wnol.info May 30 2017


Cyber attack hits 200000 in at least 150 countries -Europol

May 30 2017, 07:23 | Rex Rios

But many corporations don't automatically update their systems, because Windows updates can screw up their legacy software programs.

Microsoft on Sunday said a software vulnerability stolen from the U.S. National Security Agency has affected customers around the world, and described the spread of the WannaCrypt ransomware on Friday in many countries as yet another example of the problems caused by the stockpiling of vulnerabilities by governments.

Experts said it appeared that the ransomware had made just over $32,000, although they expected that number to pop when people went back into the office Monday.

Victims are then asked to pay a ransom to unscramble their files. Cyber criminals targeted users in 150 nations, including the U.S., Russia, Brazil, Spain, and India, along with major government agencies, such as the U.K.'s National Health Service and Germany's national railway. Copycat attacks could follow.

Security experts have warned that another attack is imminent and could be unstoppable.

Among those affected by the virus was Nissan, but the vehicle manufacturer said there had been no major impact.

Europol director Rob Wainwright said the attack was indiscriminate across the private and public sectors.

"The numbers are going up".

The hackers behind WannaCry took things a step further by creating a ransomware worm, allowing them to demand ransom payments not just from individual but from entire organizations - maybe even thousands of organizations.

Microsoft issued a "highly unusual" security patch for the out-of-support Windows XP, Windows 8, and Windows Server 2003 operating systems over the weekend to fix the holes in SMBv1.

The patches won't do any good for machines that have already been hit.

"I feel quite sorry for them - they are faced maybe not with the best systems".

Britain's National Cyber Security Center said it could have been much worse if not for a 22-year-old Britain-based cybersecurity researcher.

"The recent attack is at an unprecedented level and will require a complex worldwide investigation to identify the culprits", it said in a statement.

The identity of the hacker who perpetrated the wave of attacks remains unknown. Company President Brad Smith has posted a response to the attack that roasts the NSA, CIA and other intelligence agencies for hogging security vulnerabilities instead of disclosing them to be fixed.

High-profile victims include hospitals in Britain, the Spanish telecoms firm Telefonica, French carmaker Renault, US package delivery firm FedEx, Russia's interior ministry and German rail operator Deutsche Bahn.

A number of hospitals in England and Scotland were forced to cancel procedures after dozens of NHS systems were brought down, with doctors reporting how their computers were locked "one by one" as the attack spread over the weekend.

And that's for a simple reason: Individuals and organizations alike are fundamentally awful about keeping their computers up-to-date with security fixes.

Experts say it will be hard for them to replicate the conditions that allowed the so-called WannaCry ransomware to proliferate across the globe. Organizations had two months to update their Microsoft products, which would have protected their systems.

'We're not talking about a government organisation or a hospital or anything like that.

Meanwhile health authorities are racing to upgrade security software amid fears hackers could exploit the same vulnerability with a new virus.

When CNNTech first reported the Microsoft vulnerabilities leaked in April, Hickey said they were the "most damaging" he'd seen in several years, and warned that businesses would be most at risk.

For now, the ransomware outbreak has been somewhat contained thanks to a United Kingdom researcher who managed to accidentally shut the operation down by simply registering a domain. Lieu said it is "deeply disturbing" the NSA likely wrote the original malware used to ransom computers.



Other news