Ransomware cyberattack hits Australia as EU warns victims worldwide may grow

More Australians could find they have become victims of a massive global cyber attack when they turn on their computers this morning, the Federal Government is warning.

The attack, which locks computers and holds users' files for ransom, hit 200,000 victims in 150 countries over the weekend.

The European Union's police agency has also warned the number of people affected by the cyberattack, may grow today as people return to work and switch on their computers.

One Australian company appears to have been targeted by the attacks, with the possibility of more, said Assistant Minister for cyber-security Dan Tehan.

"We are now getting reports that there might be two other incidents so that would bring the total number of incidents in Australia to three," he told ABC News.

"What we are seeing is the exact same features that have occurred overseas: a freezing of their IT systems and a ransomware note."

Mr Tehan said the attacks were on small- to medium-sized private sector businesses and that government departments had been told to ensure they were protected.

"This is absolutely a wake-up call," he said.

"We have to understand that ransomware costs the Australian economy $1 billion a year conservatively."

Britain's healthcare system was thrown into chaos by the ransomware attack on the weekend.

On Sunday the UK Government announced 97 per cent of its hospital were back to normal after the attack locked , but Europol director Rob Wainwright said he feared the attack was not over and that the number of attacks would continue to grow.

"The global reach is unprecedented. The latest count is over 200,000 victims in at least 150 countries, and those victims, many of those will be businesses, including large corporations," he said.

"At the moment, we are in the face of an escalating threat. The numbers are going up, I am worried about how the numbers will continue to grow when people go to work and turn [on] their machines on Monday morning."

Cyber crime: Why you should care

All individuals and organisations connected to the internet are vulnerable to cyber attack – and the threat is growing.

Attackers used encryption algorithms to lock files and demanded owners pay a ransom to access those files.

Mr Wainwright said what was unique about the attack was that the ransomware was used in combination with "a worm functionality" so the infection spread automatically.

New versions of the worm are expected, cyber security experts have warned, as the extent of the damage from Friday's attack remains unclear.

Monday is expected to be a busy day, especially in Asia which may not have seen the worst of the impact yet, as companies and organisations turn on their computers.

"Expect to hear a lot more about this tomorrow morning when users are back in their offices and might fall for phishing emails [or other as yet unconfirmed ways the worm may propagate]," Singapore-based security researcher Christian Karam said.

Europol spokesman Jan Op Gen Oorth said it was too early to say who was behind the onslaught and what their motivation was.

Mr Oorth said the main challenge was the fast-spreading capabilities of the malware, but added that, so far, not many people had paid the ransoms the virus demanded.

Cyber security research experts warned against giving in to criminal syndicates in order to have data unlocked.

Director for Centre for Cyber Security Research at Deakin University, Professor Yang Xiang, said it was not ethical to pay ransom for data.

"If you keep paying ransom it's actually helping attackers to grow the industry," he told the ABC.

'You're only safe if you patch ASAP'

The attack is believed to be the biggest online extortion attack ever recorded, with victims including Britain's hospital network and Germany's national railway.

As terrifying as the unprecedented global "ransomware" attack was, cybersecurity experts said it was nothing compared to what might be coming — especially if companies and governments do not make major fixes.

Had it not been for a young cybersecurity researcher's accidental discovery of a so-called "kill switch", the malicious software likely would have spread much farther and faster that it did on Friday.

The 22-year-old — identified online only as MalwareTech — partnered with 28-year-old research engineer Darien Huss to register a domain name and redirect the attacks to Malware Tech's server to activate the "kill switch".

That halted the ransomware's infections by creating what is called a "sinkhole", which prevents botnets from communicating with their command-and-control servers.

But MalwareTech said sinkholing would only stop the spread until hackers removed the domain check and tried again. He said it was "incredibly important that any unpatched systems are patched as quickly as possible".

"You're only safe if you patch ASAP," he warned.

This is already believed to be the biggest online extortion attack ever recorded, disrupting computers that run factories, banks, government agencies and transport systems in nations as diverse as Russia, Ukraine, Brazil, Spain, India and the US.

Security experts tempered the alarm bells by saying that widespread attacks are tough to pull off.

This one worked because of a "perfect storm" of conditions, including a known and highly dangerous security hole in Microsoft Windows, tardy users who did not apply Microsoft's March software fix, and malware designed to spread quickly once inside university, business or government networks.