At least 74 countries affected in 'biggest ever' cyber attack

Claudine Rigal
Mai 15, 2017

Bloomberg Businessweek wrote in 2015 about a spate of malware infections at hospitals where radiological machines, blood-gas analyzers and other devices were compromised and used to siphon off the personal data of patients. The attack froze computers at hospitals across the country, with some canceling all routine procedures.

Windows 10 users are unaffected by the attack, and numerous operating systems affected are no longer supported.

By then, the "ransomware" attack had hobbled Britain's hospital network and computer systems in several countries, in an effort to extort money from computer users. And the United Kingdom government called an emergency meeting over the crisis.

It's frustrating that attacks like this continue to victimize unprepared systems, said Ron Culler, CTO of managed security services provider, Secure Designs Inc.

He began analyzing a sample of the malicious software and noticed its code included a hidden web address that wasn't registered.

"I will confess that I was unaware registering the domain would stop the malware until after I registered it, so initially it was accidental", @MalwareTechBlog tweeted.

Darien Huss, a 28-year-old research engineer who assisted the anonymous British researcher lauded a hero, said he was "still anxious for what's to come in the next few days because it really would not be so hard for the actors behind this to re-release their code without a kill switch or with a better kill switch". Huss took a screen shot of his discovery and shared it on Twitter.

Spain's Telefonica, a global broadband and telecommunications company, was among the companies hit.

It was not yet known who perpetrated Friday's attacks.

Two security firms - Kaspersky Lab and Avast - said they had identified the malicious software behind the attack in upward of 70 countries, although both said the attack has hit Russian Federation hardest.

"Without further technical investigation - it's impossible to say who is behind the attack, but it can be virtually anyone - from a small group of Black Hats seeking profit, to a state-sponsored hacking group", the statement continued.

Health-care organizations are notoriously slow to apply security fixes, in part because of the disruption caused by taking critical systems offline.

The ransomware appeared to exploit a vulnerability in Microsoft Windows that was purportedly identified by the U.S. National Security Agency for its own intelligence-gathering purposes and was later leaked to the internet.

A malware tracking map showed "WannaCry" infections were widespread.

Hospitals across Britain found themselves without access to their computers or phone systems.

But while FedEx Corp. reported that its Windows computers were "experiencing interference" from malware - it wouldn't say if it had been hit by the ransomware - other impacts in the USA were not readily apparent on Saturday.

The ransomware exploited a vulnerability that has been patched in updates of recent versions of Windows since March, but Microsoft didn't make freely available the patch for Windows XP and other older systems. Home Secretary Amber Rudd said all but six of the NHS trusts back to normal Saturday.

All this may be just a taste of what's coming, another cyber security expert warned.

Cybersecurity firm Avast said it has tracked more than 75,000 attacks in 99 countries. "Most folks that have paid up appear to have paid the initial $300 in the first few hours".

The attacks came overnight in the form of ransomware, a technique used by hackers that locks users' files unless they pay the attackers a designated sum in the virtual currency Bitcoin.

A spokesman for the European Union's police agency, Europol, says Britain and Spain have asked for its support as they investigate the ransomware cyberattacks in those countries.

Forcepoint said in a statement that the attack had "global scope", affecting organisations in Australia, Belgium, France, Germany, Italy and Mexico.

The MalwareTech researcher agreed that the threat hasn't disappeared.

It turned out that the ransomware code was written to connect to an unregistered domain and "if the connection is not successful it ransoms the system, if it is successful, the malware exits".

But the kill switch couldn't help those already infected. Short of paying, options for these individuals and companies are usually limited to recovering data files from a backup, if available, or living without them.

Security experts said the attack appeared to be caused by a self-replicating piece of software that enters companies and organizations when employees click on email attachments, then spreads quickly internally from computer to computer when employees share documents and other files. Shortly after that disclosure, Microsoft announced that it had already issued software "patches", or fixes, for those holes - but many users haven't yet installed the fixes or are using older versions of Windows. AP reporter Jim Heintz contributed from Moscow.

Burnett reported from Chicago and Breed from Raleigh, North Carolina.

D'autres rapports CampDesrEcrues

Discuter de cet article