A day after a massive ransomeware attack hit nearly 100 countries, including India, terrifying details were slowly emerging on Saturday as computers from hospitals in Britain to police stations in Andhra Pradesh were hacked into, keeping cyber security experts on tenterhooks.
In India, a section of computers at Andhra Pradesh’s police departments were hacked. Computers in 18 police units in Chittoor, Krishna, Guntur, Visakhatpatnam and Srikakulam districts were affected.
According to Director General of Police N. Sambasiva Rao, systems using the Windows operating system were hit by the cyber attack. The police chief’s computer with Apple’s operating system was safe.
R. Jaya Lakshmi, Superintendent of Police, Tirupati Urban, said the ‘ransomware’ encrypted data in some police stations, adding that they were not able to access data and hackers were demanding ransom in digital currency bitcoin to restore access.
Also see: Wikileaks Vault 7: Why India should be worried about CIA’s hacking tools on the loose
“The impact is minimal as we also keep offline record of FIRs and other documents,” Lakshmi added.
Among the government agencies and companies affected globally were Britain’s National Health Service (NHS), the Russian Interior Ministry, Spain’s communications giant Telefonica, power firm Iberdrola, utility provider Gas Natural and FedEx in the US.
According to media reports, teams were working round the clock in response to the attack, which resulted in operations being cancelled, ambulances being diverted and documents such as patient records made unavailable in England and Scotland.
After denying reports that its computers had been targeted, the Russian Interior Ministry later confirmed that “around 1,000 computers were infected”. The ministry said the technicians had contained the attack.
Also see: There are lakhs of cybersecurity jobs waiting. And they need more than just experts
Moscow-based Kaspersky Lab detected that variants of a malware called “WannaCry” were used that encrypted the files.
“Once inside the system, the attackers install a rootkit, which enables them to download the software to encrypt the data. The malware encrypts the files. A request for $600 in Bitcoin is displayed along with the wallet — and the ransom demand increases over time,” Altaf Halde, Managing Director Kaspersky Lab (South Asia), told IANS.
Kaspersky Lab confirmed that the company’s protection subsystems detected at least 45,000 infection attempts in 74 countries, mostly in Russia.
“This is big and set to get bigger. We haven’t seen anything like this since Conficker in 2008,” Amit Nath, Head of Asia Pacific-Corporate Business at cyber security firm F-Secure Corporation, told IANS.
Also see: This small step by the government can be a giant step in boosting the cybersecurity of Indian users
Another cybersecurity firm Avast said it had seen 75,000 cases of the ransomware around the world.
Europol also warned a “complex international investigation” was required “to identify the culprits”.
Rail passengers in Germany were confronted with the ransom message when looking up train information at stations after Berlin-based railway company Deutsche Bahn was targeted.
Carmaker Renault was France’s first company to be affected by the ransomware while Portugal Telecom and a local authority in Sweden also faced a similar fate.
The ransomware infects victims by exploiting a Microsoft Windows vulnerability described and fixed in “Microsoft Security Bulletin MS17-010”.
Microsoft also said it would roll out the update to users of older operating systems “that no longer receive mainstream support”, such as Windows XP, Windows 8 and Windows Server 2003.
The seeds of the massive cyber attack were sown by a mysterious hacking group “Shadow Brokers” in April when it leaked a hacking tool called “Eternal Blue” developed by the US National Security Agency (NSA).
Also see: Dream Digital India? Let’s secure our banking from cyberattacks first
Interestingly, the same tool is believed to have been used by another anonymous hacking group to gain remote access to computers, that brought parts of the NHS to a standstill.
“It’s likely that regular online criminals simply used the information that the ‘Shadow Brokers’ put on the internet and thought ‘how can we monetise this’,” telegraph.co.uk quoted Graham Cluley, a computer security expert, as saying on Saturday.
The attack was the latest in the growing menace of ransomware in which hackers deliver files to computers that automatically encrypt their data, making it unusable until a ransom is paid.
“This is not targeted at the NHS,” British Prime Minister Theresa May was quoted as saying in BBC. “It’s an international attack, and a number of countries and organisations have been affected.”
Also see: An ace hacker tells you how cybersecurity is changing
Hacking group or groups were yet to claim responsibility for the attack.
The Chinese online security company Qihoo 360 issued a warning about the virus, saying that many networks there had been hit and that some computers used to mine Bitcoin in China were among those infected.
The US Department of Homeland Security, in a statement, encouraged people to update their operating systems, CNN reported.
“We are actively sharing information related to this event and stand ready to lend technical support and assistance as needed to our partners, both in the United States and internationally,” the department said.
Meanwhile, the Group of Seven (G7) nations, which were holding a two-day meeting (May 12-13) of Finance Ministers and central bankers in Italy, released a draft statement committing to join forces to fight the rising threat of cyber attacks.