Trusts were told about security patch last month — NHS cyberattack

Alain Brian
Mai 17, 2017

The attack has hit more than 75,000 computers in 99 countries.

Britain's National Crime Agency, which tackles serious and organised crime, said it had not seen a second round of cyber attacks on Monday as experts had feared.

Europol estimates that the attack has hit at least 150 countries and infected 200,000 machines.

The NHS says it employs more than 1.5 million people, making it one of the world's biggest employers alongside the U.S. Department of Defence, Walmart and the Chinese army. In China, "hundreds of thousands" of computers at almost 30,000 institutions and organizations were infected by late Saturday, according to Qihoo 360, one of China's largest providers of antivirus software.

The Japan Computer Emergency Response Team Coordination Center, a nonprofit group providing support in computer attacks, said 2,000 computers at 600 locations in Japan were reported affected.

It has crippled Britain's health system - with stroke victims unable to undergo urgent surgery because their scans could not be accessed - and affected other businesses around the world.

How to prevent this attack?

In China, universities and other educational institutions were among the hardest hit, possibly because schools tend to have old computers and be slow to update operating systems and security, said Fang Xingdong, founder of ChinaLabs, an internet strategy think tank.

"Across the globe, events today have been at the lower end of our expectations", said Ciaran Martin, the head of the National Cyber Security Centre which is part of Britain's surveillance spy agency GCHQ.

'We're not talking about a government organisation or a hospital or anything like that. "It's like after a robber enters your home". What is new is the use of a worm to propagate through systems.

Ryan Kalember, senior vice president at Proofpoint Inc. which helped stop its spread, said the version without a kill switch could spread.

Medical staff reported seeing computers go down "one by one" as the Wanna Decryptor ransomware, also known as WannaCry, took hold, locking machines and demanding money to release the data.

"We haven't fully dodged this bullet at all until we're patched against the vulnerability itself", Kalember said.

This particular attack used malicious emails to encrypt a computer's data and demand payment of hundreds of dollars to decode the data. The main challenge for investigators was the fast-spreading capabilities of the malware, he said, adding that so far not many people have paid the ransoms that the virus demands.

"That's what makes this more troubling than ransomware was a week ago", Thakur said. Europol's Wainwright said few banks in Europe had been affected, having learned through the "painful experience of being the number one target of cyber crime" the value of having the latest cyber security in place. "I'm anxious about how the numbers will continue to grow when people go to work and turn on their machines on Monday", he said. Brad Smith criticized US intelligence agencies, including the CIA and National Security Agency, for "stockpiling" software code that can be used by hackers.

"This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem", he said.

D'autres rapports CampDesrEcrues

Discuter de cet article

SUIVRE NOTRE JOURNAL