International cyber attacks put ransoms on German rail station screens

Author thumbnail
AFP/The Local - [email protected]
International cyber attacks put ransoms on German rail station screens
Photo: DPA

A fast-moving wave of cyber attacks that swept the globe Friday targeted German rail operator Deutsche Bahn.


The software attacks exploited a flaw exposed in documents leaked from the US National Security Agency and use a technique known as ransomware that locks users' files unless they pay the attackers a designated sum in the virtual currency Bitcoin, reports news agency AFP.

The ransomware demands payment of 275 euros in Bitcoin within three days or the price is doubled, and if none is received in seven days, the files will be deleted, according to a screen message.

Affected by the onslaught were computer networks at hospitals in Britain, Russia's interior ministry, the Spanish telecom giant Telefonica and the US delivery firm FedEx, as well as organisations in Sweden.

The US Department of Homeland Security's computer emergency response team said it was aware of ransomware infections "in several countries around the world."

Jakub Kroustek of the security firm Avast said in a blog post update around 2000 GMT, "We are now seeing more than 75,000 detections... in 99 countries."

Germany's Deutsche Bahn (DB) computers were also impacted, with the company reporting on Saturday morning that display panels in the stations were affected.

Deutsche Bahn information screens and ticket machines were also hit, reports AFP.

Travellers tweeted pictures of hijacked departure boards showing the ransom demand instead of train times. But DB insisted that trains were running as normal.

On Saturday, a cyber security researcher told AFP he had accidentally discovered a "kill switch" that can prevent the spread of the ransomware.

The researcher, tweeting as @MalwareTechBlog, said the discovery was accidental, but that registering a domain name used by the malware stops it from spreading. Computers already affected will not be helped by the solution.

However @MalwareTechBlog warned that the "crisis isn't over" as those behind it "can always change the code and try again."

The ransomware's name is WCry, but analysts were also using variants such as WannaCry.

"It's unequivocally scary," said John Dickson of the Denim Group, a US security consultancy.

Dickson said the malware itself, which exploits a flaw in Windows, was not new but that adding the ransomware "payload" made it especially dangerous.

"I'm watching how far this propagates and when governments get involved," he said.

Microsoft released a patch to protect against vulnerability to the ransomware in March, but many systems may not have been updated. 


Join the conversation in our comments section below. Share your own views and experience and if you have a question or suggestion for our journalists then email us at [email protected].
Please keep comments civil, constructive and on topic – and make sure to read our terms of use before getting involved.

Please log in to leave a comment.

See Also