Cyber Security

Over 99 countries in latest hit by ‘atom bomb of malware’

A global cyber attack using hacking tools widely believed to have been developed by the US National Security Agency and leaked online by a group called the Shadow Brokers has caused chaos around the world.

British hospitals, the Russian government, German railways and big companies like FedEx were among those affected when they were crippled by the ‘ransomware’ that rapidly spread across the globe and infected 75,000 computers in 99 countries.

This map released by cybersecurity experts, shows the impact of the ransomware around the world - with blue dots representing incidents across the globe. Russia is thought to be worst affected
This map released by cybersecurity experts, shows the impact of the ransomware around the world – with blue dots representing incidents across the globe. Russia is thought to be worst affected

Meanwhile hundreds of private users in Taiwan were also struck by the malware, while IT systems at schools and universities in China were infected.

Security experts say the malicious software behind the onslaught appeared to exploit a vulnerability in Microsoft Windows that was identified by the US National Security Agency for its own intelligence-gathering purposes.

The malicious software was blocking access to computers and demanding payments of as much as $600 to restore access and scrambling data. It is thought to have impacted at least 75,000 computers, including machines in the Russian government.

The technological meltdown began earlier on Friday afternoon in Britain when more than 40 NHS organisations including hospitals and GP surgeries were hit by the virus.

But with the virus spreading at a rate of five million emails per hour, tens of thousands of victims have now been reported in 99 countries including the US, Australia, Belgium, France, Germany, Italy and Mexico.

The researcher, tweeting as @MalwareTechBlog, said the discovery was accidental, but that registering a domain name used by the malware stops it from spreading.

‘Essentially they relied on a domain not being registered and by registering it, we stopped their malware spreading,’ @MalwareTechBlog told AFP in a private message on Twitter.

The researcher warned however that people ‘need to update their systems ASAP’ to avoid attack: ‘The crisis isn’t over, they can always change the code and try again.