Share

Several countries battle cyber attack damages

London - Teams of technicians worked "round the clock" on Saturday to restore hospital computer systems in Britain and check transport services in other nations after a global cyber attack that hit dozens of countries crippled the UK's health system.

In Russia, where a wide array of systems came under attack, officials said services had been restored or the virus contained.

The extortion attack, which locked up computers and held users' files for ransom, is believed to be the biggest of its kind ever recorded, disrupting services in nations as diverse as the US, Russia, Ukraine, Spain and India.

Malicious software

Europol, the European Union's police agency, said the onslaught was at "an unprecedented level and will require a complex international investigation to identify the culprits".

The ransomware appeared to exploit a vulnerability in Microsoft Windows that was purportedly identified by the US National Security Agency for its own intelligence-gathering purposes and was later leaked to the internet.

It was not yet known who perpetrated the attacks. Two security firms - Kaspersky Lab and Avast - said they had identified the malicious software behind the attack in over 70 countries, although both said the attack had hit Russia the hardest.

The Russian Interior Ministry, which runs the country's police, confirmed it was among those that fell victim to the ransomware, which typically flashes a message demanding a payment to release the user's own data. Spokesperson Irina Volk was quoted by the Interfax news agency on Saturday as saying the problem had been "localised" and that no information was compromised.

Malware from spreading

A spokesperson for the Russian Health Ministry, Nikita Odintsov, said on Twitter that the cyber attacks on his ministry were "effectively repelled".

Russia's central bank said on Saturday it had seen no incidents "compromising the data resources of bank institutions," state news agency Tass reported. The national railway system said although it was attacked, rail operations were unaffected.

French carmaker Renault's assembly plant in Slovenia halted production after it was targeted in the global cyber attack. Radio Slovenia said on Saturday the Revoz factory in the southeastern town of Novo Mesto stopped working on Friday evening to stop the malware from spreading. The radio said the factory is working with the central office in France to resolve the problem.

In Britain, the National Cyber Security Centre says it is "working round the clock" with experts to restore vital health services.

British Home Secretary Amber Rudd - who was chairing a government emergency security meeting on Saturday in response to the attack - said 45 public health organisations were hit, though she stressed that no patient data had been stolen. The attack froze computers at hospitals across the country, with some cancelling all routine procedures. Patients were asked not to go to hospitals unless it was an emergency and even some key services like chemotherapy were cancelled.

Older version

British media had reported last year that most public health organisations were using an outdated version of Microsoft Windows that was not equipped with security updates.

Security experts said the attack appeared to be caused by a self-replicating piece of software that enters companies and organisations when employees click on email attachments, then spreads quickly internally from computer to computer when employees share documents.

The security holes it exploits were disclosed several weeks ago by TheShadowBrokers, a mysterious group that has published what it says are hacking tools used by the NSA as part of its intelligence-gathering.

Shortly after that disclosure, Microsoft announced that it had already issued software "patches," or fixes, for those holes - but many users haven't yet installed the fixes or are using older versions of Windows.

In the US, FedEx Corp reported that its Windows computers were "experiencing interference" from malware, but wouldn't say if it had been hit by ransomware.

Ticketing facility down

Elsewhere in Europe, the attack hit companies including Spain's Telefonica, a global broadband and telecommunications company.

Germany's national railway said on Saturday that departure and arrival display screens at its train stations were affected, but there was no impact on actual train services. Deutsche Bahn said it deployed extra staff to busy stations to provide customer information and recommended that passengers check its website or app for information on their connections.

Other European organisations hit by the massive cyber attacks included soccer clubs in Norway and Sweden, with IF Odd, a 132-year-old Norwegian soccer club, saying its online ticketing facility was down.

Security officials in Britain urged organisations to protect themselves from ransomware by updating their security software fixes, running anti-virus software and backing up data elsewhere.


We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Voting Booth
Do you think corruption-accused National Assembly Speaker Nosiviwe Mapisa-Nqakula will survive a motion of no confidence against her?
Please select an option Oops! Something went wrong, please try again later.
Results
No, her days are numbered
40% - 199 votes
Yes, the ANC caucus will protect her
60% - 304 votes
Vote
Rand - Dollar
19.04
-0.7%
Rand - Pound
24.02
-0.5%
Rand - Euro
20.53
-0.3%
Rand - Aus dollar
12.36
-0.1%
Rand - Yen
0.13
-0.7%
Platinum
900.15
+0.4%
Palladium
1,000.00
-0.2%
Gold
2,212.54
+0.8%
Silver
24.59
-0.2%
Brent Crude
86.09
-0.2%
Top 40
68,094
+0.6%
All Share
74,290
+0.5%
Resource 10
56,964
+2.3%
Industrial 25
103,585
+0.3%
Financial 15
16,463
-0.4%
All JSE data delayed by at least 15 minutes Iress logo
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE