Killer worm cyber-crisis

Info-tech staff around the world scrambled yesterday to patch computers and restore infected ones amid fears that the ransomware worm that stopped car factories, hospitals, shops and schools could wreak fresh havoc today when employees log back on.

The assault, which began on Friday and was described as the biggest cyber-ransom attack, struck state agencies and major companies - from Russian banks and UK hospitals to FedEx in the US and European car factories.

"The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits," said Europol, Europe's police agency.

The spread of the virus dubbed WannaCry - "ransomware" which locked up more than 100,000 computers - had slowed, cybersecurity experts said, but they warned that the respite may be brief.

New versions of the worm were expected and the extent of the damage so far was still unclear.

Marin Ivezic, cybersecurity partner at PwC, said that some clients had been "working around the clock since the story broke" to restore systems and install software updates, or patches, or restore systems from backups.

Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm to spread across networks, a rare and powerful feature that caused infections to surge on Friday.

Code for exploiting that bug, which is known as "Eternal Blue", was released on the internet in March by a hacking group known as the Shadow Brokers. The group claimed it was stolen from a repository of US National Security Agency hacking tools.

Targets both large and small have been hit.

Hundreds of hospitals and clinics in the UK National Health Service were infected on Friday, forcing them to send patients to other facilities.

Symantec, a cybersecurity company, predicted infections would cost tens of millions of dollars, mostly from cleaning corporate networks.

What is ransomware?

Ransomwar, which demands payment after launching a cyber attack, is a rising trend among hackers.

The attack involves taking control of a computer system and blocking access to it until a ransom is paid.

This is normally in the form of bitcoin, the online cryptocurrency.

The best protection against ransomware attacks is to have all files backed up in a completely separate system.

It is also advisable to be suspicious of unsolicited e-mails and always type out web addresses yourself rather than clicking on links. Another key defence is antivirus programs.

Victims are advised not to pay the ransom as it encourages attackers. Even if victims do pay, there is no guarantee that all files will be returned to them intact. - ©The Daily Telegraph