Worldwide ransomware attacks: What we know

Posted May 18, 2017

The threat was "escalating" as cyber experts warned that another attack was imminent in coming days, he said.

While Mr MacGibbon said Australia looks to have missed the worst of the attack as it didn't seem to have infected government agencies or critical infrastructure, people shouldn't be complacent.

The software holds users hostage by freezing their computers, encrypting their data and demanding money through online bitcoin payment - US$300 at first, rising to US$600 before it destroys files hours later.

In England, 48 NHS trusts fell victim, as did 13 NHS bodies in Scotland.

In the United Kingdom, the National Health Service has been forced to cancel operations today within its hospitals after computers used to share patients' test results and scans with doctors remain frozen.

The list of institutions affected is expected to grow as more become aware of hacks or if more variants spread infections.

It encrypted users' computer files and displayed a message demanding anywhere from $300 to $600 to release them; failure to pay would leave the data mangled and likely beyond fix.

BBC analysis of three accounts linked with the global attack suggests the hackers have already been paid the equivalent of £22,080.

MalwareTech, who wants to remain anonymous, was hailed as an "accidental hero" after registering a domain name to track the spread of the virus, which actually ended up halting it.

"So there's a good chance they are going to do it. maybe not this weekend, but quite likely on Monday morning".

French carmaker Renault was forced to stop production at sites in France, Slovenia and Romania, while FedEx said it was "implementing remediation steps as quickly as possible".

Fellow security researcher Darien Huss, from tech firm Proofpoint, echoed MalwareTech's view. "Or we could potentially see copycats mimic the delivery or exploit method they used".

A massive malware attack was launched on Friday, affecting at least 75,000 computers in 99 countries.

"This is a trivial change for the malware originators or copy-cat authors and so even if a fresh attack does not materialise on Monday, we should expect it soon afterwards", she said.

The security flaw that hackers used to launch the attacks Friday was made public after information was stolen from the U.S. National Security Agency, which routinely searches for flaws in software and builds tools to exploit them.

Microsoft's president and top lawyer said Sunday that the ongoing cyberattacks, which experts are calling the largest in history, should be a "wake-up call" for governments - especially the U.S.

He added: "That's why we're seeing these numbers increasing all the time".

The assault, which began Friday and was being described as the biggest-ever cyber ransom attack, struck state agencies and major companies around the world - from Russian banks and British hospitals to FedEx and European auto factories.

The WannaCry ransomware is being spread through a weakness in Microsoft Windows that was originally exploited by the US National Security Agency (NSA) as part of their arsenal of cyberweapons in a tool called "Eternal Blue".

In China, hundreds of thousands of computers at almost 30,000 institutions and organisations were infected by late Saturday, internet firm 360 Security said.

The cyber attack that crippled NHS computer systems is the biggest of its kind ever launched, security chiefs have said.

"If you're sitting in a hard-pressed hospital in the middle of England, it is hard to see that as a greater priority than dealing with outpatients or A&E".