Ransomware Attack: Experts rush to restore systems

No Bangladesh government website or data centres or any other infrastructure faced any problem in the global ransomeware attack, which affected computers in nearly 100 countries on Friday.

However, there were infections at individual level in Bangladesh, reports our staff correspondent.

A top executive of Asian TV yesterday said four of their desktops were affected Friday evening.

Faria Hossain, a joint news editor of the channel, said around 8:00pm she found the notice about her data being encrypted and demand for money on her computer and after that she could not work on it.

Her IT team tried to fix the problem until yesterday evening to no avail.

Sumon Ahmed Sabir, chief strategy officer of international internet gateway Fibre@Home, told The Daily Star that they had no information on any massive attack in the country, except some individual cases.

“Our market is dominated by pirated software. However, we are very fortunate that this time nothing serious happened,” said Sumon.

About preventing this type of attack, Sumon suggested arranging backups of data and being cautious about opening or receiving files.

Tarique Barkatullah, director of National Data Center at Bangladesh Computer Council, said, “We have checked out all the government web sites and other infrastructure and found no issues.”

In March Microsoft itself advised its customers about the attack and released a software update for Windows 10, said Barkatullah.

In the wake of the attack, Microsoft said it had taken the "highly unusual step" of releasing a patch for computers running older operating systems including Windows XP, Windows 8 and Windows Server 2003, reports CNN.

Cyber security experts across the globe rushed to restore systems yesterday after an unprecedented global wave of cyberattacks that struck targets ranging from Russia's banks to British hospitals and a French carmaker's factories.

The hunt was on for the culprits behind the assault, which was being described as the biggest cyber ransom attack ever, reports AFP.

State agencies and major companies around the world were left reeling by the attacks which blocked access to files and demanded ransom money, forcing them to shut down their computer systems.

"The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits," said Europol, Europe's policing agency.

The attacks, which experts said affected dozens of countries, used a technique known as ransomware that locks users' files unless they pay the attackers a designated sum in the virtual Bitcoin currency.

Mikko Hypponen, chief research officer at the Helsinki-based cyber security company F-Secure, told AFP that the attack was "the biggest ransomware outbreak in history", saying that 130,000 systems had been affected.

He said Russia and India were hit particularly hard, in large part because the older Windows XP operating software was still widely used in the countries.

The attacks apparently exploited a flaw exposed in documents leaked from the US National Security Agency (NSA).

French carmaker Renault was forced to stop production at sites in France and Slovenia, saying the measure was aimed at stopping the virus from spreading.

In the United States, package delivery group FedEx acknowledged it had been hit by the malware and said it was "implementing remediation steps as quickly as possible."

Russia's interior ministry said that some of its computers had been hit by a "virus attack" and that efforts were underway to destroy it.

The country's central bank said the banking system was hit, and the railway system also reported attempted breaches.

The central bank's IT attack monitoring centre "detected mass distribution of harmful software" but no "instances of compromise", it said.

Russia's largest bank Sberbank said its systems "detected in time attempts to penetrate bank infrastructure".

Germany's Deutsche Bahn computers were also impacted, with the rail operator reporting that station display panels were affected.

In a statement, computer security group Kaspersky Labs said it was "trying to determine whether it is possible to decrypt data locked in the attack -- with the aim of developing a decryption tool as soon as possible."

Meanwhile, a cyber security researcher told AFP he had accidentally discovered a "kill switch" that could prevent the spread of the ransomware.

The researcher, tweeting as @MalwareTechBlog, said that the discovery was accidental, but that registering a domain name used by the malware stops it from spreading. Computers already affected will not be helped by the solution.

But @MalwareTechBlog warned that the "crisis isn't over" as those behind it "can always change the code and try again".

The malware's name is WCry, but analysts were also using variants such as WannaCry.

Britain's National Cyber Security Centre and its National Crime Agency were looking into the UK incidents, which disrupted care at National Health Service facilities, forcing ambulances to divert and hospitals to postpone operations.

Pictures on social media showed screens of NHS computers with images demanding payment of $300 (230 pounds, 275 euros) in Bitcoin, saying: "Ooops, your files have been encrypted!"

It demands payment in three days or the price is doubled, and if none is received in seven days the files will be deleted, according to the screen message.

"Ransomware becomes particularly nasty when it infects institutions like hospitals, where it can put people's lives in danger," said Kroustek, the Avast analyst.

A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the NSA, Kaspersky said.

Although Microsoft released a security patch for the flaw earlier this year, many systems have yet to be updated, researchers said.

"Unlike most other attacks, this malware is spreading primarily by direct infection from machine to machine on local networks, rather than purely by email," said Lance Cottrell, chief scientist at the US technology group Ntrepid.

Some said the attacks highlighted the need for agencies like the NSA to disclose security flaws so they can be patched.