A window announcing the encryption of data including a requirement to pay appears on an electronic timetable display at the railway station in Germany's Chemnitz on May 12. Photograph: (AFP)
Cyber security experts scrambled Saturday to contain the impact of an unprecedented global cyber-attack that left state agencies and major companies around the world reeling after it forced computer systems to shut down by blocking access to files and demanding ransom money.
The hunt was on for the culprits behind the assault, which was being described as the biggest-ever cyber ransom attack which struck Russia's banks, British hospitals, FedEx and European car factories.
The attacks used ransomware, which locks users' files unless they pay the attackers a designated sum in the virtual Bitcoin currency. Images appeared on victims' screens demanding payment of $300 (275 euros) in Bitcoin, saying: "Ooops, your files have been encrypted!"
Payment is demanded within three days or the price is doubled, and if none is received within seven days the files will be deleted, according to the screen message.
Europe's policing agency, the interpol said the attacks were at an "unprecedented level" and will require a complex international investigation to identify the culprits."
Mikko Hypponen, chief research officer of US cyber security company F-Secure told AFP, the attack was "the biggest
ransomware outbreak in history", affecting 130,000 systems in more than 100 countries.
Russia and India were hit particularly hard, largey because tech giant Microsoft's older Windows XP operating software was still widely used there, Mikko Hypponen said.
Microsoft said the situation was "painful" and that it was taking "all possible actions to protect our customers".
It issued guidance for people to protect their systems, while taking the "highly unusual step" of providing a security update "for all customers to protect Windows platforms that are in custom support only", including Windows XP, Windows 8, and Windows Server 2003 operating systems.
In India, computers in 18 police units across police departments of Andhra Pradesh were affected by the global cyber-attack, media reports said. The systems using the Windows operating system were hit. Officials, however, clarified that the day-to-day functioning was not hampered, adding that the police chief's computer running Apple's iOS OS was safe.
The districts affected in the southern Indian state included Chittoor, Krishna, Guntur, Visakhatpatnam and Srikakulam.
Ransonware exploits vulnerability in Microsoft Windows
US software firm Symantec said the attack affected systems indiscriminately and the ransomware spread through corporate networks, "without user interaction, by exploiting a known vulnerability in Microsoft Windows".
The attacks apparently exploited a flaw exposed in documents leaked from the US National Security Agency (NSA).
Laurent Marechal, a cyber security expert at McAfee, said: "We still don't know if this is worsening or easing. It is too early to tell. We are still in the analysis phase."
In the United States, package delivery group FedEx acknowledged it had been hit by malware and said it was "implementing remediation steps as quickly as possible."
Renault stops production at sites in France, Slovenia, Romania
French carmaker Renault was forced to stop production at sites in France, Slovenia and Romania, saying the measure was aimed at stopping the virus from spreading.
Japanese carmaker Nissan's plant in Sunderland, northeast England, was attacked but production shuts on Saturdays in any case.
Russia's interior ministry said that some of its computers had been hit by a "virus attack" and that efforts were underway to destroy it.
The country's central bank said the Russian banking system was attacked, and the railway system also reported attempted breaches. The central bank's IT attack monitoring centre "detected mass distribution of harmful software" but no "instances of compromise", it said.
Germany's Deutsche Bahn computers were also impacted, with the rail operator reporting that station display panels were affected. Some Italian universities were hit.
Cyber security researcher accidentally discovers 'kill switch' to prevent spread
On Saturday, a cyber security researcher told AFP he had accidentally discovered a "kill switch" that could prevent the spread of the ransomware.
The researcher, tweeting as @MalwareTechBlog, said registering a domain name used by the malware stops it from spreading, though it cannot help computers already affected.
In a statement, computer security group Kaspersky Labs said it was "trying to determine whether it is possible to decrypt data locked in the attack -- with the aim of developing a decryption tool as soon as possible."
A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the NSA, Kaspersky said.
Although Microsoft released a security patch for the flaw earlier this year, many systems have yet to be updated, researchers said.
"Unlike most other attacks, this malware is spreading primarily by direct infection from machine to machine on local networks, rather than purely by email," said Lance Cottrell, chief scientist at the US technology group Ntrepid.
Some said the attacks highlighted the need for agencies like the NSA to disclose security flaws so they can be patched.
G7 finance ministers meeting in Italy vowed to unite against cyber crime and discuss the matter at the G7 leaders' summit next month.
In Britain, the attack disrupted care at National Health Service facilities, forcing ambulances to divert and hospitals to postpone operations.
Interior minister Amber Rudd chaired a meeting of Britain's national emergencies committee.
"There will be lessons to learn from what appears to be the biggest criminal cyber attack in history," she said. "But our immediate priority as a government is to disrupt the attack, restore affected services as soon as possible, and establish
who was behind it so we can bring them to justice."
(WION with inputs from AFP)