Cyber attack spreads across 150 countries

Fernando Stephens
May 18, 2017

LONDON (AP) — The cyberattack that spread malicious software around the world, shutting down networks at hospitals, banks and government agencies, was stemmed by a young British researcher and an affordable domain registration, with help from another 20-something security engineer in the U.S.

Hackers took control of computers in several NHS hospitals and GP practices on Friday and the attack hit 200,000 people worldwide, including businesses in China and Russian Federation.

Microsoft's top lawyer is laying some of the blame at the feet of the US government.

"Just patch their systems as soon as possible", MalwareTech said.

"The ransomware also spreads through malicious attachments to emails", it said.

Across an ocean, Darien Huss, a 28-year-old research engineer for the cybersecurity firm Proofpoint, was doing his own analysis. Huss took a screen shot of his discovery and shared it on Twitter.

British cybersecurity expert Graham Cluley doesn't want to blame the NSA for the attack, though he said they have a duty to citizens who "are living an online life". It's not uncommon for them to use aliases, either to protect themselves from retaliatory attacks or for privacy.

Researchers from three security firms dismissed initial reports on Saturday that a new version of WannaCry/WannaCrypt had emerged, saying this was based on a rushed analysis of code data that proved erroneous. So far, he said, not many people have paid the ransom demanded by the malware. The malicious software has infected more than 75,000 computers in 99 countries worldwide on Friday, majority concentrated in Russia, Ukraine and Taiwan, according to Dutch cybersecurity company Avast Software BV.

These hackers "have caused enormous amounts of disruption— probably the biggest ransomware cyberattack in history", said Graham Cluley, a veteran of the anti-virus industry in Oxford, England.

The warning was echoed by Britain's National Cyber Security Centre: "As a new working week begins it is likely, in the United Kingdom and elsewhere, that further cases of ransomware may come to light, possibly at a significant scale". "We have seen vulnerabilities stored by the Central Intelligence Agency show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world".

People walk past a Megafon mobile phones shop in Moscow, Russia, Saturday, May 13, 2017. Renault's futuristic assembly line in Slovenia, where rows of robots weld vehicle bodies together, was stopped cold.

Jefferies Group LLC Reiterates Hold Rating for Groupon Inc (GRPN)
The sale was disclosed in a filing with the Securities & Exchange Commission, which can be accessed through the SEC website . The business had revenue of $673.63 million during the quarter, compared to the consensus estimate of $721.93 million.

Elsewhere in Asia, the Indonesian government urged businesses to update computer security after the malware locked patient files on computers in two hospitals in the capital, Jakarta.

This one worked because of a "perfect storm" of conditions, including a known and highly risky security hole in Microsoft Windows, tardy users who didn't apply Microsoft's March software fix, and malware created to spread quickly once inside university, business or government networks.

National Health Service: At least sixteen NHS organizations have been hit, according to NHS Digital. Security experts have warned that there is no guarantee that access will be granted after payment.

A major ransomware attack carried out through hacking tools allegedly developed by the US National Security Agency and leaked online in March is a wake-up call to organisations and nations on poor cyber security practices and abysmal awareness of these issues among ordinary computer and internet users. (Bitcoin in a type of digital currency widely used online.) Victims have only hours to pay the ransom, which rises to $600 before the files are destroyed.

The initial attack, known as "WannaCry", paralyzed computers running factories, banks, government agencies and transport systems in scores of countries, including Russia, Ukraine, Brazil, Spain, India and Japan, among others.

Wainwright said the agency is analyzing the virus and has yet to identify who is responsible for the attack. "With ransomware and other destructive malware, time is of the essence".

"I think the security industry as a whole should be considered heroes", he said.

The National Cyber Security Centre (NCSC) says it continues to actively monitor the situation, and engage with Government and the private sector.

Short of paying, options for those already infected are usually limited to recovering data files from a backup, if available, or living without them.

Earlier, Health Secretary Jeremy Hunt confirmed there had not been a second wave of attacks on NHS trusts and said it was "encouraging" that the level of criminal activity was at "the lower end of the range" anticipated.

Experts urged organizations and companies to immediately update older Microsoft operating systems, such as Windows XP, with a patch released by the company.

Other reports by BadHub

Discuss This Article