Microsoft to make security fixes available for older Windows systems
Cybersecurity firm Avast said it had identified more than 75,000 ransomware attacks in 99 countries, making it one of the broadest and most damaging cyberattacks in history.
Affected by the onslaught were computer networks at hospitals in Britain, Russia’s interior ministry, the Spanish telecom giant Telefonica and the U.S. delivery firm FedEx and many other organisations.
NHS Digital, which oversees United Kingdom hospital cybersecurity, says the attack used the Wanna Decryptor variant of malware, which infects and locks computers while the attackers demand a ransom.
Computers were infected with what is known as “ransomware” – software that freezes up a machine and flashes a message demanding payment to release the user’s data. After that, the price would be doubled.
There were no details on which companies were targeted or the origin of the attack.
The malware is spread by taking advantage of a Windows vulnerability that Microsoft released a security patch for in March.
Only a small number of US-headquartered organisations were infected because the hackers appear to have begun the campaign by targeting organisations in Europe, a research manager with security software maker Symantec said.
Pyotr Lidov, a spokesman for Megafon, said Friday’s attacks froze computers in company’s offices across Russian Federation.
The breadth of the attack seems to indicate that the software had been spreading around the globe possibly for weeks but lay dormant when first introduced into a network, said Sean Dillon, a senior security analyst with RiskSense Inc. It appears that the spread of the infections have now slowed down, possibly because of this kill switch now becoming active.
“Unlike most other attacks, this malware is spreading primarily by direct infection from machine to machine on local networks, rather than purely by email”, Lance Cottrell, chief scientist at the U.S. technology group Ntrepid.
NSA was well aware for some time that its cyber weapons cache had been hacked.
Carlos Cabreiro, director of a police unit that fights cybercrime, told the newspaper Publico that the country was facing “computer attacks on a large scale against different Portuguese companies, especially communication operators”.
The country’s central bank said the banking system was hit, and the railway system also reported attempted breaches.
“Our analysis indicates the attack, dubbed “WannaCry“, is initiated through an SMBv2 remote code execution in Microsoft Windows”. “The English is very good, but there are a couple of quirks that would lead me to believe it wasn’t written by a native English speaker”, he said.
Megafon, a Russian telecommunications company, was also hit by the attack.
It’s possible that the malware writers will have screwed up and put the decryption key in the code itself – such slip-ups have happened in the past.
It’s moving so quickly in part because the exploit it’s based on may allow it to because of a so-called “spreader” element it contains that allows it to spread quickly.
A malicious programme or ransomware has been used to deploy a massive cyber attack, infecting computers in almost 100 countries.
Leading worldwide shipper FedEx Corp said it was one of the companies whose system was infected with the malware that security firms said was delivered via spam emails. “Nevertheless, the presence of this vulnerability appears to be the most significant factor that caused the outbreak”, the post adds.
Services in London, the central city of Nottingham, and the counties of Hertfordshire and Cumbria were affected, according to the BBC.
The attack gained attention from media largely after it impacted National Health Service operations in England.
British media had reported a year ago that most public health organizations were using an outdated version of Microsoft Windows that was not equipped with security updates.
The attack is likely to prompt more organizations to apply the security fixes that would prevent the malware from spreading automatically. It said it was working to resolve the problem. Affected users can restore their files from backups, if they have them, or pay the ransom; otherwise they risk losing their data entirely.
It said its hospitals had shut down all computer systems as a protective measure and canceled all non-urgent activity. Deutsche Bahn said it deployed extra staff to busy stations to provide customer information, and recommended that passengers check its website or app for information on their connections.
Doctors were using pen and paper as the National Health Service struggled to get computers back online.
In the case of WannaCry, the program encrypts your files and demands payment in bitcoin in order to regain access. The global agencies have been giving a slant to the news regarding wannacry that the users are at fault, as they do not upgrade their system software regularly.