France’s Renault hit in worldwide ‘ransomware’ cyber attack

French car giant Renault has been hit by the global ransomware cyber attack that has infected tens of thousands of computers in nearly 100 countries, a spokeswoman said on Saturday.

French Renault car maker production plant in Sandouville, northern France, was shut down on saturday due to the wave of global cyber attacks.
French Renault car maker production plant in Sandouville, northern France, was shut down on saturday due to the wave of global cyber attacks. CHARLY TRIBALLEAU / AFP

It is the first major French company to report being affected by the malware.

"Measures are being put in place to stop the spread of the virus; it's the first step," the spokeswoman said.

"We're seeking to have a global vision to see which sites have been affected," she added.

The attack affected businesses and government offices from Russia to Mexico on Friday, with experts, including European intelligence outfit, Europol, calling it the biggest ransomware outbreak ever.

Researchers believe a criminal organisation is behind this, given its global reach and sophistication.

Two security firms   Kaspersky Lab and Avast   said they had identified the malware behind the attack in upward of 70 countries, although both said the attack has hit Russia hardest, followed by Ukraine and Taiwan.

The Russian interior ministry said on its website that around 1,000 computers had been infected by the virus.

Other groups disrupted by the attack include British hospitals, Spanish telecommunications giant Telefonica, US shipping firm FedEx, and Germany’s national railway. Deutsche Bahn said it had deployed extra staff to busy stations to assist customers after its arrival and departure display screens went down on Friday night, although there was no impact on actual train services.

Turkey’s information and communication technologies authority, or BKT, also reported the nation had been affected by the malware, while in Indonesia two major hospitals had also been struck.

Demands payment in bitcoins

Officials and experts identified the type of malware as “Wanna Cry”, also known as “Wanna Decryptor”. It exploits a vulnerability in Microsoft’s Windows operating system that allows it to automatically spread across networks.

The Wanna Cry ransomware exploits a vulnerability widely believed by researchers to have been identified by the National Security Agency, and which was released on the internet last month by a group known as the Shadow Brokers.

Wanna Cry scrambles data on computers and then demands payments of $300 to $600 (approximately €274 to €550) to restore access, according to reports.

A Telefonica spokesman said a window appeared on screens of infected computers, demanding payment with the digital currency bitcoin in order to regain access to files.

Microsoft said on Friday its engineers had added detection and protection against the massive ransomware attack.

The company has released fixes for vulnerabilities and related tools disclosed by the Shadow Brokers.

British hospitals disrupted

British hospitals were among the first institutions to be hit by the virus, which caused patient delays and the cancelation of treatments. But Prime Minister Theresa May later said the computer problems were part of a wider global attack.

"We are aware that a number of NHS organisations have reported that they have suffered from a ransomware attack. This is not targeted at the NHS, it's an international attack and a number of countries and organisations have been affected," May said, referring to the country's National Health Service.

Britain's National Cyber Security Centre says teams are now working "round the clock" to restore hospital computer systems.

British Home Secretary Amber Rudd said Saturday that 45 public health organizations were hit, but she stressed that no patient data had been stolen.

British media had reported last year that most public health organizations were using an outdated version of Microsoft Windows that was not equipped with security updates.

A spokesman for Barts Health NHS Trust in London said it was experiencing "major IT disruption" and delays at all four of its hospitals.

"We have activated our major incident plan to make sure we can maintain the safety and welfare of patients," the spokesman said.

"We are very sorry that we have to cancel routine appointments, and would ask members of the public to use other NHS services wherever possible.”

(FRANCE 24 with AFP, AP)

Daily newsletterReceive essential international news every morning

Take international news everywhere with you! Download the France 24 app