Editions:  Austria · Denmark · France · Germany · Italy · Norway · Spain · Sweden · Switzerland
Advertisement

International cyber attacks put ransoms on German rail station screens

Share this article

International cyber attacks put ransoms on German rail station screens
Photo: DPA
16:11 CEST+02:00
A fast-moving wave of cyber attacks that swept the globe Friday targeted German rail operator Deutsche Bahn.

The software attacks exploited a flaw exposed in documents leaked from the US National Security Agency and use a technique known as ransomware that locks users' files unless they pay the attackers a designated sum in the virtual currency Bitcoin, reports news agency AFP.

The ransomware demands payment of 275 euros in Bitcoin within three days or the price is doubled, and if none is received in seven days, the files will be deleted, according to a screen message.

Affected by the onslaught were computer networks at hospitals in Britain, Russia's interior ministry, the Spanish telecom giant Telefonica and the US delivery firm FedEx, as well as organisations in Sweden.

The US Department of Homeland Security's computer emergency response team said it was aware of ransomware infections "in several countries around the world."

Jakub Kroustek of the security firm Avast said in a blog post update around 2000 GMT, "We are now seeing more than 75,000 detections... in 99 countries."

Germany's Deutsche Bahn (DB) computers were also impacted, with the company reporting on Saturday morning that display panels in the stations were affected.

Deutsche Bahn information screens and ticket machines were also hit, reports AFP.

Travellers tweeted pictures of hijacked departure boards showing the ransom demand instead of train times. But DB insisted that trains were running as normal.

On Saturday, a cyber security researcher told AFP he had accidentally discovered a "kill switch" that can prevent the spread of the ransomware.

The researcher, tweeting as @MalwareTechBlog, said the discovery was accidental, but that registering a domain name used by the malware stops it from spreading. Computers already affected will not be helped by the solution.

However @MalwareTechBlog warned that the "crisis isn't over" as those behind it "can always change the code and try again."

The ransomware's name is WCry, but analysts were also using variants such as WannaCry.

"It's unequivocally scary," said John Dickson of the Denim Group, a US security consultancy.

Dickson said the malware itself, which exploits a flaw in Windows, was not new but that adding the ransomware "payload" made it especially dangerous.

"I'm watching how far this propagates and when governments get involved," he said.

Microsoft released a patch to protect against vulnerability to the ransomware in March, but many systems may not have been updated. 

Get notified about breaking news on The Local

Share this article

Advertisement

From our sponsors

10 things you should never do in Germany

Every country has its own unique cultural dos and don'ts. You won't get a round of applause for remembering the dos, but you can get into seriously hot water for forgetting the don'ts. To help you out, here's The Local's guide to 10 things you should never do in Germany.

Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement