Microsoft re-releases security update after cyberattacks

Claudine Rigal
Mai 15, 2017

A day after a massive ransomeware attack hit almost 100 countries, including India, terrifying details were slowly emerging on Saturday as computers from hospitals in Britain to police stations in Andhra Pradesh were hacked into, keeping cyber security experts on tenterhooks.

Organizations around the world were digging out this weekend from what experts are calling one of the biggest cyberattacks ever.

The malicious software behind the onslaught appeared to exploit a vulnerability in Microsoft Windows that was supposedly identified by the US National Security Agency for its own intelligence-gathering purposes and was later leaked to the internet.

Also badly hit was Britain's National Health Service, which declared a "major incident" after the attack, which forced some hospitals to divert ambulances and scrap operations. Russian Federation appeared to be the hardest hit, according to security experts, with the country's Interior Ministry confirming it was struck.

All told, several cybersecurity firms said they had identified the malicious software, which so far has been responsible for tens of thousands of attacks, in more than 60 countries.

The cyberextortion attack hitting dozens of countries spread quickly and widely thanks to an unusual confluence of factors: a known and highly risky security hole in Microsoft Windows, tardy users who didn't apply Microsoft's March software fix, and a software design that allowed the malware to spread quickly once inside university, business and government networks.

Security experts said the attack appeared to be caused by a self-replicating piece of software that enters companies and organizations when employees click on email attachments, then spreads quickly internally from computer to computer when employees share documents and other files.

A screenshot of an apparent ransom message, sent to a hospital, showed a demand for $300 in bitcoin for files that had been encrypted to be decrypted. Short of paying, options for these individuals and companies are usually limited to recovering data files from a backup, if available, or living without them.

Security firm Malwarebytes and Cisco's Talos security group reported the same findings and said new ransomware infections appear to have slowed since the kill switch was activated. It said 16 NHS organizations had reported being hit. It was leaked previous year by a group called the Shadow Brokers, and Microsoft issued a patch to fix the vulnerability.

The ransomware is spread by taking advantage of a Windows vulnerability that Microsoft released a security patch for in March. "They said the system was down and that they can not transfer anyone till the computer system was back up", Brennan said.

It said its hospitals had shut down all computer systems as a protective measure and canceled all non-urgent activity.

However, Malwarebytes researcher Jerome Segura said it's too early to tell whether the kill switch will stop the Wana Decryptor attack for good.

The result has been a wave of canceled appointments and general disarray, as many hospitals are left unable to access basic medical records.

Forcepoint Security Labs said in a statement that the attack had "global scope" and was affecting networks in Australia, Belgium, France, Germany, Italy and Mexico.

British Prime Minister Theresa May said there was no evidence patient data had been compromised and added that the attack had not specifically targeted the National Health Service.

Citing a written statement by BTK, Turkey's official Anadolu news agency said the cyberattack affected 74 countries, "including Turkey in a small way".

The head of Turkey's Information and Communication Technologies Authority or BTK says the nation was among those affected by the ransomware attack.

Telecommunications company Telefonica was among many targets in Spain.

The cyber-extortion attack known as WannaCry spread quickly around the world due to some unusual factors coming together.

In the United Kingdom, hospitals in London, northwest England and other parts of the country reported problems and asked patients not to come to the hospitals unless it was an emergency.

He said many NHS hospitals in Britain use Windows XP software, introduced in 2001, and as government funding for the health service has been squeezed, "IT budgets are often one of the first ones to be reduced".

"Today, it happened to 10,000 computers", Eisen said. "I did not expect an attack on this scale".

D'autres rapports CampDesrEcrues

Discuter de cet article

SUIVRE NOTRE JOURNAL