Hackers strike 74 countries with stolen NSA hacking tool
The note says that “you need to pay service fees for the decryption” and asks for $300 worth of bitcoin, a digital currency that is hard to track, to be sent electronically to an address.
Researchers with security software maker Avast said they had observed 57,000 infections in 99 countries with Russia, Ukraine and Taiwan the top targets.
Many British hospitals were forced to divert or even cancel non-emergency procedures, and officials reported email and on-screen messages demanding money in exchange for access to computer files. Once it infects one computer within a network, it can spread to all the computers in that network “within seconds”, said Israel Levy, the CEO of the cybersecurity firm Bufferzone.
In the United States, FedEx acknowledged it had been hit by malware and was “implementing remediation steps as quickly as possible”.
Security officials in Britain urged organizations to protect themselves by updating their security software fixes, running anti-virus software and backing up data elsewhere.
Microsoft does not pay much attention to the security and privacy of Windows versions which have exited support for them.
“These attacks underscore the fact that vulnerabilities will be exploited not just by our security agencies but by hackers and criminals around the world”, the American Civil Liberties Union, a frequent NSA critic, said in a statement.
“Affected machines have six hours to pay up and every few hours the ransom goes up”, said Kurt Baumgartner, the principal security researcher at security firm Kaspersky Lab. Portugal Telecom and Telefonica Argentina both said they were also targeted.
The malware’s name is WCry, but analysts were also using variants such as WannaCry.
And all this may be just a taste of what’s coming, another cyber security expert warned.
“This is one of the largest global ransomware attacks the cyber community has ever seen”, said Rich Barger, director of threat research with Splunk, one of the firms that linked WannaCry to the NSA.
Microsoft has released fixes for vulnerabilities and related tools disclosed by TheShadowBrokers, a mysterious group that has repeatedly published alleged NSA software code.
Microsoft on Friday said it was pushing out automatic Windows updates to defend clients from WannaCry.
“MeitY has initiated contact with relevant stakeholders in public and private sector to “patch” their systems as prescribed in the advisory issued by CERT-IN”.
In a statement, a spokesman for the software giant said, “Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt”. It said the company was working with its customers to provide additional assistance.
The ransomware was initially found spreading through attachments in email phishing campaigns.
Authorities in Britain have been braced for possible cyberattacks in the run-up to the vote, as happened during last year’s USA election and on the eve of this month’s presidential vote in France. The hackers then demand $300 in order to release control of the files.
Russia’s Interior Ministry says it has come under cyberattack.
Our expert systems gave us visibility and context into this new attack as it happened, allowing Windows Defender Antivirus to deliver real-time defense.
“Seeing a large telco like Telefonica get hit is going to get everybody anxious”.
He said it’s likely the ransomware will spread to US firms too.
Chris Camacho, chief strategy officer at the cybersecurity firm Flashpoint, confirmed the use of NSA tools in the “clever” attack that used encrypted emails to work around security software and gain access to a networks ripe for exploitation.
EY Partner Cyber Security Burgess Cooper said Indian hospitals could be quite vulnerable to critical infrastructure attacks as they rely on industrial systems that run on old outdated hardware.
Along with Britain’s NHS, authorities in Spain also reported being hit by the ransomware attack. “In short, it has a lot of computers and at least some of them weren’t able to withstand an attack like this”.
In a statement Saturday, Europol’s European Cybercrime Centre, known as EC3, said the attack “is at an unprecedented level and will require a complex worldwide investigation to identify the culprits”.