countries, citing Taiwan amongst the top targets. In the United States, the effect of the hack did not appear to be widespread, at least initially.

Hacking group Shadow Brokers reportedly released the malware last month, after claiming to have discovered the flaw from the US National Security Agency (NSA).

Experts have indicated that criminal organizations were probably behind the attack, given how quickly the malware spread. Ransomware is malicious software that infects machines, locks them by encrypting data and then attempts to extort money to let users back in. The software used in the latest attacks is called WannaCry, or Wanna Decryptor, and exploits a vulnerability in the Windows operating system. It effectively allows the malware to automatically spread across networks, so that it can quickly infect large numbers of machines at the same organization. Cyber extortionists tricked victims into opening malicious attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files. The ransomware then encrypted data on the computes, demanding payments of US $300 to US $600 to restore access. Security researchers have indicated that they observed some victims paying via the digital currency bitcoin, though they did not know what percent had given in to the extortionists.