WannaCry ransomware may not attack Indian bank ATMs, says cyber security experts

But U.K. hospitals, Chinese universities and global firms like Fedex also reported they had come under assault.

Microsoft’s top lawyer is laying some of the blame for Friday’s massive cyberattack at the feet of the US government. The ransomware was created to repeatedly contact an unregistered domain in its code. The researcher, who uses the pseudonym “MalwareTech” for personal security, registered a domain name buried in the code of the attack and was surprised to discover that it was the kill switch that sent a signal to stop the attacks.

Just one day before the attack Dr Krishna Chinthapalli, a registrar in London, warned in a British Medical Journal article that some hospitals “will nearly certainly be shut down by ransomware this year”. Copycat attacks could follow.

Security experts say this attack should wake up every corporate board room and legislative chamber around the globe.

“The affected company doesn’t fall under critical infrastructure, it’s not a medical or health service and it is not a big company”, he said.

Once inside an organization, WannaCry uses a Windows vulnerability purportedly identified by the NSA and later leaked to the internet.

“In cases of genuine (universal resource locators) URLs, close out the email and go to the organisation’s website directly through browser”, it said.

The ransomware attack was particularly malicious, because if just one person in an organization clicked on an infected attachment or bad link, all the computers in a network would be infected, said Vikram Thakur, technical director of Symantec Security Response.

Companies and institutions are often slow to update their computers because it can screw up internal software that is built to work with a certain version of Windows.

Computers around the globe were hacked beginning on Friday using a security flaw in Microsoft’s Windows XP operating system, an older version that was no longer given mainstream tech support by the USA giant.

The patches won’t do any good for machines that have already been hit.

Clapper and Europol say the scope of the problem may become bigger Monday when people switch on their computers. Wainwright said Europol did not know the motive.

“It’s an worldwide attack and a number of countries and organisations have been affected”, British Prime Minister Theresa May said. The NHS said on May 13 that nearly all of its computers were back to normal operation.

Hong Kong-based Ivezic said that the ransomware was forcing some more “mature” clients affected by the worm to abandon their usual cautious testing of patches “to do unscheduled downtime and urgent patching, which is causing some inconvenience”. State media reported that digital payment systems at PetroChina gas stations were offline, forcing customers to pay cash.

– Who was behind the attack? Bad guys generally target Windows far more than Apple’s operating system because there are vastly more computers running Windows around the world.

Also hit were Deutsche Bahn, the Russian Central Bank, Russian Railways, Russia’s Interior Ministry, Megafon and Telefónica.

Installing the patch is one way to secure computers against the virus.

United Kingdom defense secretary Michael Fallon said Sunday that Britain’s nuclear submarines were safe from cyberattack. As of Saturday afternoon, the hackers appeared to have received less than $30,000, according to security researchers. John Bambanek, threat research manager at the Fidelis Cybersecurity firm, said that “the fact that a vulnerability developed by the NSA was used in this attack shows the dangers that can happen when this knowledge gets out into the wild even after a patch has been developed”.

“It seems that a lot of internet security guys over the weekend did their homework and ran the security software updates”, Jan Op Gen Oorth told AFP.

Interestingly, the same tool is believed to have been used by another anonymous hacking group to gain remote access to computers, that brought parts of the NHS to a standstill. It also installs the DOUBLEPULSAR backdoor.