Published: Sun, May 14, 2017
Sci-tech | By Carrie Guzman

Global ransomware attack: 5 things to know


Avast said the majority of the attacks targeted Russia, Ukraine and Taiwan. Britain canceled or delayed treatments for thousands of patients, even people with cancer. An unidentified young cybersecurity researcher claimed to help halt WannaCry's spread by activating a so-called "kill switch".

The ransomware was created to repeatedly contact an unregistered domain listed in its code.

The spread of the ransomware capped a week of cyber turmoil in Europe that began when hackers posted a trove of campaign documents tied to French candidate Emmanuel Macron just before a run-off vote in which he was elected president of France.The hack happened four weeks before a British general election in which national security and the management of the state-run National Health Service are important issues.Authorities in Britain have been braced for cyber attacks in the run-up to the election, as happened during last year's US election and on the eve of the French run-off vote on May 7. Since no one had registered or owned the domain before, MalwareTech chose to register that domain on a hunch. And those fixes will do nothing for newer systems if they aren't installed.

The consequences for the company remained unclear. "The recent attack is at an unprecedented level and will require a complex global investigation to identify the culprits", it said in a statement.Some experts said the threat had receded for now, in part because a British-based researcher, who declined to give his name, registered a domain that he noticed the malware was trying to connect to, and so limited the worm's spread.

The UK government has called a meeting of its crisis response committee, known as Cobra, on Saturday to discuss the situation.

Only a small number of US -headquartered organizations were hit because the hackers appear to have begun the campaign by focusing on targets in Europe, said Thakur.

Authorities in both countries said the attack was conducted using "ransomware" - malicious software that infects machines, locks them up by encrypting data and demands a ransom to restore access.

The worldwide cyberextortion attack has prompted Microsoft to take the unusual step of making security fixes available for older Windows system. This tool travels from computer to computer on a network hidden in Word Documents and PDFs.

"The reason this is hitting so many computers at once is that they discovered a vulnerability in the most popular operating system in the world, in Microsoft windows", said John Carlin, former assistant attorney general for national security and an ABC News contributor.

Harry Potter And The Stolen Prequel: Police Search For Story Thief
With the high-dollar value of some of the other items that were stolen, the owner actually fears they might just throw it away. Describing herself as "rather bored by Twitter", she said she preferred to communicate with people in person.

But the patches won't do any good for machines that have already been hit.

"In this case, when we registered it, it turned out to be a kill switch", Salim Neino, CEO of Kryptos Logic, which employs MalwareTech as a cybersecurity researcher, told ABC News. "Most folks that have paid up appear to have paid the initial $300 in the first few hours".

Computer users worldwide — and everyone else who depends on them — should assume that the next big "ransomware" attack has already been launched, and just hasn't manifested itself yet, said Ori Eisen, founder of the Trusona cybersecurity firm in Scottsdale, Arizona.

WannaCry has already caused massive disruption around the globe.

In the United Kingdom, 45 organizations in the National Health Service were affected, home secretary Amber Rudd said Saturday, and hospitals in London, North West England and Central England urged people with non-emergency conditions to stay away as technicians tried to stop the spread of the malicious software. The security researcher - who uses the Twitter handle @MalwareTechBlog - registered that domain to collect the ransomware traffic for analysis and to track infections.

Global shipper FedEx Corp said some of its Windows computers were also breached. Two big telecom companies, Telefónica of Spain and Megafon of Russian Federation, were also hit.

As a result, over 100,000 new infections were prevented, according to U.K.'s National Cyber Security Centre. "Things could likely emerge on Monday" as staff return to work.China's information security watchdog said "a portion" of Windows systems users in the country were infected, according to a notice posted on the official Weibo page of the Beijing branch of the Public Security Bureau on Saturday. Several cybersecurity firms said they had identified the malicious software behind the attack, which has apparently hit Russian Federation the hardest.

Lawrence Abrams of BleepingComputer.com in NY says many organizations don't install security upgrades because they're anxious about triggering bugs, or they can't afford the downtime.

Consumers who have up-to-date software are protected from this ransomware. Here's how to turn automatic updates on. But in April this year, one of their internal tools called Eternalblue was stolen and leaked online.

Like this: