Massive ransomware attack hits 99 countries

Posted May 17, 2017

"The ransomware called WannaCrypt or WannaCry encrypts the computer's hard disk drive and then spreads laterally between computers on the same LAN".

"This attack is a powerful reminder that information technology basics like keeping computers current and patched are a high responsibility for everyone, and it's something every top executive should support", he said.

Tom Griffiths, who was at Bart's Hospital in London for chemotherapy treatment, said a nurse showed him her computer screen, which carried an image of a padlock. So far, he said, not many people have paid the ransom demanded by the malware. The effects were felt across the globe, with Russia's Interior Ministry and companies including Spain's Telefonica, FedEx Corp.in the USA and French carmaker Renault all reporting disruptions.

Chinese media reported Sunday that students at several universities were hit, blocking access to their thesis papers and dissertation presentations. With ransomware, criminals typically trick individuals into opening an email attachment containing malicious software. Two security firms - Kaspersky Lab and Avast - said they had identified the malware behind the attack in upward of 70 countries, although both said the attack has hit Russian Federation hardest. Nonetheless, the experts say such widespread attacks are tough to pull off.

In March, Microsoft released a security patch for Windows 10 and Windows 7 users that addresses the vulnerability that WannaCry is exploiting.

Darien Huss, a senior security research engineer at Proofpoint, warned that "a new attack" was a major concern following the first cyber assault.

"It's one of the most significant cyberattacks that we've seen", Wainwright said. Two security firms - Kaspersky Lab and Avast - said they identified the malicious software in more than 70 countries.

Microsoft said it had taken the "highly unusual step" of releasing a patch for computers running older operating systems including Windows XP, Windows 8 and Windows Server 2003. Normally, such patches are reserved for organizations willing to pay for extended support.

Consumers who have up-to-date software are protected from this ransomware. If we identify more opportunities to take action, we will do so.

Lawrence Abrams, a New York-based blogger who runs BleepingComputer.com, says many organizations don't install security upgrades because they're anxious about triggering bugs, or they can't afford the downtime.

To ensure you remain protect ensure your operating system is updated to the latest version.

But he also placed fault in national governments.

A 22-year-old cybersecurity expert known as MalwareTech slowed the attack by registering a domain name he discovered in the ransomware's code. That low-priced move redirected the attacks to MalwareTech's server, which operates as a "sinkhole" to keep malware from escaping.

Andreaz Stromgren, head of the municipality's administrative offices, estimated that as many as 100 could have been infected before they stopped it from spreading. "The cat-and-mouse will likely continue until [someone] makes a larger change to the malware, removing the kill-switch functionality completely".

Besides installing these out-of-band updates - available for download from here - Microsoft also advises companies and users to disable the SMBv1 protocol, as it's an old and outdated protocol, already superseded by newer versions, such as SMBv2 and SMBv3.

Officials made no public comment on the possible source of the hack, which touched off havoc and confusion across the state-run health system. The NSA tools were stolen by hackers and dumped on the internet. British cybersecurity expert Graham Cluley doesn't want to blame the NSA for the attack.

Spanish firm Telefonica, French automaker Renault, the USA -based delivery service FedEx and the German railway Deutsche Bahn were among those affected.

They exploited a ideal storm of factors — the Windows hole, the ability to get ransom paid in digital currency, poor security practices — but it's unclear if the payoff, at least so far, was worth the trouble. He said most people "are living an online life", and these agencies have a duty to protect their countries' citizens in that realm as well. "It's a handy thing to have, but it's a unsafe thing to have". Our key direction to you is to remember that we are in this with our customers - we are trusted advisors, counselors, and suppliers to them. "And that's what's happening right now".