The ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. It demands users pay USD 300 worth of cryptocurrency Bitcoin to retrieve their files, though it warns that the payment will be raised after a certain amount of time. The malware spreads through email.
Individuals and organisations are discouraged from paying the ransom, as this does not guarantee access will be restored, the USCERT said.
According to it, ransomware spreads easily when it encounters unpatched or outdated software. A Microsoft spokeswoman said that the company was aware of the reports and was looking into the situation.
According to The Wall Street Journal, the malware believed to be behind the attacks encrypts data on infected computers and essentially holds it for ransom.
“Known as WannaCry or Wanna Decryptor, the so-called ransomware programme homes in on vulnerabilities in Microsoft Windows systems,” the daily said.
In a statement, international shipper FedEx said it has been badly hit by the cyber attack.
“Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware. We are implementing remediation steps as quickly as possible,” it said.
“This event should serve as a global wake-up call the means of delivery and the delivered effect is unprecedented,” Rich Barger, the director of threat research at security firm Splunk, said in a separate statement.
The Department of Homeland Security (DHS) said it is actively sharing information related to this event and stands ready to “lend technical support and assistance as needed to our partners, both in the United States and internationally”.
The DHS has a cadre of cyber security professionals that can provide expertise and support to critical infrastructure entities, it said in a statement.
The malware was made available online on April 14 through a dump by a group called Shadow Brokers, which claimed last year to have stolen a cache of “cyber weapons” from the National Security Agency (NSA). At the time, there was scepticism about whether the group was exaggerating the scale of its hack.
Whistleblower Edward Snowden blamed the NSA for not preventing the global cyber attack.
“Despite warnings, (NSA) built dangerous attack tools that could target Western software,” Snowden said. “Today we see the cost.”
“If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened,” he said.
Some cyber security experts and privacy advocates said the massive attack reflected a flawed approach by the US to dedicate more cyber resources to offence rather than defence, a practice they argued makes the internet less secure.