A massive spate of ransomware attacks spread across the globe on Friday evening, with reports of infections in nearly 100 countries.
Researchers at online security firm Avast said at least 75,000 computer systems had been infected by the WannaCry worm worldwide, with countries such as Russia, Ukraine and Taiwan among the worst hit.
Hospitals in the UK were forced to turn patients away after their IT systems were brought down by the malware, while big firms including Spain’s Telefonica and Portugal Telecom were also affected.
Renault said it was forced to shut down production at a number of its plants in France after its networks were infected with the virus.
The hackers behind the ransomware are thought to have used tools stolen from the US National Security Agency (NSA) in their attacks, which spread rapidly throughput Europe yesterday.
By the time the cyber criminals distributing the malware turned their attention to the US, online security firms had identified various WannaCry strains and blocked emails infected with the virus.
The malware used in the attack, which is thought to be the largest of its type on record, locks computers running Microsoft’s popular Windows operating system and demands $300 (€274) in virtual currency Bitcoin to decrypt files.
Warning owners of infected devices not to bother searching for ways in which to unlock their files, the program threatens to wipe their hard drives if the ransom is not paid.
Online security experts said the hackers behind the attack were most likely cyber criminals looking to make money rather than politically-motivated state sponsored actors.
In a statement, Microsoft said: “Some of the observed attacks use common phishing tactics including malicious attachments. Customers should use vigilance when opening documents from untrusted or unknown sources…
“We are working with customers to provide additional assistance as this situation evolves.”
The software giant said it would roll out a new update to protect companies running older systems, such as Windows XP, from the malware.
It was reported on Saturday morning that a UK security researcher blogging as @malwaretechblog had accidentally stumbled across a “kill switch” which had for the moment halted the spread of the malware.
The switch had been coded into the virus in case its creator wanted to stop its spread at any point.
While the discovery of the switch came too late to save organisations in Europe and Asia, it gave the US more time to develop immunity to the ransomware.
In statement responding to the malware’s rapid spread, Europol said: “The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits.
“The Joint Cybercrime Action Taskforce (JCAT), at EC3 is a group of specialist international cyber investigators and is specially designed to assist in such investigations and will play an important role in supporting the investigation.”
