Results 1 to 5 of 5
Like Tree2Likes

Thread: Cyber attack spreads across 12 countries

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

  1. #1
    Senior Member JohnDoe2's Avatar
    Join Date
    Aug 2008
    Location
    PARADISE (San Diego)
    Posts
    99,040

    Cyber attack spreads across 12 countries

    Cyber attack spreads across 12 countries; some UK hospitals crippled

    Published May 12, 2017 Fox News

    File photo. (REUTERS/Kacper Pempel )


    Cyber attacks that hit 12 countries across Europe and Asia Friday, impacting the public health system in Britain, apparently involved a leaked hacking tool from the National Security Agency.

    The attack used ransomware, which is malware that encrypts data and locks a user from their data until they pay a ransom. The tool, which was leaked by a group known as Shadow Brokers, had been stolen from the N.S.A. as part of a wide swath of tools illegally released in 2016.

    TRUMP CAN WIN THE CYBER WAR (BY FOLLOWING CHURCHILL'S APPROACH)


    Microsoft said that they had rolled out a patch to fix the issue, but certain targets, including the hospitals in Britain, had not yet updated their systems.

    The malware was sent via email with a file attached to it. From there, it subsequently spread.


    Tom Donnelly, a spokesman for N.H.S. Digital, said the attack was still "ongoing" and that that the organization was "made aware of it this afternoon," according to an interview in The New York Times.


    The impact of the attacks caused phone lines to go down, appointments to be canceled and patients to be turned away, but there has been no reported evidence of patient data being breached.


    There were a number of pictures posted to social media highlighting the ransomware, which asked for $300 in Bitcoin.


    NHS Digital, which oversees cybersecurity in Britain, said the attack did not specifically target the NHS and "is affecting organizations from across a range of sectors." In total, 16 NHS organizations said they were affected.


    In addition, several Spanish companies had also been affected via a ransomware attack. Spain did not say which companies were affected, but Telefonica, a telecom giant said it had detected an incident which affected some of its employees.


    UK HOSPITALS TURN AWAY PATIENTS AFTER RANSOMWARE ATTACK


    Hospital operator NHS Merseyside tweeted "following a suspected national cyberattack, we are taking all precautionary measures possible to protect our local NHS systems and services."

    Bart's Health, which also operates a number of London-based hospitals, activated its major incident plan, which included canceling routine appointments and diverting ambulances to different hospitals.

    http://www.foxnews.com/tech/2017/05/...-crippled.html
    NO AMNESTY

    Don't reward the criminal actions of millions of illegal aliens by giving them citizenship.


    Sign in and post comments here.

    Please support our fight against illegal immigration by joining ALIPAC's email alerts here https://eepurl.com/cktGTn

  2. #2
    Senior Member posylady's Avatar
    Join Date
    Jul 2006
    Posts
    1,553
    Why would the NSA have something called ransom wear? NSA need to be shut down.

  3. #3
    Senior Member JohnDoe2's Avatar
    Join Date
    Aug 2008
    Location
    PARADISE (San Diego)
    Posts
    99,040
    Massive, fast-moving cyberattack hits as many as 74 countries

    As many as 74 countries have been hit by a huge, fast-moving and global ransomware attack that locks computers and demands the digital equivalent of $300 per computer.

    Jane Onyanga-Omara and Elizabeth Weise , USA TODAY , KHOU 6:11 PM. CDT May 12, 2017

    LONDON — As many as 74 countries have been hit by a huge, fast-moving and global ransomware attack that locks computers and demands the digital equivalent of $300 per computer, Kaspersky Lab, a Russian-based cybersecurity company, said Friday.

    The infections have disabled more than a dozen hospitals in the United Kingdom, Spain's largest telecom company and universities in Italy as well as some FedEx computers.

    Ransomware encrypts the files on a computer or network demanding that payment be made in Bitcoin or another untraceable digital currency before the criminals will unlock the files.


    Infected computers showed a screen giving the user three days to pay the ransom. After that, the price would be doubled. After seven days the files would be deleted, it threatened.


    In Spain, the largest telecommunications company reportedly would have had to pay close to $550,000 to unlock all the encrypted computers hit on its network.


    The ransomware code is named WanaCrypt and has been in use by criminals since at least February. It is available in at least 28 languages, including Bulgarian and Vietnamese, according to Avast, a Czech security company that is following the fast-moving attack.


    However, a new variant dubbed WannaCry was created that makes use of a vulnerability in the Windows operating system that was patched by Microsoft on March 14. Computers that have not installed the patch are potentially vulnerable to the malicious code, according to a Kaspersky Lab blog post on Friday.


    First appearance early Friday, dormant for weeks?


    The attack seems to have first appeared around 2 am ET on Friday in Europe, said Kurt Baumgartner, a principal security researcher with Kaspersky Lab in Moscow.


    "It's very well-written code and there is no easy way to crack the encrypted files once they're infected," he said.


    The breadth of the attack seems to indicate that the software had been spreading around the globe possibly for weeks but lay dormant when first introduced into a network, said Sean Dillon, a senior security analyst with RiskSense Inc.


    “Then the kill switch was pulled and everything went live. You can’t just infect that many computers in a single day,” he said.

    The ransomware is believed to be linked to an exploit, which is computer code that takes advantage of a computer vulnerability, known to have been used by the Equation Group, which many in the security world believe is connected to the National Security Agency (NSA).

    That exploit was one of many hacking tools stolen from the NSA and published online by a group that called itself the Shadow Brokers on April 14, according to Avast. That group has been leaking pieces of more than a gigabyte worth of older NSA software weapons since August.


    Avast has recorded over 50,000 attacks globally as of Friday afternoon. They span the globe with hits in multiple other countries. Russia’s Interior Ministry said Friday it had come under cyberattack.


    Perpetrators unknown

    Exactly who is behind the attack is unknown.
    Kasperksy's Baumgartner did note that although the ransomware was able to offer "how to pay" documents in dozens of languages, the only language whose writing was perfect was Russian, with the others showing distinct signs that a non-native speaker had written them. "The English is very good, but there are a couple of quirks that would lead me to believe it wasn't written by a native English speaker," he said.

    Also unknown is whether there are multiple coordinated attacks underway. It's also possible that the code was released once and is now working its way around the globe.


    It's moving so quickly in part because the exploit it's based on may allow it to because of a so-called "spreader" element it contains that allows it to spread quickly.


    While the full code hasn't yet been studied it's possible that each computer network would only need to be infected once via a phishing attack, when a user unwittingly opened an email or clicked a link containing the ransomware malicious code.


    As Dillon noted above, it's very likely the code was introduced into networks but didn't do anything until instructed to by whoever was behind it.


    That code might then be able to exploit vulnerabilities in the computer’s code to spread across any network it was a part of, said Philip Reitinger, president of the non-profit Global Cyber Alliance.


    Sometimes called a “wormable” vulnerability, it is considered very serious because of the speed at which worms can infect and jump from system to system, he said.


    Any network with a web server online that was running an unpatched Windows 10 machine would be vulnerable, and Dillon estimates there may be as many as 2 million such machines out there.


    “Once they’re on those machines, they’re past the firewalls, and from there they can just spread the infection,” he said.

    Services in London, the central city of Nottingham, and the counties of Hertfordshire and Cumbria were affected, according to the BBC. The National Health Service (NHS) said 16 of its organizations reported they were victims.

    The hackers behind the ransomware attack were demanding $300 worth of the online currency Bitcoin to release files from encryption, the Mirror and Telegraph reported.


    No evidence 'patient data has been accessed'

    In a statement, the NHS said: "A number of NHS organizations have reported to NHS Digital that they have been affected by a ransomware attack which is affecting a number of different organizations. The investigation is at an early stage but we believe the malware variant is Wanna Decryptor."

    "At this stage we do not have any evidence that patient data has been accessed. We will continue to work with affected organizations to confirm this."


    The NHS said the attack was not specifically targeted at the NHS and was affecting other organizations. It said it was working to resolve the problem.


    View image on Twitter




    Hackers behind the Wanna Decryptor virus, a type of malware, often ask users for money to retrieve access to files they have encrypted.

    NHS Merseyside, which operates a number of hospitals in northwestern England, tweeted, “we are taking all precautionary measures possible to protect our local NHS systems and services.” The NHS Merseyside website was down Friday afternoon local time.


    East and North Hertfordshire NHS Trust, which runs four hospitals north of London, said in a statement: "Immediately on discovery of the problem, the trust acted to protect its IT systems by shutting them down; it also meant that the trust’s telephone system is not able to accept incoming calls.”


    It said it was postponing all non-urgent work and asked people not to come to the accident and emergency unit.


    Doctors at some surgeries were forced to use pen and paper to record patient details following the attack.


    John Caldwell, a doctor in Liverpool, told the Guardian he had “no access to record systems or results."


    Chris Mimnagh, another doctor in Liverpool, told the Guardian: “Unable to access our clinical system – as a precaution our area has severed links to the wider NHS, which means no access to our national systems, no computers means no records, no prescriptions, no results. We are dealing with urgent problems only. Our patients are being very understanding so far.”


    NHS Million, a campaign which supports NHS staff and is separate from the NHS, tweeted: "We just don't understand the mentality of some people. The only people suffering are people that need emergency care. #nhscyberattack"


    Follow

    NHS Million @NHSMillion

    We just don't understand the mentality of some people. The only people suffering are people that need emergency care. #nhscyberattack https://twitter.com/UKMoments/status/863040711092031488 …
    7:58 AM - 12 May 2017



    http://www.khou.com/tech/massive-fas...es-1/439326229

    NO AMNESTY

    Don't reward the criminal actions of millions of illegal aliens by giving them citizenship.


    Sign in and post comments here.

    Please support our fight against illegal immigration by joining ALIPAC's email alerts here https://eepurl.com/cktGTn

  4. #4
    Senior Member JohnDoe2's Avatar
    Join Date
    Aug 2008
    Location
    PARADISE (San Diego)
    Posts
    99,040
    NO AMNESTY

    Don't reward the criminal actions of millions of illegal aliens by giving them citizenship.


    Sign in and post comments here.

    Please support our fight against illegal immigration by joining ALIPAC's email alerts here https://eepurl.com/cktGTn

  5. #5
    Senior Member artclam's Avatar
    Join Date
    Apr 2006
    Posts
    728
    Quote Originally Posted by posylady View Post
    Why would the NSA have something called ransom wear? NSA need to be shut down.
    It doesn't. Ransomware is a generic name for any malware which asks for money to restore the affected computer. This particular program incorporated code from the NSA to exploit a known bug in SMBv1 processing in order to gain entry to the computer. Here is a more detailed description http://blog.talosintelligence.com/2017/05/wannacry.html. Here are Microsoft's instructions on how to turn off SMBv1 in order to prevent this exploit https://technet.microsoft.com/en-us/.../ms17-010.aspx. Here is a real time map showing newly discovered affected computers https://intel.malwaretech.com/WannaCrypt.html.

Similar Threads

  1. Replies: 0
    Last Post: 11-03-2016, 08:44 PM
  2. Vermont illegal alien driver’s privilege card fraud spreads to foreign countries
    By ALIPAC in forum illegal immigration News Stories & Reports
    Replies: 1
    Last Post: 05-18-2015, 10:31 AM
  3. Cyber Attack Strikes Pro-Tea Party Group
    By JohnDoe2 in forum Other Topics News and Issues
    Replies: 0
    Last Post: 10-21-2010, 07:11 PM
  4. ALIPAC Resumes Operations after Cyber Attack?
    By ALIPAC in forum illegal immigration Announcements
    Replies: 26
    Last Post: 08-23-2009, 02:09 AM
  5. Cyber attack KOs federal sites
    By JohnDoe2 in forum Other Topics News and Issues
    Replies: 8
    Last Post: 07-08-2009, 01:16 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •