wannacry ransomware

WannaCry Ransomware Cyberattack [Video]




‘Biggest ransomware outbreak in history’ hits nearly 100 countries with data held for ransom

Dozens of countries have been hit with a huge cyber extortion attack that locked computers and held users’ files for ransom at a multitude of hospitals, companies and government agencies.

How did the attack occur?

  • Attack appeared to be caused by a self-replicating piece of software that takes advantage of vulnerabilities in older versions of Microsoft Windows, security experts say
  • It spreads from computer to computer as it finds exposed targets.
  • Ransom demands start at $US300 and increase after two hours, a security researcher at Kaspersky Lab says
  • Security holes were disclosed several weeks ago by TheShadowBrokers, a mysterious group that has repeatedly published what it says are hacking tools used by the NSA
  • Shortly after that disclosure, Microsoft announced it had already issued software “patches” for those holes
  • But many companies and individuals have not installed the fixes yet or are using older versions of Windows that the company no longer supports and for which no patch was available

The most disruptive attacks were reported in Britain, where hospitals and clinics were forced to turn away patients after losing access to computers, but other countries — including Spain, Portugal, and Russia — have also been targeted.

Cyber extortionists tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.

The ransomware encrypted data on the computers, demanding payments of $300 to $600 to restore access. Security researchers said they observed some victims paying via the digital currency bitcoin, though they did not know what percent had given in to the extortionists.

Mikko Hypponen, chief research officer at Helsinki-based cybersecurity company F-Secure, called it “the biggest ransomware outbreak in history”.

The malicious software behind the onslaught appeared to exploit a vulnerability in Microsoft Windows that was supposedly identified by the National Security Agency for its own intelligence-gathering purposes and was later leaked to the internet.

Researchers with security software maker Avast said they had observed 57,000 infections in 99 countries with Russia, Ukraine, and Taiwan the top targets.

Chris Wysopal of the software security firm Veracode said criminal organisations were probably behind the attack, given how quickly the malware spread.

“For so many organisations in the same day to be hit, this is unprecedented,” Mr Wysopal said.

But Alan Woodward, visiting professor of computing at the University of Surrey, said he did not believe it was a targeted attack.

“But will simply have been that the ransomware has sought out those organisations that are running susceptible devices,” Mr Woodward said.

The US Department of Homeland Security said late on Friday (local time) that it was aware of reports of the ransomware, was sharing information with domestic and foreign partners and was ready to lend technical support.

Patients turned away as hospitals hit with ransomware

Private security firms identified the ransomware as a new variant of “WannaCry” that had the ability to automatically spread across large networks by exploiting a known bug in Microsoft’s Windows operating system.

The hackers, who have not come forward to claim responsibility or otherwise been identified, likely made it a “worm,” or self-spreading malware, by exploiting a piece of NSA code known as “Eternal Blue” that was released last month by a group known as the Shadow Brokers, researchers with several private cyber security firms said.

We apologise but we are having issues with our computer systems. Please don’t attend A&E unless it’s an emergency. Thanks for your patience

Microsoft said it was pushing out automatic Windows updates to defend clients from WannaCry. It issued a patch on March 14.

The attack froze computers at hospitals across Britain, shutting down wards, closing emergency rooms and bringing medical treatments to a halt.

NHS Digital, which oversees hospital cybersecurity, said the attack was affecting organisations from across a range of sectors.

Many hospitals cancelled all routine procedures and warned patients not to come to the hospital unless it was an emergency. Some chemotherapy patients were even sent home because their records could not be accessed.

Several facilities in Scotland also reported being hit. Doctors’ practices and pharmacies reported similar problems.

Russia appeared to be the hardest hit, according to security experts, with the country’s Interior Ministry confirming it was struck.

The interior ministry said on its website that around 1,000 computers had been infected but it had localised the virus.

In addition to Russia, the biggest targets appeared to be Ukraine and India, nations where it is common to find older, unpatched versions of Windows in use, according to security firm Kaspersky Lab’s count.

Cyber crime: Why you should care

All individuals and organisations connected to the Internet are vulnerable to cyber attack – and the threat is growing.

A spokesman for Prime Minister Malcolm Turnbull said there had been no confirmed reports of an impact on Australian organisations at this stage.

He said the Federal Government was closely monitoring the situation.

“The Prime Minister’s Cyber Security Special Adviser is working with the Australian Cyber Security Centre and health agencies in Australia to determine any impact to Australia,” he said.

In Spain, some big firms took pre-emptive steps to thwart ransomware attacks following a warning from Spain’s National Cryptology Centre of “a massive ransomware attack”.

Iberdrola and Gas Natural, along with Vodafone’s unit in Spain, asked staff to turn off computers or cut off internet access in case they had been compromised, representatives from the firms said.

British cyber centre says it is investigating attack

Leading international shipper FedEx Corp said it was one of the companies whose system was infected with the malware that security firms said was delivered via spam emails.

“Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware,” the company said in a statement.

Only a small number of US-headquartered organisations were infected because the hackers appear to have begun the campaign by targeting organisations in Europe, a research manager with security software maker Symantec said.

Cyber security incidents increasing

The nation’s top spy agencies warn that the number of cyber security threats facing Australia is growing by the day.

By the time they turned their attention to US organisations, spam filters had identified the new threat and flagged the ransomware-laden emails as malicious, Vikram Thakur said.

Telecommunications company Telefonica was among many targets in Spain, though it said the attack was limited to some computers on an internal network and had not affected clients or services.

Portugal Telecom and Telefonica Argentina both said they were also targeted.

Britain’s National Cyber Security Centre, part of the GCHQ electronic intelligence agency, said it was working with police and the health system to investigate the attack.

British government officials and intelligence chiefs have repeatedly highlighted the threat to critical infrastructure and the economy from cyberattacks, with the National Cyber Security Centre reporting it had detected 188 “high-level” attacks in just three months.

AP/Reuters

Source: ABC Net Au

Stolen U.S. spy agency tool used to launch global cyberattack

(Reuters) – A global cyberattack leveraging hacking tools widely believed by researchers to have been developed by the U.S. National Security Agency hit international shipper FedEx, disrupted Britain’s health system and infected computers in nearly 100 countries on Friday.

Cyber extortionists tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.

The ransomware encrypted data on the computers, demanding payments of $300 to $600 to restore access. Security researchers said they observed some victims paying via the digital currency bitcoin, though they did not know what percent had given in to the extortionists.

Researchers with security software maker Avast said they had observed 57,000 infections in 99 countries with Russia, Ukraine, and Taiwan the top targets.

The most disruptive attacks were reported in Britain, where hospitals and clinics were forced to turn away patients after losing access to computers.

International shipper FedEx Corp said some of its Windows computers were also infected. “We are implementing remediation steps as quickly as possible,” it said in a statement.

Still, only a small number of U.S.-headquartered organizations were hit because the hackers appear to have begun the campaign by targeting organizations in Europe, said Vikram Thakur, research manager with security software maker Symantec.

By the time they turned their attention to the United States, spam filters had identified the new threat and flagged the ransomware-laden emails as malicious, Thakur said.

The U.S. Department of Homeland Security said late on Friday that it was aware of reports of the ransomware, was sharing information with domestic and foreign partners and was ready to lend technical support.

Telecommunications company Telefonica was among many targets in Spain, though it said the attack was limited to some computers on an internal network and had not affected clients or services. Portugal Telecom and Telefonica Argentina both said they were also targeted.

Private security firms identified the ransomware as a new variant of “WannaCry” that had the ability to automatically spread across large networks by exploiting a known bug in Microsoft’s Windows operating system.

“Once it gets in and starts moving across the infrastructure, there is no way to stop it,” said Adam Meyers, a researcher with cyber security firm CrowdStrike.

The hackers, who have not come forward to claim responsibility or otherwise been identified, likely made it a “worm,” or self-spreading malware, by exploiting a piece of NSA code known as “Eternal Blue” that was released last month by a group known as the Shadow Brokers, researchers with several private cyber security firms said.

“This is one of the largest global ransomware attacks the cyber community has ever seen,” said Rich Barger, director of threat research with Splunk, one of the firms that linked WannaCry to the NSA.

The Shadow Brokers released Eternal Blue as part of a trove of hacking tools that they said belonged to the U.S. spy agency.

Microsoft on Friday said it was pushing out automatic Windows updates to defend clients from WannaCry. It issued a patch on March 14 to protect them from Eternal Blue.

“Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt,” Microsoft said in a statement. It said the company was working with its customers to provide additional assistance.

Sensitive timing

The spread of the ransomware capped a week of cyber turmoil in Europe that kicked off a week earlier when hackers posted a huge trove of campaign documents tied to French candidate Emmanuel Macron just 1-1/2 days before a run-off vote in which he was elected as the new president of France.

On Wednesday, hackers disputed the websites of several French media companies and aerospace giant Airbus.Also, the hack happened four weeks before a British parliamentary election in which national security and the management of the state-run National Health Service (NHS) are important campaign themes.

Authorities in Britain have been braced for possible cyberattacks in the run-up to the vote, as happened during last year’s U.S. election and on the eve of this month’s presidential vote in France.

But those attacks – blamed on Russia, which has repeatedly denied them – followed an entirely different modus operandi involving penetrating the accounts of individuals and political organizations and then releasing hacked material online.

On Friday, Russia’s interior and emergencies ministries, as well as the country’s biggest bank, Sberbank, said they were targeted. The interior ministry said on its website that around 1,000 computers had been infected but it had localized the virus.

The emergencies ministry told Russian news agencies it had repelled the cyberattacks while Sberbank said its cyber security systems had prevented viruses from entering its systems.

New breed of ransomware

Although cyber extortion cases have been rising for several years, they have to date affected small-to-mid-sized organizations, disrupting services provided by hospitals, police departments, public transportation systems and utilities in the United States and Europe.

“Seeing a large telco like Telefonica get hit is going to get everybody worried. Now ransomware is affecting larger companies with more sophisticated security operations,” Chris Wysopal, chief technology officer with cyber security firm Veracode, said.

The news is also likely to embolden cyber extortionists when selecting targets, Chris Camacho, chief strategy officer with cyber intelligence firm Flashpoint, said.

“Now that the cyber criminals know they can hit the big guys, they will start to target big corporations. And some of them may not be well prepared for such attacks,” Camacho said.

In Spain, some big firms took pre-emptive steps to thwart ransomware attacks following a warning from Spain’s National Cryptology Centre of “a massive ransomware attack.”

Iberdrola and Gas Natural, along with Vodafone’s unit in Spain, asked staff to turn off computers or cut off internet access in case they had been compromised, representatives from the firms said.

In Spain, the attacks did not disrupt the provision of services or networks operations of the victims, the government said in a statement.

Source: Reuters – VentureBeat

Cyber expert warns against supporting criminal syndicates amid global hacking

Key points:

  • Over 57,000 infections in 99 countries have been detected
  • Ransomware attacks happen every day in Australia, they just don’t get reported, expert says
  • UK doctors have turned away chemotherapy patients due to not being unable to access medical records

Attackers have used encryption algorithms to lock files, which owners cannot access unless they pay a ransom.

Over 57,000 infections in 99 countries have been detected, with Russia, Ukraine, and Taiwan being top targets, security software maker Avast said.

The attacks have led to hospitals and doctors in England turning away patients after they were unable to view their medical files.

But director for Centre for Cyber Security Research at Deakin University, Professor Yang Xiang, has strictly warned against giving in to criminal syndicates in order to have data unlocked.

“Cyber attacks have already become a kind of industry. [The attackers] are operating like a trained organisation and this will make the cyber security more and more difficult,” he said.

“I don’t think it’s ethical to pay ransom to get data back because we really need to have strong mechanisms to defend against attackers.

“If you keep paying ransom it’s actually helping attackers to grow the industry.”

How did the attack occur?

  • Attack appeared to be caused by a self-replicating piece of software that takes advantage of vulnerabilities in older versions of Microsoft Windows, security experts say
  • It spreads from computer to computer as it finds exposed targets.
  • Ransom demands start at $US300 and increase after two hours, a security researcher at Kaspersky Lab says
  • Security holes were disclosed several weeks ago by TheShadowBrokers, a mysterious group that has repeatedly published what it says are hacking tools used by the NSA
  • Shortly after that disclosure, Microsoft announced it had already issued software “patches” for those holes
  • But many companies and individuals have not installed the fixes yet or are using older versions of Windows that the company no longer supports and for which no patch was available

Professor Yang, who daily works on detecting possible ransomware, said cyber security had been a “number one problem” in Australia for years, and urged government agencies, companies and individuals to prepare for future attacks.

“Australia has a very similar situation because it heavily relies on internet,” he said.

“We have seen a lot of ransomware attacks in companies and government organisations.

“It actually happens every day, it just didn’t get reported.”

While he could not say which specific institutions had been targeted, he did reveal the mining industry was under attack.

Ransomware encryptions are strong. Once the data has been locked, it is extremely difficult to regain access to it.

Professor Yang calls for the Federal Government not to downplay the threat of cyber attacks and to treat this as a priority.

“We just got some news that Government is cutting funding for universities. I think it is important to keep supporting research, support cyber security industry and provide more funding to innovation and research in this area,” he said.

Companies leave themselves open to attacks

One of the more reported victims of the latest attack has been Britain’s National Health Service.

Doctors in the UK have been forced to turn away even chemotherapy patients due to being unable to access their medical records.

But just days before the attack, a UK doctor warned about hospitals’ software being targeted, saying “more hospitals will almost certainly be shut down by ransomware this year”.

Dr Krishna Chinthapalli, a neurology registrar at the National Hospital for Neurology and Neurosurgery in London, said in the British Media Journal health facilities left themselves open to hacks by using ancient operating systems.

But some have cast blame on the United States’ National Security Agency (NSA) and other countries’ intelligence services for hoarding software vulnerabilities for offensive purposes, rather than quickly alerting technology companies to such flaws.

Edward Snowden, who in 2013 leaked documents exposing US surveillance programs, said on Twitter NSA’s “dangerous attack tools” now threatened lives of hospital patients.

In March, WikiLeaks released thousands of “Vault 7” documents that revealed the CIA knew about several flaws in Apple, Google and Samsung software but did not tell the companies about them because it wanted to use them for spying.

Across the US Federal Government, about 90 percent of all spending on cyber programs is dedicated to offensive efforts, including penetrating the computer systems of adversaries, listening to communications and developing the means to disable or degrade infrastructure, senior intelligence officials told Reuters in March.

“These attacks underscore the fact that vulnerabilities will be exploited not just by our security agencies, but by hackers and criminals around the world,” Patrick Toomey, a staff attorney with the American Civil Liberties Union, said in a statement.

The NSA did not respond to a request for comment.

Source: ABC Net Au

Thanks ABC net Au, Reuters Venture Beat and for reading WannaCry Ransomware Cyberattack [Video]

 Image: The Hacker News “Protect Against WannaCry”

ICFO’s Blog Malware Ransomware [Video]

Click for our Archive – WannaCry Ransomware

Your Donations Help Support Our Work

Like and Share on our Facebook page

Print Friendly, PDF & Email
Dr Don
Founder/Admin The Internet Crime Fighters Org, Admin DrDony's Reviews, http://drdonysreviews.com, Author The Internet Users Handbook, See more http://about.me/drdony
Dr Don
Dr Don
Dr Don

Latest posts by Dr Don (see all)

Tags: , , , , , , , , , , , , , , , , ,
Previous Post
email
Business Child Family Home Scams Fraud

Email Spam Scams [Video]

Next Post
safety
Child Family Crime Security Home Social Media

Children’s Safety [Video]

Comments

  1. Reply

    MALICIOUS VIRUS What is Wannacry ransomware? Hackers offer to sell malware used to cripple NHS in cyber attack More than 200,000 victims in around 150 countries have been infected by malicious software https://www.thesun.co.uk/tech/3562470/wannacry-ransomware-nhs-cyber-attack-hackers/

  2. Reply
  3. Reply

    WannaCry Coding Mistakes Can Help Files Recovery Even After Infection http://thehackernews.com/2017/06/wannacry-ransomware-unlock-files.html

  4. Reply
  5. Reply

    IDC: Most Orgs Mount Ineffective Security Investigations https://www.infosecurity-magazine.com/news/idc-orgs-mount-ineffective/

  6. Reply

    If hacking back becomes law, what could possibly go wrong? Because escalation always ends well. https://www.engadget.com/2017/06/02/if-hacking-back-is-law-what-could-possibly-go-wrong/

  7. Reply

    North Korea, cyberattacks and ‘Lazarus’: What we really know http://abcnews.go.com/Technology/wireStory/north-korea-cyberattacks-lazarus-47800647

  8. Reply

    WannaCry Ransomware Lives Up to Its Name — but Something Else Will Make You Wanna Scream http://sociable.co/technology/ransomware-wannacry/

  9. Reply

    Hackers Behind Jaff Ransomware Selling Victims’ Data on Dark Web https://www.hackread.com/hackers-behind-jaff-ransomware-selling-data-on-dark-web/

  10. Reply

    6 Expert Tips to Avoid Getting Hacked With cybersecurity threats and hackers, how can you protect yourself online? Check out these expert tips. https://www.inc.com/jon-levy/6-expert-tips-to-avoid-getting-hacked.html

  11. Reply

    After Ransomware, India hit by new ‘Fireball’ malware; among worst affected The new threat is designed to hijack browsers to change the default search engine and track their web traffic on behalf of Beijing-based digital marketing firm called Rafotech, WIRED.com reported on Friday. http://www.hindustantimes.com/tech/india-among-countries-worst-hit-by-new-fireball-malware/story-t1zd0HTEPd8BxpGIzWcP2M.html

  12. Reply

    Security alert: Malware more malicious than WannaCry may be lurking on your computer Adylkuzz and EternalRocks have been developed with tools stolen from the US National Security Agency. https://scroll.in/article/839513/security-alert-malware-more-malicious-than-wannacry-may-be-lurking-on-your-computer

  13. Reply

    After WannaCry ransomware, Fireball malware hits India: How to protect your devices http://newsable.asianetnews.tv/technology/after-wannacry-ransomware-fireball-malware-hits-india

  14. Reply
  15. Reply

    Leaked NSA hacking exploit used in WannaCry ransomware is now powering Trojan malware EternalBlue Windows security flaw is being leveraged to make Nitol and Gh0st RAT cyberespionage tools more effective, warn researchers. http://www.zdnet.com/article/leaked-nsa-hacking-exploit-used-in-wannacry-ransomware-is-now-powering-trojan-malware/

  16. Reply

    #INFOSEC17: Ransomware and IoT are Greatest Cyber-Threats of 2017 https://www.infosecurity-magazine.com/news/infosec17-ransomware-and-iot/

  17. Reply
  18. Reply

    Organizations Failing to Upgrade Systems, Enforce Patches http://www.securityweek.com/organizations-failing-upgrade-systems-enforce-patches

  19. Reply

    More regulation is not the answer to technology’s challenges https://betanews.com/2017/06/06/regulation-technology-challenges-not-answer/

  20. Reply

    WannaCry Is Dead (For Now): Learn What to Do to Stay Safe Next Time Read more at http://www.business2community.com/cybersecurity/wannacry-dead-now-learn-stay-safe-next-time-01855520#0eTYSwSC08mORt7D.99

  21. Reply

    Teen arrested for creating ransomware similar to WannaCry http://www.ehackingnews.com/2017/06/teen-arrested-for-creating-ransomware.html

  22. Reply

    WannaCry Hack Ported to Infect Windows 10Windows 10 systems still secure, as details remain secret http://news.softpedia.com/news/wannacry-hack-ported-to-infect-windows-10-516264.shtml

  23. Reply

    HHS task force: Healthcare cybersecurity in ‘critical condition’ https://nationalcybersecurity.com/hhs-task-force-healthcare-cybersecurity-critical-condition/

  24. Reply

    Healthcare industry most targeted by cyber attacks https://betanews.com/2017/06/07/healthcare-cyber-attacks/

  25. Reply

    Using Network Insights to Stay One Step Ahead of Emerging Threats https://securityintelligence.com/using-network-insights-to-stay-one-step-ahead-of-emerging-threats/

  26. Reply

    #INFOSEC17 Malwarebytes: WannaCry was Amateur Attackers Using Sophisticated Exploit https://www.infosecurity-magazine.com/news/infosec17-malwarebytes-wannacry/

  27. Reply

    Infosec17: WannaCry could be demise of ransomware WannaCry could lead to the decline and even demise of ransomware due to its poor implementation and its role in underlining the importance of defending against this threat, says a security expert http://www.computerweekly.com/news/450420298/Infosec17-WannaCry-could-be-demise-of-ransomware

  28. Reply

    Healthcare’s Unique Cyber Risk Management Challenges The healthcare industry has experienced an onslaught of cyber-attacks over the last year, primarily driven by the fact that patient records are highly prized assets among cyber criminals. http://www.securityweek.com/healthcares-unique-cyber-risk-management-challenges

  29. Reply

    Interpol Analyzes Global Response to WannaCry Attack Interpol cybercrime unit chiefs gather to evaluate the global extent of WannaCry and track criminals via blockchain analysis. https://www.darkreading.com/attacks-breaches/interpol-analyzes-global-response-to-wannacry-attack/d/d-id/1329071

  30. Reply

    For timely vulnerability information, unofficial sources are a better bet https://www.helpnetsecurity.com/2017/06/07/timely-vulnerability-information/

  31. Reply

    Symantec and the changing of the guard in cybersecurity Long-established security vendors are struggling to modernize and add online protection services to traditional products. http://www.ciodive.com/news/symantec-and-the-changing-of-the-guard-in-cybersecurity/444252/

  32. Reply

    Security Incidents Can Cost Industrial Firms $500K Per Year: Kaspersky http://www.securityweek.com/security-incidents-can-cost-industrial-firms-500k-year-kaspersky

  33. Reply

    InfoSec 2017: ‘One disaster away from governments doing something’ on IoT https://nakedsecurity.sophos.com/2017/06/07/infosec-2017-one-disaster-away-from-governments-doing-something-on-iot/

  34. Reply

    WannaCry WannaBe targeting Android smartphones https://blog.avast.com/wannacry-wannabe-targeting-android-smartphones

  35. Reply

    Healthcare the Top-Targeted Vertical for Cybercrime Cyber-attack rates are up by more than 200%, but not all targets are equally affected. When it comes to which verticals are most in the crosshairs of cyber-criminals, healthcare feels the brunt, on average. https://www.infosecurity-magazine.com/news/healthcare-the-toptargeted-vertical/

Leave a Reply

Your email address will not be published. Required fields are marked *