Manhunt for hackers behind global cyberattack

Xavier Trudeau
Mai 15, 2017

A top mobile operator said Friday that it had been hit by cyperattacks similar to those that crippled some United Kingdom hospitals.

"The numbers are going up, I am anxious about how the numbers will continue to grow when people go to work and turn (on) their machines on Monday morning", Europol Director Rob Wainwright said. "The latest count is over 200,000 victims in at least 150 countries and those victims many of those will be businesses including large corporations", Wainwright told ITV news channel.

"At the moment, we are in the face of an escalating threat".

The threat from the cyber attack that crippled global services "will continue to grow" as people return to work on Monday, the head of Europol warned.

The government recommends reporting ransomware immediately to the Federal Bureau of Investigation or the U.S. Secret Service, and advises against paying ransoms, saying that payment is no guarantee of recovering data, and that it only encourages further attacks.

New versions of the worm are expected, they said, and the extent of the damage from Friday's attack remains unclear.

Hospitals, major companies and government offices were among those that were badly affected.

Jan Op Gen Oorth, spokesman for the Netherlands-based Europol, said the number of individuals who have fallen victim to the cyberextortion attack could be much higher. The main challenge for investigators was the fast-spreading capabilities of the malware, he said, adding that so far not many people have paid the ransoms that the virus demands.

Cyber security research experts warned against giving in to criminal syndicates in order to have data unlocked.

"It was a promise over the parliament, over the five years, we are only two years into the old parliament and I can assure you that we are spending a lot of money on recruiting but also on giving the armed forces the equipment they need".

Meanwhile, a global manhunt is on for the perpetrators of the attack that is being described as the biggest-ever cyber ransom attack.

How did the attack occur?

Any halting of the initial spread, however, does not help with computers already infected.

USA software firm Symantec said the majority of organizations affected were in Europe.

Britain's National Cyber Security Center and others were hailing the cybersecurity researcher, a 22-year-old identified online only as MalwareTech, who - unintentionally at first - discovered a so-called "kill switch" that halted the unprecedented outbreak.

Soon he and MalwareTech were communicating about what they'd found: That registering the domain name and redirecting the attacks to MalwareTech's server had activated the kill switch, halting the ransomware's infections.

"One thing that is very important to note is our sinkholing only stops this sample and there is nothing stopping them removing the domain check and trying again, so it's incredibly importiant [sic] that any unpatched systems are patched as quickly as possible".

In an open letter to health secretary Jeremy Hunt on Saturday, he wrote: "I urge you to publicly outline the immediate steps you'll be taking to significantly improve cybersecurity in our NHS".

The assault, which began Friday and was being described as the biggest-ever cyber ransom attack, struck state agencies and major companies around the world - from Russian banks and British hospitals to FedEx and European auto factories.

Security experts tempered the alarm bells by saying that widespread attacks are tough to pull off.

The malware responsible Wanna Decryptor, which exploits a vulnerability in Microsoft Windows, and was originally developed by the US National Security Agency, and then leaked onto the web by hackers.

D'autres rapports CampDesrEcrues

Discuter de cet article