cyber attacks
May 13, 2017Fast-moving cyber attacks wreak havoc worldwide
WASHINGTON:
A fast-moving wave of cyberattacks swept the globe Friday, apparently
exploiting a flaw exposed in documents leaked from the US National
Security Agency.
The attacks -- which experts said affected dozens of countries -- used a technique known as ransomware that locks users' files unless they pay the attackers a designated sum in the virtual currency Bitcoin.
Affected by the onslaught were computer networks at hospitals in Britain, Russia's interior ministry, the Spanish telecom giant Telefonica and the US delivery firm FedEx and many other organizations.
Britain's National Cyber Security Centre and its National Crime Agency were looking into the UK incidents, which disrupted care at National Health Service facilities.
"This is not targeted at the NHS, it's an international attack and a number of countries and organizations have been affected," British Prime Minister Theresa May said.
Russia's interior ministry said that some of its computers had been hit by a "virus attack" and that efforts were underway to destroy it.
The US Department of Homeland Security's computer emergency response team said it was aware of ransomware infections "in several countries around the world."
Jakub Kroustek of the security firm Avast said in a blog post update around 2000 GMT, "We are now seeing more than 75,000 detections... in 99 countries."
Kaspersky researcher Costin Raiu cited 45,000 attacks in 74 countries, saying that the malware, a self-replicating "worm," was spreading quickly.
In a statement, Kaspersky Labs said it was "trying to determine whether it is possible to decrypt data locked in the attack -- with the aim of developing a decryption tool as soon as possible."
'Unequivocally scary'
"It's unequivocally scary," said John Dickson of the Denim Group, a US security consultancy.
Dickson said the malware itself, which exploits a flaw in Windows, was not new but that adding the ransomware "payload" made it especially dangerous.
"I'm watching how far this propagates and when governments get involved," he said.
The malware's name is WCry, but analysts were also using variants such as WannaCry.
Forcepoint Security Labs said in a statement that the attack had "global scope" and was affecting networks in Australia, Belgium, France, Germany, Italy and Mexico.
In the United States, FedEx acknowledged it had been hit by malware and was "implementing remediation steps as quickly as possible."
Britain's National Health Service declared a "major incident" after the attack, which forced some hospitals to divert ambulances and scrap operations.
Message to users: 'Oops'
Pictures posted on social media showed screens of NHS computers with images demanding payment of $300 (275 euros) in Bitcoin, saying: "Ooops, your files have been encrypted!"
It demands payment in three days or the price is doubled, and if none is received in seven days, the files will be deleted, according to the screen message.
A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the NSA, Kaspersky said.
The attacks -- which experts said affected dozens of countries -- used a technique known as ransomware that locks users' files unless they pay the attackers a designated sum in the virtual currency Bitcoin.
Affected by the onslaught were computer networks at hospitals in Britain, Russia's interior ministry, the Spanish telecom giant Telefonica and the US delivery firm FedEx and many other organizations.
Britain's National Cyber Security Centre and its National Crime Agency were looking into the UK incidents, which disrupted care at National Health Service facilities.
"This is not targeted at the NHS, it's an international attack and a number of countries and organizations have been affected," British Prime Minister Theresa May said.
Russia's interior ministry said that some of its computers had been hit by a "virus attack" and that efforts were underway to destroy it.
The US Department of Homeland Security's computer emergency response team said it was aware of ransomware infections "in several countries around the world."
Jakub Kroustek of the security firm Avast said in a blog post update around 2000 GMT, "We are now seeing more than 75,000 detections... in 99 countries."
Kaspersky researcher Costin Raiu cited 45,000 attacks in 74 countries, saying that the malware, a self-replicating "worm," was spreading quickly.
In a statement, Kaspersky Labs said it was "trying to determine whether it is possible to decrypt data locked in the attack -- with the aim of developing a decryption tool as soon as possible."
'Unequivocally scary'
"It's unequivocally scary," said John Dickson of the Denim Group, a US security consultancy.
Dickson said the malware itself, which exploits a flaw in Windows, was not new but that adding the ransomware "payload" made it especially dangerous.
"I'm watching how far this propagates and when governments get involved," he said.
The malware's name is WCry, but analysts were also using variants such as WannaCry.
Forcepoint Security Labs said in a statement that the attack had "global scope" and was affecting networks in Australia, Belgium, France, Germany, Italy and Mexico.
In the United States, FedEx acknowledged it had been hit by malware and was "implementing remediation steps as quickly as possible."
Britain's National Health Service declared a "major incident" after the attack, which forced some hospitals to divert ambulances and scrap operations.
Message to users: 'Oops'
Pictures posted on social media showed screens of NHS computers with images demanding payment of $300 (275 euros) in Bitcoin, saying: "Ooops, your files have been encrypted!"
It demands payment in three days or the price is doubled, and if none is received in seven days, the files will be deleted, according to the screen message.
A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the NSA, Kaspersky said.
0 comments