Published: Sun, May 14, 2017
Medicine | By Earnest Bishop

Researcher finds 'kill switch' for cyberattack ransomware


Hospitals in England were victimized by WannaCry ransomware Friday and had to turn patients scheduled for surgery away and cancel appointments.

How did the attack occur?

"Our analysis indicates the attack, dubbed "WannaCry", is initiated through an SMBv2 remote code execution in Microsoft Windows".

A global "ransomware" attack, unprecedented in scale, had technicians scrambling to restore Britain's crippled hospital network Saturday and secure the computers that run factories, banks, government agencies and transport systems in many other nations.

Pictures posted on social media showed screens of NHS computers with images demanding payment of 300 (275 euros) in Bitcoin, saying: "Ooops, your files have been encrypted!"

Security researchers said they observed some victims paying via the digital currency, though they did not know what percent had given in to the extortionists.

Mikko Hypponen, its chief research officer, calls it "the biggest ransomware outbreak in history". The so-called ransomware attack appears to exploit a weakness that was purportedly identified by the U.S. National Security Agency and leaked to the internet.

All told, several cybersecurity firms said they had identified the malicious software responsible for tens of thousands of attacks in more than 60 countries, including the United States, though its effects in the US did not appear to be widespread, at least in the initial hours.

Managers at many companies and other organizations have not taken steps to put proper cybersecurity systems in place despite talking about their importance, Gazeley said.

Reports of attacks also came from Latin America and Africa."Kaspersky Lab, a Russian cybersecurity firm, said". It says any device using Windows is vulnerable to the ransomware.

The US Department of Homeland Security's computer emergency response team said it was aware of ransomware infections "in several countries around the world".

Microsoft also said it would roll out the update to users of older operating systems "that no longer receive mainstream support", such as Windows XP, Windows 8 and Windows Server 2003.

If you've not installed the March, April or May Windows Update bundles, do so immediately.

Arsenal boss Wenger hails EPL win
For them, in one situation, they scored. "It was interesting for many moments, but it's important to score". Sanchez subsequently came off, apparently with an injury that Arsenal will certainly hope is only minor.

In order to prevent the infection, CERT-In has advised users and organisations to apply the relevant patches to Windows systems as mentioned in the Microsoft Security Bulletin MS17-010.

Chris Mimnagh, another doctor in Liverpool, told the Guardian: "Unable to access our clinical system - as a precaution our area has severed links to the wider NHS, which means no access to our national systems, no computers means no records, no prescriptions, no results".

Finance chiefs from the G7 countries will commit on Saturday to join forces to fight the growing threat of worldwide cyber attacks, according to a draft statement of a meeting they are holding in Italy.

In the United Kingdom, hospitals in London, northwest England and other parts of the country reported problems and asked patients not to come to the hospitals unless it was an emergency. It is available in at least 28 languages, including Bulgarian and Vietnamese, according to Avast, a Czech security company that is following the fast-moving attack.

"Russia, Ukraine and Taiwan leading", Avast researcher Jakub Kroustek tweeted on Friday. The interior ministry said about 1,000 computers had been infected but it had localized the virus.

Prime Minister Theresa May said it wasn't just Britain.

He said the Federal Government was closely monitoring the situation.

He said the same thing could be done to crucial infrastructure, like nuclear power plants, dams or railway systems.

Speaking Saturday after an emergency government meeting in London, Home Secretary Amber Rudd said 48 out of 248 NHS organizations were affected by the largest-ever cyber-extortion attack, though "most of them are back to the normal course of business".

The ransomware, which has spread globally, has been infecting computers by exploiting a Windows vulnerability involving the Server Message Block protocol, a file-sharing feature.

A statement from the delivery company Friday said its Windows-based systems were "experiencing interference" due to malware and that it was trying to fix the issue as quickly as possible. Portugal Telecom and Telefonica Argentina both said they were also targeted.

Europol's European Cybercrime Centre, EC3, said in a statement today that the attack was "at an unprecedented level and will require a complex global investigation to identify the culprits".

Like this: