15 May 2017

Cyber threat could hit more people today

6:54 am on 15 May 2017

A global ransomware attack has affected more than 200,000 victims in 150 countries, Europol chief Rob Wainwright says.

EU's law enforcement agency Europol director Rob Wainwright.

EU's law enforcement agency Europol director Rob Wainwright. Photo: AFP

He said the act was "unprecedented in its scale" and warned more people could find themselves affected on Monday morning.

The 'WannaCry' virus took control of users' files, demanding payments from people in return for restoring them.

See the live tracking map of the virus here

Russia and the UK were among the worst-hit countries.

Experts said another attack could be imminent and warned people to ensure their security is up to date.

Mr Wainwright said the ransomware was being combined with a worm application allowing the "infection of one computer to quickly spread across the networks".

"That's why we're seeing these numbers increasing all the time," he said.

'Patch before Monday'

Although a temporary fix earlier slowed the infection rate, the attackers had now released a new version of the ransomware, Mr Wainwright said.

Companies needed to make sure they have updated their systems and "patched where they should" before staff arrived for work on Monday morning, the EU law enforcement agency head said.

In England, 48 National Health Service (NHS) trusts reported problems at hospitals, GP surgeries or pharmacies, and 13 NHS organisations in Scotland were also affected.

What occurred was an "indiscriminate attack across the world on multiple industries and services", Mr Wainwright said, including Germany's rail network Deutsche Bahn, Spanish telecommunications operator Telefonica, US logistics giant FedEx and Russia's interior ministry.

However, he said that so far "remarkably" few payments had been made by victims of the attack.

BBC analysis of three accounts linked with the global attack suggested the hackers had been paid the equivalent of £22,080.

The Europol chief said his agency was working with the US Federal Bureau of Investigation to find those responsible, and that more than one person was likely to be involved.

The virus exploits a vulnerability in Microsoft Windows software first identified by the US National Security Agency, experts have said.

After taking computers over, it displayed messages demanding a payment of $300 in virtual currency Bitcoin to unlock files and return them to the user.

Microsoft released security updates last month to address the vulnerability, with another patch released on Friday.

The UK security researcher known as "MalwareTech", who helped to limit the ransomware attack, predicted "another one coming... quite likely on Monday".

MalwareTech, who wanted to remain anonymous, was hailed as an "accidental hero" after registering a domain name to track the spread of the virus, which actually ended up halting it.

The 22-year-old told the BBC it was very important for people to patch their systems as soon as possible.

- BBC

Get the RNZ app

for ad-free news and current affairs