As the malware that affected the National Health Service (NHS) England hospitals continues to spread across various parts of the world, Kaspersky Lab, a cyber security company based in Moscow, has published a blog post in which it estimates that 45,000 attacks have been carried out in 74 countries, mostly in Russia. It added that the totals could be “much, much higher.”
“Currently, we have recorded more than 45,000 attacks of the WannaCry ransomware in 74 countries around the world, mostly in Russia. It’s important to note that our visibility may be limited and incomplete and the range of targets and victims is likely much, much higher,” the blog post says. “Our analysis indicates the attack, dubbed “WannaCry”, is initiated through an SMBv2 remote code execution in Microsoft Windows. This exploit (codenamed “EternalBlue”) has been made available on the internet through the Shadowbrokers dump on April 14th, 2017 and patched by Microsoft on March 14. Unfortunately, it appears that many organisations have not yet installed the patch.”
“It’s important to understand that while unpatched Windows computers exposing their SMB services can be remotely attacked with the “EternalBlue” exploit and infected by the WannaCry ransomware, the lack of existence of this vulnerability doesn’t really prevent the ransomware component from working. Nevertheless, the presence of this vulnerability appears to be the most significant factor that caused the outbreak,” the post adds.
Earlier, a number of hospitals across England were forced to divert emergency patients after being hit by a suspected cyber attack. Attacks then began being reported across many other countries, including Turkey, Vietnam, the Philippines, Japan, the U.S., China, Spain, Italy and Taiwan with the majority of affected computers in Russia. The computers all appeared to be hit with the same ransomware, and similar ransom messages demanding about $300 to unlock their data, The New York Times reports. The malware was circulated by email; targets were sent an encrypted, compressed file that, once loaded, allowed the ransomware to infiltrate its targets.
Portugal Telecom was also hit by a cyber attack but no services were impacted. “We were the target of an attack, like what is happening in all of Europe, a large scale-attack, but none of our services were affected,” a Portugal Telecom spokeswoman said.
