The WannaCry worm has affected more than 200,000 Windows computers around the world since Friday, disrupting vehicle factories, global shipper FedEx Corp and Britain's National Health Service, among others.
As per the Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre), ransomware spreads by using a vulnerability in implementations of "Server Message Block" (SMB) in Windows systems. The onslaught forced hospitals to cancel or delay treatments for thousands of patients, even some with serious aliments like cancer.
What are immediate steps for an organization that is attacked?
Who is behind the attack? .
Though the group behind the WannaCry malware are yet be identified, experts have pointed at clues that point to a possible involvement of North Korea.
"Ransomware attack appears to be causing glitches at many ATMs that work on Random Access Memory (RAM)". WannaCry, on the other hand, threatens to permanently lock away user files if the computer owner doesn't pay a ransom, which starts at $300 but goes up after two hours.
For instance, if we take the case of the hospital systems held hostage in United Kingdom, they're more likely to pay up in order to safeguard their patient's information that has been encrypted by the attacker than a teenager with photos and contacts to lose - which otherwise, in all likeliness - is also backed up on cloud. Microsoft was under no legal obligation to do this, mind you, since it no longer supports Windows XP - after having extended its product lifecycle several times in the past.
He said the same thing could be done to crucial infrastructure, like nuclear power plants, dams or railway systems. They just happen to hit the motherlode. "There's no barrier to do it tomorrow to 100 million computers".More news: NY judge Garcia uninterested in FBI director job
The exploit, known as "EternalBlue" or "MS17-010", took advantage of a vulnerability in the Microsoft software that reportedly had been discovered and developed by the U.S. National Security Agency, which used it for surveillance activities. It said that the USA had "no credible evidence" to support a ban on Chinese tech companies in the US following the cyberattack. "But there's clearly some culpability on the part of the US intelligence services".
But the kill switch couldn't help those already infected. For many victims, finding and paying in Bitcoin is a task that is beyond them. It leveraged an exploit - a tool created to take advantage of a security hole - leaked in a batch of hacking tools believed to belong to the NSA.
Vernick said businesses that failed to update their software could face scrutiny from the U.S. Federal Trade Commission, which has previously sued companies for misrepresenting their data privacy measures.
A modified version of the exploit was used to carry out the ransomware attack that hit machines in more than 150 countries, including those at hospitals and major corporations.
Government agencies criticized over malware stash. Russia's health ministry said its attacks were "effectively repelled".
Sources said IT teams in many firms are working overtime to ensure such attacks do not harm their systems.
Russian cellular phone operators Megafon and MTS were hit.
In the event that a hacker successfully hijacks your computer, you could rescue yourself with a backup of your data stored somewhere, like on a physical hard drive. In this May 12, 2017 photo, a display panel with an error can be seen at the main railway station in Chemnitz, Germany.