Dozens of countries hit by huge cyber attack


May 13, 2017 at 12:00a.m.

Associated Press

NEW YORK

Dozens of countries were hit with a huge cyber- extortion attack Friday that locked up computers and held users’ files for ransom at a multitude of hospitals, companies and government agencies.

It was believed to the biggest attack of its kind ever recorded.

The malicious software behind the onslaught appeared to exploit a vulnerability in Microsoft Windows that was supposedly identified by the National Security Agency for its own intelligence-gathering purposes and was later leaked to the internet.

Britain’s national health service fell victim, its hospitals forced to close wards and emergency rooms and turn away patients. Russia appeared to be the hardest hit, according to security experts, with the country’s Interior Ministry confirming it was struck.

All told, several cybersecurity firms said they had identified the malicious software in upward of 60 countries, including the United States, though its effects in the U.S. did not appear to be widespread, at least in the initial hours.

Computers were infected with what is known as “ransomware” – software that freezes up a machine and flashes a message demanding payment to release the user’s data.

Mikko Hypponen, chief research officer at the Helsinki-based cybersecurity company F-Secure, called it “the biggest ransomware outbreak in history.”

Security experts said the attack appeared to be caused by a self-replicating piece of software that enters companies and organizations when employees click on email attachments, then spreads quickly internally from computer to computer when employees share documents and other files.

Its ransom demands start at $300 and increase after two hours to $400, $500 and then $600, said Kurt Baumgartner, a security researcher at Kaspersky Lab.

By Kaspersky Lab’s count, the malware struck at least 74 countries. In addition to Russia, the biggest targets appeared to be Ukraine and India, nations where it is common to find older, unpatched versions of Windows in use, according to the security firm.