Massive Ransom Attack Hits 99 Countries

Uploaded on 2017-05-13 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, GOVERNMENT-National, FREE TO VIEW

A massive cyber attack using tools believed to have been stolen from the US National Security Agency (NSA) has struck organisations around the world.

Cyber-security firm Avast said it had seen 75,000 cases of the ransomware, known as WannaCry and variants of that name. There are reports of infections in 99 countries, including Russia and China.

Among the worst hit was the National Health Service (NHS) in England and Scotland. About 40 NHS organisations and some medical practices were hit, with operations and appointments cancelled.

The malware spread quickly on last Friday 12th May, with medical staff in the UK reportedly seeing computers go down "one by one". Throughout the day other, mainly European countries, reported infections.

A number of large Spanish firms - including telecoms giant Telefonica, power firm Iberdrola and utility provider Gas Natural - were hit, with reports that staff at the firms were told to turn off their computers.

Portugal Telecom, delivery company FedEx, a Swedish local authority and Megafon, the second largest mobile phone network in Russia, also said they had been affected. People tweeted photos of affected computers including a local railway ticket machine in Germany and a university computer lab in Italy.

Some reports said Russia had seen more infections than any other single country. Russia's interior ministry said it had "localised the virus" following an "attack on personal computers using Windows operating system".

Some security researchers have pointed out that the infections seem to be deployed via a worm - a program that spreads by itself between computers. Most other malicious programmes rely on humans to spread by tricking them into clicking on an attachment harbouring the attack code.

By contrast, once WannaCry is inside an organisation it will hunt down vulnerable machines and infect them too. 
This perhaps explains why its impact is so public - because large numbers of machines at each victim organisation are being compromised.

Who is behind the attack?

Some experts say the attack may have been built to exploit a weakness in Microsoft systems that was identified by the NSA and given the name EternalBlue.

The NSA tools were stolen by a group of hackers known as The Shadow Brokers, who then attempted to sell the encrypted cache in an online auction. The hackers said they had published the password as a "protest" about US President Donald Trump. Microsoft said on Friday its engineers had added detection and protection against the malware. The company was providing assistance to customers, it added.

Accidental hero temporarily halts its spread

A UK-based cyber-security researcher, tweeting as @MalwareTechBlog, said he had accidentally managed to temporarily halt the spread of the virus. He said that he noticed that the virus was searching for a web address that had not been registered. He bought the domain name for around $10 and found that by registering it, he triggered a "kill switch" that stopped the worm's spread. But, he warned it was likely to be only a temporary fix. 
"So long as the domain isn't removed, this particular strain will no longer cause harm, but patch your systems ASAP as they will try again," he tweeted.

UK NHS bosses and the government are facing questions over why hospitals had been left vulnerable to the global cyber-attack that crippled services on Friday. The health service faces a weekend of chaos after hackers demanding a ransom infiltrated the health service’s antiquated computer system.Operations and appointments were cancelled and ambulances diverted as up to 40 hospital trusts became infected by a “ransomware” attack demanding payment to regain access to vital medical records. Doctors warned that the infiltration, the largest cyber-attack in NHS history, could cost lives.

Biggest Ransomware Attack in History

Researchers with security software maker Avast said they had observed 57,000 infections in 99 countries with Russia, Ukraine and Taiwan the top targets.

Mikko Hypponen, chief research officer at the Helsinki-based cybersecurity company F-Secure, called the attack "the biggest ransomware outbreak in history".

The NHS said there was no evidence that patients’ medical records had been accessed, but it was unable to say whether the hackers, who are threatening to delete information unless payment is received within a week, had the ability to destroy such records.

Experts at GCHQ’s national cyber security centre were helping NHS teams fight the attack. The US Department of Homeland Security said late on Friday that it was aware of reports of the ransomware, was sharing information with domestic and foreign partners and was ready to lend technical support.

The attack has been declared a major incident, and has spread to Scotland, where crisis meetings were also being held.
A computer hacking group known as Shadow Brokers was at least partly responsible. It is claimed the group, which has links to Russia, stole US National Security Agency cyber tools designed to access Microsoft Windows systems, then dumped the technology on a publicly-accessible website where online criminals could access it, possibly in retaliation for America’s attack on Syria.

BBC:          Telegraph:

You Might Also Read:

Shadow Brokers Release Secret List Of NSA-Compromised Servers:

Stolen NSA Hacking Tools For Sale In Bizarre Auction:

Leak Spotlights NSA's Conflicting Missions:

UK’s New National Cyber Security Centre:

 

« Cyber Spies Go Mainstream
Darktrace Forms Cybersecurity Partnership With Siemens »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Infinigate UK

Infinigate UK

Infinigate is a value-added distributor of IT security solutions to protect and defend IT networks, servers, devices, data, applications, as well as the cloud.

Global Knowledge Training

Global Knowledge Training

Global Knowledge is a worldwide leader in IT and business training, featuring Cisco, Microsoft, VMware, IBM, security, cloud computing, and project management.

Centrify

Centrify

Centrify’s Next-Gen Access is an identity & access management solution that uniquely converges Identity-as-a-Service, enterprise mobility management and privileged access management.

ZyberSafe

ZyberSafe

ZyberSafe is an innovative Danish company specialized within building hardware encryption solutions.

FixMeStick

FixMeStick

FixMeStick is a virus removal device, a USB key that removes malware conventional antivirus software often can’t detect.

Norton

Norton

NortonLifeLock is dedicated to helping secure the devices, identities, online privacy, and home and family needs of approximately 50 million consumers.

Digital Ship

Digital Ship

Digital Ship provides news, information, conferences and events focused on digital ship systems, information technology and security relating to maritime operations.

Montreal International

Montreal International

You’re an entrepreneur planning to launch a company in an innovative sector such as AI, cybersecurity, 'deeptech' or fintech? You’ve found the right place!

Madrona Venture Group

Madrona Venture Group

Madrona Venture Group invests in seed and early-stage technology companies in areas including cybersecurity.

Redpoint Security

Redpoint Security

Redpoint Security is an application security consulting firm that is focused on all aspects of code security.

Dawgen Global

Dawgen Global

Dawgen Global is an integrated multidisciplinary professional service firm in the Caribbean Region providing a range of services including Risk Management and Information Systems Assurance.

Chugach Government Solutions (CGS)

Chugach Government Solutions (CGS)

CGS performs work for the Federal Government across 4 unique core lines of business, including: Facilities Management and Maintenance, Construction, Technical IT and Cyber Services, and Educational Se

Modern Networks

Modern Networks

Modern Networks is a leading provider of IT managed services to the UK’s commercial property sector and medium sized enterprises.

Vantor

Vantor

Vantor is a Managed Security Services Provider (MSSP) that specializes in providing outsourced, managed cybersecurity services.

Blue Mantis

Blue Mantis

Blue Mantis is a security-first, IT solutions and services provider with a 30+ year history of successfully helping clients achieve business modernization.

DeepStrike

DeepStrike

DeepStrike is a cutting-edge penetration testing company that specializes in providing Penetration Testing as a Service (PTaaS) and continuous penetration testing solutions.