Even as hospitals in Britain scrambled to contain the fallout from a cyber attack that forced them to turn patients away, it rapidly became clear that they were not the only casualties of a massive ransomware campaign that appears to have infected organisations across Europe as well as Asia on Friday (May 12) night.
Researchers behind the MalwareHunterTeam Twitter account said that the WannaCry ransomware had infected users in 11 countries, including Russia, Germany, Japan, Indonesia, Vietnam, and the Philippines.
Cyber security researcher Jakub Kroustek tweeted that there had been as many as 36,000 detections of the ransomware, also known as WanaCrypt0r or WCry, with Russia, Ukraine and Taiwan seeing the greatest number of instances. “This is huge,” he said.
It is still unclear as to the full extent of the attacks – and whether they are linked to one another.
In Spain, a number of firms including telecoms giant Telefonica fell victim to the outbreak.
Employees at Telefonica reportedly saw warnings on their screen largely identical to the ones that appeared on screens at British hospitals, demanding that a ransom be paid in bitcoin in return for access to their files.
Iberdrola and Gas Natural, along with Vodafone’s unit in Spain, asked staff to turn off computers or cut off Internet access in case they had been compromised, representatives from the firms said.
It was not immediately clear how many Spanish organisations had been compromised by the attacks, if any critical services had been interrupted or whether victims had paid cyber criminals to regain access to their networks.
Images tweeted by a user in Italy apparently show a computer lab in a university being locked by the same ransomware program.
“NOW THEY KNOW THEY CAN HIT THE BIG GUYS”
“Seeing a large telco like Telefonica get hit is going to get everybody worried. Now ransomware is affecting larger companies with more sophisticated security operations,” Chris Wysopal, chief technology officer with cyber security firm Veracode, said.
This was also likely to embolden cyber extortionists when selecting targets, Chris Comacho, chief strategy officer with cyber intelligence firm Flashpoint, said.
“Now that the cyber criminals know they can hit the big guys, they will start to target big corporations. And some of them may not be well prepared for such attacks,” Camacho said.
Sanjay Aurora of Darktrace told Channel NewsAsia that the ransomware attacks were the beginning of a trend that involves attackers using automated technology that is able to enter a network surreptitiously and carry out the mission without human oversight.
“We can only expect this trend to get worse. These attacks are too fast-moving for any security team, no matter how large, to keep up,” Mr Aurora said.