Nearly hundred countries, including India, were hit by what is believed to be the biggest-ever recorded cyber attack that used "cyber weapons" stolen from the US' National Security Agency to lock up computers and hold users' files for ransom. The cyber attack was first reported from Sweden, Britain and France, US media outlets reported.
In India, a section of computers at Andhra Pradesh’s police departments were hacked. Computers in 18 police units in Chittoor, Krishna, Guntur, Visakhatpatnam and Srikakulam districts were affected.
According to Director General of Police N Sambasiva Rao, systems using the Windows operating system were hit by the cyber attack. The police chief’s computer with Apple’s operating system was safe.
An increase in activity of the malware was noticed on Friday, security software company Avast reported, adding that it "quickly escalated into a massive spreading". Within hours, over 75,000 attacks were detected worldwide, the company said.
Meanwhile, the MalwareTech tracker detected over 100,000 infected systems over the past 24 hours. Security researchers with Kaspersky Lab have recorded more than 45,000 attacks in 99 countries, including the UK, Russia, Ukraine, India, China, Italy, and Egypt.
The most disruptive attacks were reported in the UK, where hospitals and clinics were forced to turn away patients after losing access to computers. Among the government agencies and companies affected globally were Britain’s National Health Service (NHS), the Russian Interior Ministry, Spain’s communications giant Telefonica, power firm Iberdrola, utility provider Gas Natural and FedEx in the US.
Moscow-based Kaspersky Lab detected that variants of a malware called “WannaCry” or "Wanna Decryptor" were used that encrypted the files.
“Once inside the system, the attackers install a rootkit, which enables them to download the software to encrypt the data. The malware encrypts the files. A request for $600 in Bitcoin is displayed along with the wallet -- and the ransom demand increases over time,” said Altaf Halde, Managing Director Kaspersky Lab (South Asia).
“This is big and set to get bigger. We haven’t seen anything like this since Conficker in 2008,” said Amit Nath, Head of Asia Pacific-Corporate Business at cyber security firm F-Secure Corporation.
The ransomware is a type of malicious software that infects a computer and restricts users' access to it until a ransom is paid to unlock it. It demands users pay USD 300 worth of cryptocurrency Bitcoin to retrieve their files, though it warns that the payment will be raised after a certain amount of time. The malware spreads through e-mail.
Individuals and organisations are discouraged from paying the ransom, as this does not guarantee access will be restored, the USCERT said.