Published: Sun, May 14, 2017
Sci-tech | By Carrie Guzman

Countries race to halt ransomware

Countries race to halt ransomware

Germany's national railway says that it was among the organizations affected by the global cyberattack but there was no impact on train services.

The ransomware took control of computers around the world and required owners to pay hundreds of dollars to get their files back.

(AP Photo/Paul White). A security guard stands outside the Telefonica headquarters in Madrid, Spain, Friday, May 12, 2017. The cyberextortion attack hitting dozens of countries was a "perfect storm" of sorts.

By SYLVIA HUI, ALLEN G.

The massive ransomware attack that crippled more than 20% of hospitals in the United Kingdom and disabled systems in as many as 74 countries appears to have been inadvertently stopped by a 22-year-old computer security researcher in England who began studying it Friday afternoon.

In the midst of all the chaos, a young British researcher happened to stumble upon and activate a "kill switch" stopping the spread of the global cyberattack. "The fact is the NHS has fallen victim to this", Rudd said.

Security experts tempered the alarm bells by saying that widespread attacks are tough to pull off.

Prior to the dump, Microsoft released a fix, or patch, for the issue, although computers that did not install the update, or could not due to the age of their software, would have been vulnerable to attack. "Or we could potentially see copycats mimic the delivery or exploit method they used". Experts say it will be hard for them to replicate the conditions that allowed the so-called WannaCry ransomware to proliferate across the globe.

UK interior minister says health system has recovered from cyberattack
Patients were asked not to go to hospitals unless it was an emergency and even some key services like chemotherapy were canceled. NHS bosses are now scrambling to restore systems by tomorrow morning, but insisted no patient data had been compromised.

This is already believed to be the biggest online extortion attack ever recorded, disrupting computers that run factories, banks, government agencies and transport systems in nations as diverse as the U.S., Russia, Ukraine, Brazil, Spain and India. Europol, the European Union's police agency, said the onslaught was at "an unprecedented level and will require a complex worldwide investigation to identify the culprits".

The ransomware is a type of malicious software that infects a computer and restricts users' access to it until a ransom is paid to unlock it. The Spanish government said several companies including Telefonica had been targeted in ransomware cyberattack that affected the Windows operating system of employees' computers. Security officials in Britain urged organizations to protect themselves from ransomware by updating their security software fixes, running anti-virus software and backing up data elsewhere. Security experts remained cautious, however, and stressed there was a continuing threat. In December it was reported that almost all NHS trusts were using an obsolete version of Windows that Microsoft had stopped providing security updates for in April 2014. Those expectations prompted businesses to call in technicians to work over the weekend to make sure networks were protected with security updates needed to thwart Eternal Blue.

The UK-based cyber specialist, known only as MalwareTech, registered a domain name that unexpectedly stopped the spread of the virus. That low-cost move redirected the attacks to MalwareTech's server, which operates as a "sinkhole" to keep malware from escaping.

The anonymous "hero" found that by registering a simple website name for less than a tenner, he caused the malware to "exit" every time it infected a new machine. Short of paying, options for these individuals and companies are usually limited to recovering data files from a backup, if available, or living without them.

The malicious software behind the onslaught appeared to exploit a vulnerability in Microsoft Windows that was supposedly identified by the National Security Agency for its own intelligence-gathering purposes and was later leaked to the internet.

British cybersecurity expert Graham Cluley doesn't want to blame the NSA for the attack. Other services soon went down, and then, the unidentified NHS worker says, a "bitcoin virus pop-up message" started taking over computer screens. The U.S. Department of Homeland Security said it was sharing information with domestic and foreign partners and was ready to lend technical support.

An IT worker at the public health care system tells The Guardian newspaper that it's the biggest problem they've seen in their six years working for the service.

The tools used to carry out the hack - dubbed a superweapon - are thought to be a surveillance tool developed by the US's National Security Agency (NSA) to spy on terrorists and enemy states. "It's a handy thing to have, but it's a risky thing to have. And that's what's happening right now".

Like this: