Germany’s rail network was thrown into chaos on Friday night when it fell victim to the cyber attack roiling the world.
Hours after NHS hospitals were left crippled by the attack; Deutsche Bahn became the hackers’ latest high profile victim.
Using tools widely believed to have been developed by the US National Security Agency, the cyber criminals tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.
The ransomware, called WannaCry, encrypted data on the computers, demanding payments of $300 to $600 to restore access, The Telegraph reported.
Deutsche Bahn computers appeared to be infected with the virus, with the “ransomware” message demanding money appearing on screens at train stations.
Pictures posted on social media by commuters showed train information monitors displaying the ransom demand to unlock the computers.
Deutsche Bahn said: “Due to a Trojan attack there are system failures in various areas.”
Security experts warn there is no guarantee that access will be granted after payment. Some ransomware that encrypts files ups the stakes after a few days, demanding more money and threatening to delete files altogether.
Researchers with security software maker Avast said they had seen 57,000 infections in 99 countries with Russia, Ukraine and Taiwan the top targets.
A mysterious cyber gang – called Shadow Brokers – said last month it had stolen a ‘cyber weapon’ from the National Security Agency (NSA), America’s powerful military intelligence unit.
The hacking tool, called ‘Eternal Blue’, gives unprecedented access to all computers using Microsoft Windows, the world’s most popular computer operating system. It had been developed by the NSA to gain access to computers used by terrorists and enemy states.
The gang in turn ‘dumped’ the computer bug on an obscure website on April 14 and it is believed to have been picked up by a separate crime gang which has used it to gain remote access to computers around the world.
The hackers, who have not come forward to claim responsibility or otherwise been identified, likely made it a “worm,” or self-spreading malware.
Microsoft on Friday said it was pushing out automatic Windows updates to defend clients from WannaCry. It issued a patch on March 14 to protect them from Eternal Blue.