Jeepers

Cyber Attack

11 posts in this topic

It's really scary (to me) that hospitals and health care clinics were affected.

 

More disruptions feared from cyber attack; Microsoft slams government secrecy

May 14th 2017 7:04PM

 

WASHINGTON/FRANKFURT, May 14 (Reuters) - U.S. and European officials scrambled to catch the culprits behind a massive ransomware worm that caused damage across the globe over the weekend, stopping car factories, hospitals, shops and schools, as Microsoft pinned blame on governments for not disclosing more software vulnerabilities.

 

The attack, which leveraged malicious software that security researchers widely believe was stolen from the U.S. National Security Agency, is the latest example of why the stockpiling of vulnerabilities by governments is such a problem, Microsoft President and Chief Legal Officer Brad Smith said in a blog post.

 

"The governments of the world should treat this attack as a wake-up call," Smith wrote. "We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits."

 

Cyber security experts said the spread of the virus dubbed WannaCry - "ransomware," which locked up more than 200,000 computers in more than 150 countries - had slowed but that the respite might only be brief amid fears it could cause new havoc on Monday when employees return to work.

 

New versions of the worm are expected, they said, and the extent - and economic cost - of the damage from Friday's attack were unclear.

 

"It's going to be big, but it's too early to say how much it's going to cost because we still don't know the magnitude of the attacks," said Mark Weatherford, an security executive whose previous jobs included a senior cyber post with the U.S. Department of Homeland Security.

 

The investigations into the attack were in the early stages, and attribution for cyber attacks is notoriously difficult.

 

U.S. President Donald Trump on Friday night ordered his homeland security adviser, Tom Bossert, to convene an "emergency meeting" to assess the threat posed by the global attack, a senior administration official told Reuters.

 

Senior U.S. security officials held another meeting in the White House Situation Room on Saturday, and the FBI and the National Security Agency were working to help mitigate damage and identify the perpetrators of the massive cyber attack, said the official, who spoke on condition of anonymity to discuss internal deliberations.

 

The NSA is widely believed to have developed the hacking tool that was leaked online in April and used as a catalyst for the ransomware attack.

The original attack lost momentum late on Friday after a security researcher took control of a server connected to the outbreak, which crippled a feature that caused the malware to rapidly spread across infected networks.

 

Infected computers appear to largely be out-of-date devices that organizations deemed not worth the price of upgrading or, in some cases, machines involved in manufacturing or hospital functions that proved too difficult to patch without possibly disrupting crucial operations, security experts said.

 

Marin Ivezic, cyber security partner at PwC, said that some clients had been "working around the clock since the story broke" to restore systems and install software updates, or patches, or restore systems from backups.

 

Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm to spread across networks, a rare and powerful feature that caused infections to surge on Friday.

 

Code for exploiting that bug, which is known as "Eternal Blue," was released on the internet in March by a hacking group known as the Shadow Brokers. The group said it was stolen from a repository of NSA hacking tools. The agency has not responded to requests for comment.

 

Hong Kong-based Ivezic said that the ransomware was forcing some more "mature" clients affected by the worm to abandon their usual cautious testing of patches "to do unscheduled downtime and urgent patching, which is causing some inconvenience." He declined to identify clients that had been affected.

 

The head of the European Union police agency said on Sunday the cyber assault hit 200,000 victims in at least 150 countries and that number would grow when people return to work on Monday.

 

"At the moment, we are in the face of an escalating threat. The numbers are going up, I am worried about how the numbers will continue to grow when people go to work and turn (on) their machines on Monday morning," Europol Director Rob Wainwright told Britain's ITV.

 

MONDAY MORNING RUSH?

Monday was expected to be a busy day, especially in Asia which may not have seen the worst of the impact yet, as companies and organizations turned on their computers.

 

"Expect to hear a lot more about this tomorrow morning when users are back in their offices and might fall for phishing emails" or other as yet unconfirmed ways the worm may propagate, said Christian Karam, a Singapore-based security researcher.

 

Targets both large and small have been hit. Renault said on Saturday it had halted manufacturing at plants in Sandouville, France, and Romania to prevent the spread of ransomware in its systems.

 

Among the other victims is a Nissan manufacturing plant in Sunderland, northeast England.

 

Hundreds of hospitals and clinics in the British National Health Service were infected on Friday, forcing them to send patients to other facilities.

German rail operator Deutsche Bahn said some electronic signs at stations announcing arrivals and departures were infected.

 

In Asia, some hospitals, schools, universities and other institutions were affected. International shipper FedEx Corp said some of its Windows computers were also breached.

 

Telecommunications company Telefonica was among the targets in Spain. Portugal Telecom and Telefonica Argentina both said they were also targeted.

 

A Jakarta hospital said on Sunday that the cyber attack had infected 400 computers, disrupting the registration of patients and finding records. The hospital said it expected big queues on Monday when about 500 people were due to register.

 

In Singapore, a company that supplies digital signage, MediaOnline, was rushing to fix its systems after a technician's error had led to 12 kiosks being infected in two of the island country's malls. Director Dennis So said the systems were not connected to malls' or tenants' networks.

 

'RANSOM' PAYMENTS MAY RISE

Account addresses hard-coded into the malicious WannaCry software code appear to show the attackers had received just under $32,500 in anonymous bitcoin currency as of 1100 GMT (7 a.m. EDT) on Sunday, but that amount could rise as more victims rush to pay ransoms of $300 or more to regain access to their computers, just one day before the threatened deadline expires.

 

The threat receded over the weekend after a British-based researcher, who declined to give his name but tweets under the profile @MalwareTechBlog, said he stumbled on a way to at least temporarily limit the worm's spread by registering a web address to which he noticed the malware was trying to connect.

 

Security experts said his move bought precious time for organizations seeking to block the attacks.

 

Researchers remained on high alert for new variants that could lead to a fresh wave of infections. Researchers from three security firms dismissed initial reports on Saturday that a new version of WannaCry/WannaCrypt had emerged, saying this was based on a rushed analysis of code data that proved erroneous.

 

The MalwareTech researcher warned on Twitter on Sunday: "Version 1 of WannaCrypt was stoppable but version 2.0 will likely remove the flaw. You're only safe if you patch ASAP."

 

Bryce Boland, Asia Pacific chief technology officer for FireEye, a cyber security company, said it would be straightforward for existing attackers to launch new releases or for other ransomware authors to start copying the way the malware replicated.

 

The U.S. government on Saturday issued a technical alert with advice on how to protect against the attacks, asking victims to report any to the Federal Bureau of Investigation or Department of Homeland Security.

 

https://www.aol.com/article/news/2017/05/14/more-disruptions-feared-from-cyber-attack-microsoft-slams-gover/22086413/

 

 

Edited by Jeepers
Added the link
1 person likes this

Share this post


Link to post
Share on other sites

Has this malware/ransomware reached PERSONAL computers?  Cuz my [less than year old] Win10 computer has been acting WEIRD for 3 days.  I'm on DH's laptop now and he's working on getting WHATEVER outta mine.  Aiiiiieeeeee....  :banghead:   

 

Stay tuned for .....whatever.  It's been a baaad day today anyway.  Very frustrating and taxing day.  Poor DH went to work late and hungry.  :gaah:

 

MtRider :offtobed:

Share this post


Link to post
Share on other sites
13 hours ago, Jeepers said:

 

Infected computers appear to largely be out-of-date devices that organizations deemed not worth the price of upgrading or, in some cases, machines involved in manufacturing or hospital functions that proved too difficult to patch without possibly disrupting crucial operations, security experts said.

 

Mt_Rider,  I am hoping this does not effect personal computers.  (I did a manual update to my virus software and am running a full scan right now.)

 

Your Win10, along with your anti-virus software, may have been working overtime to download the 'patch' to protect themselves. 

 

This article has me wondering if, my system - provider was not hit also.  Friday, the second representative mentioned once in our conversation, "...someone has hacked your modem..."  I thought he was full of it, because no one here was on the computer when it happened.

 

Also, first thing yesterday morning, my phone did a major update.  Seems to me, all the providers are trying to address this situation as quickly as they can. 

Share this post


Link to post
Share on other sites

I think it mostly affected Asia and European countries. I THINK any issues we are having in this country is with companies scrambling to do updates.

 

That is just a guess though.

Share this post


Link to post
Share on other sites

Was still really messed up last nite when we got home.  DH did some scans and downloaded a Malware Fighter program in the same type/company as some of our other scans, etc.  Ran most of the night.  When it was finally done, my laptop is working normally again.  ....I hope.

 

Hope you get your tech stuff all lined up and working again, Annarchy!

 

MtRider   :pc_coffee:

Share this post


Link to post
Share on other sites

If you get ransomware,  which is what this virus is,  you would know. It would pop up a message telling you that you have x amount of time to send x amount of money to some account before your data is permanently deleted. 

Share this post


Link to post
Share on other sites

Hmmm...that's.......spooky!  No, I guess mine was an ordinary virus, bug, malfunction, whatever.  Working ok today.

 

News said a lot of $ has been paid out globally cuz systems are vitally needed.  .....What happened to "cheaters never prosper"   :tapfoot:

 

MtRider  :pc_coffee:

Share this post


Link to post
Share on other sites

Yes, I heard the infected computers were totally encrypted.

Share this post


Link to post
Share on other sites

I also heard that money was paid and a lot of files were still not returned. :angry:

Share this post


Link to post
Share on other sites

When we lived in Scotland, we were on national healthcare. All of their medical systems are tied together and were hit hard the other day. They couldn't even run some of the emergency rooms in England. Maybe that's one reason we shouldn't put all our eggs in one basket with our own national healthcare system. :-)

 

3 people like this

Share this post


Link to post
Share on other sites

:amen: to that Homesteader!

 

MtRider 

Share this post


Link to post
Share on other sites
Guest
You are commenting as a guest. If you have an account, please sign in.
Reply to this topic...

×   You have pasted content with formatting.   Remove formatting

  Only 75 emoticons maximum are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

Loading...