An alert researcher, cooperation helped stem cyberattack

Joan Terry
May 17, 2017

The malicious software was identified in more than 70 experts, though Russian Federation was hit the hardest.

In a story May 14 about the global "ransomware" cyberattack, The Associated Press reported erroneously that the researcher known as MalwareTech had redirected the attacks to his server.

The attack froze computers at hospitals across the country, with some canceling all routine procedures. The more potential sources of the malicious code, the harder it is for investigators to run down the trail of possible perpetrators. A fellow researcher called Kafeine soon gave him a sample of the malicious software.

The duo's actions may have saved companies and governments millions of dollars and slowed the outbreak before more USA computers were affected.

A 22-year-old British researcher unintentionally found the so-called "kill switch" that authors of the malicious software left in the code. "We haven't fully dodged this bullet at all until we're patched against the vulnerability itself".

While WannaCry infected targets in at least 150 countries, the United Kingdom was particularly hard hit. But this is something we haven't seen before.

"I think we're definitely going to be hearing about this for at least the coming week, but I don't think this is the new norm, I think it's a pretty unusual event".

Teams of technicians worked around the clock Saturday to restore Britain's crippled hospital network and secure the computers that run factories, banks, government agencies and transport systems in other nations after a global cyberattack.

The security holes it exploits were disclosed several weeks ago by TheShadowBrokers, a mysterious group that has published what it says are hacking tools used by the NSA. So the true effect of the attack is expected to emerge today as employees return and log in.

Nearly arrested? Mike Brown was just trying to get to Game 2
Popovich had no guess about Leonard's status for Game 3 , saying it would likely be decided as late as Friday or Saturday. Kevin Durant and Stephen Curry took full advantage of the Leonard injury, as they went on to deliver 74 points combined.

"Expect to hear a lot more about this tomorrow morning when users are back in their offices and might fall for phishing emails" or other as yet unconfirmed ways the worm may propagate, said Christian Karam, a Singapore-based security researcher. "The bad guys are always one step ahead". He said it was too early to say who was behind the onslaught and what their motivation was, aside from the obvious demand for money. If it can't connect, "it ransoms the system", MalwareTech explains. The URL might have been a command and control server or an intentional kill switch.

"Right now, just about every [information technology] department has been working all weekend rolling this out", Dan Wire, spokesman at Fireeye Security, said.

Disable SMBv1: NCSC says that "if it is not possible to apply [either] patch, disable SMBv1, and refers to guidance from Microsoft for doing so".

Computers in A&E wards, GP surgeries and other vital services were thought to have been infected with the virus. The patch lists can be ginormous. "So they no longer get the security updates they should be".

The ransomware appeared to exploit a vulnerability in Microsoft Windows that was purportedly identified by the U.S. National Security Agency for its own intelligence-gathering purposes and was later leaked to the internet. "They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world", he said.

While the scale of the attack shows Microsoft needs to strengthen its own capabilities, "there is simply no way for customers to protect themselves against threats unless they update their system", Smith said in his blog post. The situation is so concerning that White House officials told CBS News that President Donald Trump ordered emergency meetings Friday and Saturday to address the global cyber attacks.

The effects were felt across the globe, with Britain's National Health Service, Russia's Interior Ministry and companies including Spain's Telefonica, FedEx the USA and French carmaker Renault all reporting disruptions.

A government regulator warned the NHS last July that updating antiquated hardware and software was "a matter of urgency", and noted that one hospital had already had to pay about $900,000 to fix a breach that began after an employee clicked on a web link in an unsafe email.

Other reports by BadHub

Discuss This Article