By CGTN America
A cyber-attack using a ransomware called WannaCry appears to have infected tens of thousands of computers worldwide. In as many as 74 countries, including the UK, US, China, Russia, Spain, and Italy, users have been locked out by a program that demands 300 US dollars in Bitcoin per computer.
Screenshot of Wannacry notice. /Avast Photo
The attack appeared to exploit a vulnerability purportedly identified for use by the US National Security Agency (NSA) and later leaked to the internet.
How it works
According to Jakub Kroustek of the computer security firm Avast, “The ransomware changes the affected file extension names to '.WNCRY', so an infected file will look something like: original_name_of_file.jpg.WNCRY, for example. The encrypted files are also marked by the 'WANACRY!' string at the beginning of the file.”
In addition, Kroustek states the ransomware makes the following changes on infected computers:
Ransom Note - A simple text file is installed with instructions for paying the ransom.
Wana Decrypt0r 2.0 - A program is installed on the host computer with instructions on how to pay the ransom with Bitcoin, an explanation of what happened, and a countdown timer.
Wallpaper - the victim’s wallpaper is also changed to the following image, which repeats instructions on how to pay the ransom.
Screenshot of wallpaper after computer is attacked. /Avast Photo
Who it attacks
The attack hit Britain’s health service, forcing affected hospitals to close wards and emergency rooms.
Hospitals in areas across Britain found themselves without access to their computers or phone systems. Many canceled all routine procedures and asked patients not to come to the hospitals unless it was an emergency. Some chemotherapy patients were even sent home because their records could not be accessed.
The website of the NHS: East and North Hertfordshire notifying users of a problem in its network, in London on May 12, 2017. /CFP Photo
British Prime Minister Theresa May said there was no evidence that patient data had been compromised in the attack, and that it had not specifically targeted the National Health Service (NHS).
“It’s an international attack and a number of countries and organizations have been affected,” she said.
Alan Woodward, visiting professor of computing at the University of Surrey, said there was evidence the ransomware was spreading using a Microsoft flaw exposed in a recent leak of information from US intelligence agencies.
He said the affected computers likely had not applied the Microsoft patch or were running old operating systems for which no patch was available.
NHS Digital said the attack “was not specifically targeted at the NHS and is affecting organizations from across a range of sectors.” It initially said 16 NHS organizations had reported being hit, and more reports came in as the day went on.
The National Cyber Security Center, part of Britain’s GCHQ electronic intelligence agency, said it was working with police and the health system to investigate the attack.
Reports are also coming from Spain that telecom Telefonica is experiencing the same type of ransom screen pointing to the same bitcoin address.
Spain's National Center for the Protection of Critical Infrastructure said Friday it was communicating with more than 100 providers of energy, transportation, telecommunications and financial services about the attack.
A screenshot posted by a Chinese student showing that the computer was also locked by the same program. /People's Daily
Meanwhile, many Chinese universities announced they had been attacked by the ransomware program. Students whose computer connects to the campus network have had their graduation dissertations locked, and were told they could only be decoded if they paid a high ransom.
Among those institutions affected were Dalian Maritime University and universities in south China’s Guangxi Zhuang Autonomous Region including Guilin University of Electronic Technology, Guilin College of Aerospace Technology and Hezhou College.
