Worldwide 'Wannacry' Cyberattack Sparks Fewer Aftershocks Than Feared

Claudine Rigal
Mai 16, 2017

The malware used a technique purportedly stolen from the U.S. National Security Agency.

The ransomware wreaked havoc last Friday and affected some bog companies worldwide including FedEx and UK's National Health Service, where operations were canceled and records became inaccessible.

The attack held users hostage by freezing their computers, popping up a red screen with the words, "Oops, your files have been encrypted!" and demanding money through online bitcoin payment - $300 at first, rising to $600 before it destroys files hours later. Russian Federation and Ukraine had a heavy concentration of infections, according to Dutch security company Avast Software BV.

Microsoft Corp. President Brad Smith, in a blog post Sunday, said the attack is a "wake-up call" for governments in the USA and elsewhere to stop stockpiling tools to exploit digital vulnerabilities. "They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world", he said.

Microsoft's top lawyer has called on governments around the world to treat the global cyber attack as a "wake-up call" as he laid part of the blame at the door of the USA administration.

The ransomware exploits a vulnerability in outdated versions of Microsoft Windows that is particularly problematic for corporations that don't automatically update their systems.

The WannaCrypt ransomware spread to devastating effect last week using worm -like capabilities that relied on a recently patched vulnerability in Microsoft's SMB file-sharing services (MS17-010).

"This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem".

Carmaker Renault said one of its French plants, which employs 3,500 people, wasn't reopening Monday as a "preventative step" while technicians deal with the aftermath of the attack.

He said few banks in Europe had been affected, having learned through the "painful experience of being the number one target of cyber crime" the value of having the latest cyber security in place.

Acute hospital sites in Lanarkshire, as well as GP surgeries, dental practices and other primary-care centres around the country, were among those hit.

In Japan, a spokesman for Hitachi said the conglomerate discovered problems on Monday morning and its computer networks were "unstable".

Russia's Interior Ministry, with oversight of the police forces, said about "1,000 computers were infected", which it described as less than 1 per cent of the total, according to its website.

But NHS Digital said it had made health trusts aware last month of IT protection that could have prevented the attack. More than 80 per cent of the stations had been reconnected to the network as of noon on May 14, the company said. Several Chinese government bodies, including police and traffic authorities, reported they had been impacted by the hack, according to posts on official microblogs. "This is probably version 2.1, and it has the potential to be much more effective-assuming security defenders haven't spent all weekend patching", he said.

The country's biggest cinema chain CJ CGV said some of its advertisement servers connected to 50 cinemas had been affected, Yonhap news agency said. Acknowledged as the first globally coordinated cyberattack, WannaCry (also known as WannaCrypt) has wrought havoc on hospitals in the United Kingdom, vehicle factories, telecom companies, mass transit systems in the European Union, and hundreds of other organizations around the planet.

"It seems that a lot of internet security guys over the weekend did their homework and ran the security software updates", Op Gen Oorth told AFP.

Victims have been advised by security experts not to pay up. Other researchers, including Kevin Beaumont, are also telling us they haven't yet seen a variant of WannaCrypt without a kill switch.

A security researcher going by the handle malwaretechblog on Twitter registered a domain used by the malware on 13 May.

D'autres rapports CampDesrEcrues

Discuter de cet article