Dismiss Notice
Welcome to IDF- Indian Defence Forum , register for free to join this friendly community of defence enthusiastic from around the world. Make your opinion heard and appreciated.

Cyberattack Hits Nearly 100 Countries and Thousands of Computers

Discussion in 'World Economy' started by lca-fan, May 13, 2017.

  1. lca-fan

    lca-fan Major SENIOR MEMBER

    Joined:
    Sep 9, 2015
    Messages:
    2,306
    Likes Received:
    4,633
    Country Flag:
    India
    Cyberattack Hits Nearly 100 Countries and Thousands of Computers
    BY ERIK ORTIZ AND PHIL MCCAUSLAND

    A large-scale cyberattack affected nearly one hundred countries and held tens of thousands of computers ransom throughout the day on Friday.

    Antivirus provider Avast reported that at least 75,000 computers had been infected by the crippling malware and that the "WanaCrypt0r 2.0," as it is called, ransomware had been detected in 99 countries.

    More than a dozen hospitals in England and major companies, including FedEx and Spain's largest telecom, were targeted Friday.

    [​IMG]
    Worldwide Cyberattack Holding Computers Hostage, Demanding Ransom

    U.S. companies were being warned to gird against the threat, which reportedly blocked access to computers in exchange for a ransom.

    At least 16 National Health Service hospitals and related organizations were affected in England and another five in Scotland, officials said in a statement.

    British Prime Minister Theresa May said the government's cyber security arm was working with the NHS, and confirmed that "no patient data has been compromised."

    The extent of the attack globally and the author of the malicious software — known as the Wanna Decryptor, or WannaCry — were unclear, but cyber security experts said they were surprised at its apparent reach.

    "The scale of it — that's pretty unprecedented," Ben Rapp, the CEO of IT support company Managed Networks, told NBC News' British partner ITV News. "There's been a lot of ransomware in hospitals, but to see 16 hospitals, last time I looked, and reports of other people — this is probably the biggest ransomware attack we've seen."

    advertisement

    [​IMG]
    MalwareTech.com
    In a statement to NBC News, FedEx said that "like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware. We are implementing remediation steps as quickly as possible."

    The Memphis, Tennessee-based global delivery company did not immediately say whether a ransom was demanded for return of their computers' functions.

    The U.S. Department of Homeland Security said Microsoft released a patch to address the vulnerability in March and urged users to install it.

    Some English hospitals tweeted that they were taking precautionary measures to protect patients, while doctors' offices tweeted problems obtaining patients' files because of the attack.

    The NHS blamed the Wanna Decryptor for infecting computers — an encryption-based ransomware that locks a system and its files from use unless money is paid to hackers for access. It's typically spread through email phishing programs and affects computers using Windows operating systems.

    advertisement

    The program is especially nasty because it acts like a worm — finding security holes in a computer to spread throughout a network.

    It could take days before a company cleans up its system and is fully functioning again, security experts say.

    But sometimes, hackers hit the jackpot: Last year, Hollywood Presbyterian Medical Center forked over $17,000 after suffering a ransomware attack.

    The IT systems of NHS sites were reportedly bombarded by pop-up messages Friday demanding such a ransom, and purported screenshots showed the cyber attacker asking for "$300 worth of bitcoin" — a form of digital currency — to be sent to a certain online address.

    [​IMG]
    Gillian Hann via Twitter
    "It's a small ransom," said Gene Spafford, founder and executive director emeritus of Purdue University's Center for Education and Research in Information Assurance and Security. "But if you set the price too high then many of their victims won't pay."

    Spafford said ransomware typically targets those without strong security in place, such as home users and small companies.

    Hospitals and larger companies might be susceptible, he added, if they're slow to fully upgrade their networks or use pirated programs.

    This particular ransomware is "using this flaw in the file-sharing that is giving it apparently a real boost," Spafford said.

    He added that companies are at the mercy of the hackers, who could decide if their ransomware becomes too big they might decide "not to cash out because they're worried about being traced" and tipping off authorities about their whereabouts.

    advertisement

    Spanish telecom giant Telefonica confirmed in a statement that a "cybersecurity incident" occurred Friday that affected the computers at its Madrid headquarters.

    A Telefonica spokesman told Reuters that a window appeared on its computers also demanding a bitcoin payment in order to regain control.

    [​IMG]
    Hackers want to hold your data for ransom: Here's how to stop them

    Spain's National Cryptology Center said that an attack had been launched "against various organizations" in the country through their Windows systems, and other companies were taking preventative measures.

    It wasn't just companies affected by this particular ransomware.

    The mayor of the small community of Timra, Sweden — population 10,000 — told Reuters it has "around 70 computers that have had a dangerous code installed."

    Josh Feinblum, vice president of information security at the cybersecurity company Rapid7, said companies should back up data and ensure their systems are as up to date as possible. He said the speed at which the ransomware spread is unusual.

    "I think what was unique about this ransomware is that it essentially used a security flaw in a very common set of software that allowed it to self-replicate across the facilities and environments that it was in," Feinblum said.

    "And that's not very typical in the ransomware world and that's something that we haven't really seen at scale in a long time," he said.
    https://www.google.co.in/amp/www.nb...lish-hospitals-hackers-demand-bitcoin-n758516
     
    Levina and Hellfire like this.
  2. lca-fan

    lca-fan Major SENIOR MEMBER

    Joined:
    Sep 9, 2015
    Messages:
    2,306
    Likes Received:
    4,633
    Country Flag:
    India
    Hackers exploit stolen US spy agency tool to launch global cyber-attack
    Reuters | Updated: May 13, 2017, 08.09 AM IST
    [​IMG]REUTERS
    A woman points to the website of the NHS: East and North Hertfordshire notifying users of a problem in its network, in London on May 12, 2017. (AFP Photo)
    HIGHLIGHTS

    • Attack leverages tools developed by US NSA, say researchers
    • UK hospitals, surgeries, ambulance service disrupted
    • Spanish firms targeted, but impact limited
    • Microsoft working on detection, protection
    LONDON/MADRID: A global cyberattack leveraging hacking tools widely believed by researchers to have been developed by the US National Security Agency hit international shipper FedEx, disrupted Britain's health system and infected computers in nearly 100 countries on Friday.

    TOP NEWS HEADLINES
    Hackers use US govt code for cyber-attack in nearly 100 countries
    13 May 2017, 05:45

    As India remains uncertain, US to drive down One Belt One Road
    13 May 2017, 03:17

    Paper trail to be used for all future elections: Chief election commissioner
    13 May 2017, 01:55

    India tracking Chinese submarine, which is likely to head for Karachi
    12 May 2017, 22:29

    Court rejects Gandhis’ I-T plea in National Herald case
    13 May 2017, 02:33

    Output growth jumps from 0.7% to 5% after IIP revamp
    13 May 2017, 01:19

    Pakistan stoking terror, hurting India ties, says Trump admin
    12 May 2017, 21:32

    India seeks to check China with Colombo-Kashi flight
    13 May 2017, 01:44

    Karnan pleads for relief, but Supreme Court refuses to oblige
    13 May 2017, 01:11

    Sharia can’t sanction triple talaq: Salman Khurshid
    13 May 2017, 02:24



    Cyber extortionists tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.



    The ransomware encrypted data on the computers, demanding payments of $300 to $600 to restore access. Security researchers said they observed some victims paying via the digital currency bitcoin, though they did not know what percent had given in to the extortionists.




    Researchers with security software maker Avast said they had observed 57,000 infections in 99 countries with Russia, Ukraine and Taiwan the top targets.

    The most disruptive attacks were reported in Britain, where hospitals and clinics were forced to turn away patients after losing access to computers.



    International shipper FedEx Corp said some of its Windows computers were also infected. "We are implementing remediation steps as quickly as possible," it said in a statement.

    Still, only a small number of US-headquartered organizations were hit because the hackers appear to have begun the campaign by targeting organizations in Europe, said Vikram Thakur, research manager with security software maker Symantec.

    By the time they turned their attention to the United States, spam filters had identified the new threat and flagged the ransomware-laden emails as malicious, Thakur said.

    The US Department of Homeland Security said late on Friday that it was aware of reports of the ransomware, was sharing information with domestic and foreign partners and was ready to lend technical support.

    Telecommunications company Telefonica was among many targets in Spain, though it said the attack was limited to some computers on an internal network and had not affected clients or services. Portugal Telecom and Telefonica Argentina both said they were also targeted.

    Private security firms identified the ransomware as a new variant of "WannaCry" that had the ability to automatically spread across large networks by exploiting a known bug in Microsoft's Windows operating system.

    "Once it gets in and starts moving across the infrastructure, there is no way to stop it," said Adam Meyers, a researcher with cyber security firm CrowdStrike.

    The hackers, who have not come forward to claim responsibility or otherwise been identified, likely made it a "worm," or self spreading malware, by exploiting a piece of NSA code known as "Eternal Blue" that was released last month by a group known as the Shadow Brokers, researchers with several private cyber security firms said.

    "This is one of the largest global ransomware attacks the cyber community has ever seen," said Rich Barger, director of threat research with Splunk, one of the firms that linked WannaCry to the NSA.

    The Shadow Brokers released Eternal Blue as part of a trove of hacking tools that they said belonged to the US spy agency.

    Microsoft on Friday said it was pushing out automatic Windows updates to defend clients from WannaCry. It issued a patch on March 14 to protect them from Eternal Blue.

    "Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt," Microsoft said in a statement. It said the company was working with its customers to provide additional assistance.

    SENSITIVE TIMING

    The spread of the ransomware capped a week of cyber turmoil in Europe that kicked off a week earlier when hackers posted a huge trove of campaign documents tied to French candidate Emmanuel Macron just 1-1/2 days before a run-off vote in which he was elected as the new president of France.

    On Wednesday, hackers disputed the websites of several French media companies and aerospace giant Airbus.

    Also, the hack happened four weeks before a British parliamentary election in which national security and the management of the state-run National Health Service (NHS) are important campaign themes.

    Authorities in Britain have been braced for possible cyberattacks in the run-up to the vote, as happened during last year's US election and on the eve of this month's presidential vote in France.

    But those attacks - blamed on Russia, which has repeatedly denied them - followed an entirely different modus operandi involving penetrating the accounts of individuals and political organizations and then releasing hacked material online.

    On Friday, Russia's interior and emergencies ministries, as well as the country's biggest bank, Sberbank, said they were targeted. The interior ministry said on its website that around 1,000 computers had been infected but it had localized the virus.

    The emergencies ministry told Russian news agencies it had repelled the cyberattacks while Sberbank said its cyber security systems had prevented viruses from entering its systems.

    NEW BREED OF RANSOMWARE

    Although cyber extortion cases have been rising for several years, they have to date affected small-to-mid sized organizations, disrupting services provided by hospitals, police departments, public transportation systems and utilities in the United States and Europe.

    "Seeing a large telco like Telefonica get hit is going to get everybody worried. Now ransomware is affecting larger companies with more sophisticated security operations," Chris Wysopal, chief technology officer with cyber security firm Veracode, said.

    The news is also likely to embolden cyber extortionists when selecting targets, Chris Camacho, chief strategy officer with cyber intelligence firm Flashpoint, said.

    "Now that the cyber criminals know they can hit the big guys, they will start to target big corporations. And some of them may not be well prepared for such attacks," Camacho said.

    In Spain, some big firms took pre-emptive steps to thwart ransomware attacks following a warning from Spain's National Cryptology Centre of "a massive ransomware attack."

    Iberdrola and Gas Natural, along with Vodafone's unit in Spain, asked staff to turn off computers or cut off internet access in case they had been compromised, representatives from the firms said.

    In Spain, the attacks did not disrupt the provision of services or networks operations of the victims, the government said in a statement.

    https://www.google.co.in/amp/m.time...obal-cyberattack/amp_articleshow/58652918.cms

    @Levina @Abingdonboy@nair@MilSpec @Gessler@Robinhood Pandey@randomradio @vstol jockey@Hellfire @NS52 @BlackOpsIndia@Rain Man @Grevion @Nilgiri@GSLV Mk III @SrNair@dadeechi @Ankit Kumar 001@kaku1 @Golden_Rule@IndiranChandiran @Lion of Rajputana @thesolar65 @Sathya@Butter Chicken @AbRaj@Agent_47 @bharathp @Aqwoyk@GuardianRED @PeegooFeng41@Indx TechStyle @Ved Mishra@ni8mare @A_poster@Kalmuahlaunda @zebra7@Marqueur @PARIKRAMA
     
    Hellfire, Grevion and SrNair like this.
  3. Nilgiri

    Nilgiri Lieutenant GEO STRATEGIC ANALYST

    Joined:
    Oct 16, 2016
    Messages:
    624
    Likes Received:
    1,557
    Country Flag:
    India
    Well thankfully I did the windows security updates right as they came up.
     
    Hellfire likes this.
  4. Fox

    Fox Supreme Overlord FULL MEMBER

    Joined:
    Apr 26, 2017
    Messages:
    314
    Likes Received:
    919
    Country Flag:
    Norway
    The vulnerability was patched prior to the spread of the infection. Always, always update your system!! Yes, sometimes the update can cause stability problems, like the early release of the Windows 10 Creator update, but they introduce vital patches and security fixes and honestly, 90% of security problems fall into two categories:

    1. Phishing and people not verifying the source of a communique before opening or signing into it.
    2. People not updating their system and letting vulnerabilities go un-patched before its too late.

    Update people! Not updating is how this infection spread:hitwall:!!
     
    Nilgiri and Hellfire like this.
  5. Blue Marlin

    Blue Marlin 2nd Lieutant FULL MEMBER

    Joined:
    Mar 28, 2016
    Messages:
    361
    Likes Received:
    222
    Country Flag:
    United Kingdom
    there was no patch, the wanna cry 2.0 randsomeware software which is what did the damage had no patch to fix it. no 15 year old kid made this, as it brought down nhs services in the uk and services across 50+ countries, this was work of a foreign government intentional or not.
    mind you nhs machines still use windows xp as its preferred and with policies in place where staff only use work emails and those emails are strictly used within the nhs only. also foreign usb's are prohibited. the randsomeware got through the firewall or through an existing unguarded open port undetected. also the the timing suggests it was a logically activated malware causing maximum damage.
     
    Hellfire likes this.
  6. Fox

    Fox Supreme Overlord FULL MEMBER

    Joined:
    Apr 26, 2017
    Messages:
    314
    Likes Received:
    919
    Country Flag:
    Norway
    It was patched. It was patched before the infection started:

    http://gizmodo.com/theres-a-massive-ransomware-attack-spreading-globally-r-1795168952

    In this case, Microsoft actually released a software update to fix the problem a month before the Shadow Brokers leaked it, so users who applied security patches regularly weren’t put in danger. The problem is that Windows users — and their IT professionals — don’t always apply security upgrades promptly. So many computers were still vulnerable two months after Microsoft released its upgrade.


    https://www.vox.com/new-money/2017/5/12/15632482/ransomware-explained
     
    Hellfire and Bregs like this.
  7. Hellfire

    Hellfire Devil's Advocate Staff Member MODERATOR

    Joined:
    Apr 16, 2017
    Messages:
    1,845
    Likes Received:
    4,480
    Country Flag:
    India
    I am updated always :)
     
  8. Blue Marlin

    Blue Marlin 2nd Lieutant FULL MEMBER

    Joined:
    Mar 28, 2016
    Messages:
    361
    Likes Received:
    222
    Country Flag:
    United Kingdom
    like i said the nhs uses windows xp where you can control if you get updates or not even with windows 7/8/8.1 same applies.
    also theres no mention of the wannacry patch in relation to the recent windows update.
     
  9. zebra7

    zebra7 Captain FULL MEMBER

    Joined:
    Nov 3, 2016
    Messages:
    1,176
    Likes Received:
    1,199
    Country Flag:
    India

    Have seen One of that attack of Ransomware, which was from some hacker group from Russian origin. All the files word, excel, pictures, specially document files were zipped with strong encryption code password and a text file was copied in all the folder asking for the money in Bitcoin to remove the encryption. One of my client had server 2012, which I setup, and called me. It took me whole day to rectify, and retain the files. The attack like this is just involves a malware, which could be spread easily, and its a headache and can cause the whole company to standstill, as now a days we all are getting too much dependent on technology.
    For me luckily, I had one picture in my mail from that main server, which could be compared with the encrypted picture file, to know the encrypted password.
     
  10. zebra7

    zebra7 Captain FULL MEMBER

    Joined:
    Nov 3, 2016
    Messages:
    1,176
    Likes Received:
    1,199
    Country Flag:
    India
    In reality, microsoft would be always one step behind, and could only release the patch after an attack. They have to make some of the fundamental changes, which they will not.

    1. They have to stop supporting the older OS and file format.
    2. Think of an alternative for the autorun.inf
    3. Review or disband their own vbscript and Activex with the opensource javascript.
     
    Last edited: May 14, 2017
  11. Blue Marlin

    Blue Marlin 2nd Lieutant FULL MEMBER

    Joined:
    Mar 28, 2016
    Messages:
    361
    Likes Received:
    222
    Country Flag:
    United Kingdom
    they stopped supporting windows xp not to long ago, last april i believe. they intend to stop supporting windows 7 in 2020.
    do note a huge number of people still use them and halting its support will come with consequences
     
  12. zebra7

    zebra7 Captain FULL MEMBER

    Joined:
    Nov 3, 2016
    Messages:
    1,176
    Likes Received:
    1,199
    Country Flag:
    India
    What I was saying that the Microsoft is still supporting the older and vulnerable file format such as FAT and to support older program and utilities such as MSDOS program, which are not multitasking, multiuser instead of replacing them with the new and better ones, is only supplying the patches to support them, and there goes the problem, which leaves various gaps, and vulnerability.
     

Share This Page