MOSCOW - Countries across the globe scrambled to respond to a malicious "ransomware" virus, as internet security watchdogs said the attack had disproportionately targeted Russia.
The Russian cyber security firm Kaspersky Labs was among the first to identify the so-called "Wanna Cry" malware — a viral worm that exploits a vulnerability in the Windows operating system to encrypt files without users permission.
A group of hackers known as "The Shadow Brokers" are widely believed to have stolen the program from the U.S. National Security Agency last April and deployed it as a means to ransom user data around the world for cash profits.
Kaspersky Labs initially reported 45,000 attacks by the malware in more than 70 countries, with Russia bearing the brunt of the onslaught. “The range of targets and victims is likely much, much higher,” warned the Kaspersky report.
Within hours, other internet security firms put the number of computers targeted at more than 75,000 computers in 100 countries. Those numbers are expected to grow.
Russia’s powerful Interior Ministry and national railway service both confirmed they had fallen victim to the malware. The Russian mobile telecom giant, Megafon, too, issued a statement saying its servers had been compromised.
But by mid-day Saturday, spokesmen from all three said they had successfully isolated the virus and were operating as usual.
The statements came as other key Russian ministries, and the country’s central bank, pushed back against claims state computer infrastructure had been compromised.
In statements to Russian media, all argued they had thwarted the virus using non-Windows operating systems while trumpeting the merits of data backups using a, notably, Russian-made server, Elbrus.
The claims have not been confirmed by outside experts.
The Kremlin has long been suspicious of Western technology firms, arguing they work in collusion with American intelligence agencies.
In 2014, Russia’s Duma passed a law requiring Western tech companies such as Facebook, Twitter, and Google to relocate servers to Russia in an effort to protect Russian user data. Though not yet fully implemented, Russian internet activists have argued the law gives Russian security services dangerous access to private data with little legal recourse.
Russian President Vladimir Putin has also pushed for digital independence from Western tech firms, partially in response to American and European sanctions introduced following Russia’s annexation of Crimea from Ukraine in 2014.
Sunday, the Kremlin’s advisor on internet strategy German Klimenko seized the latest cyber attack as a chance to praise those moves.
“The president’s order to create a Russian segment of the internet, [it created] a closed Internet solely for government bureaucrats,” said Klimenko in an interview with Russia’s Channel One television.
“The defense against attacks has been in place a long time,” he added. “It is doubtful our [government] data suffered.”
Meanwhile, Russia’s online community debated the disproportionate targeting of Russia, in particular allegations the virus had originated with the NSA.
But on the Russian-built secure messaging app Telegram, users traded theories the virus was a U.S. plot aimed at disrupting the country’s 2018 presidential elections, apparent payback for U.S. intelligence agencies’ conclusion Russian hackers had interfered in last year’s American presidential elections.
But Anton Nossik, a longtime leading internet voice in Russia, rejected those charges as “terribly funny” in a widely shared post to his Live Journal blog.
“That 74 countries were implicated in the virus is explained as Russia’s enemies desire to hide the real goal of their attack,” wrote Nossik, who notes that Russian governmental officials had been too lazy to install a Windows "patch" available since last March that resolved the security flaw.
“Really, how can you deceive our ever wakeful conspiracy theorists?” he added wryly, “To hack their computers is the simplest thing, but to destroy their vigilance? Never!”
Other Russian digerati, too, pushed back against the idea that Russia had been a target by design.
"There's no politics or intention here. The virus is just spreading randomly," says Ilya Sachkov, Director of the Moscow-based Group IB, a company that tracks internet fraud, in an interview with Moscow's Business FM radio.
Sachkov notes ransomeware attacks have been growing in number and strength for years.
The unfolding crisis and alleged links to the NSA again thrust Edward Snowden, the former NSA contractor who was granted asylum in Russia after leaking classified NSA documents to the press in 2013, into the spotlight.
In a series of Twitter posts, Snowden argued the NSA bore moral responsibility for the leak.
“Despite warnings, the NSA built dangerous attack tools that could target Western software,” wrote Snowden. “Today we see the cost.”