Published: Sun, May 14, 2017
Worldwide | By Gretchen Simon

World licks cyber wounds from ransomware attack


The ransomware was created to repeatedly contact an unregistered domain listed in its code.

"Unlike most other attacks, this malware is spreading primarily by direct infection from machine to machine on local networks, rather than purely by email", said Lance Cottrell, chief scientist at the United States technology group Ntrepid.

"Later we found out that the domain was supposed to be unregistered and the malware was counting on this, thus by registering it we inadvertently stopped any subsequent infections", @MalwareTechBlog told CNNTech.

Governments and private security firms on Saturday that they expect hackers to tweak the malicious code used in Friday's attack, restoring the ability to self-replicate.

The kill switch couldn't help those already infected, however.

"A lot of people are going to go to work on Monday and click on a link in their mail - completely oblivious that all of this is going on or have heard about it and think that it's over - and suddenly wipe out their whole company", Gazeley said from Hong Kong.

Finance chiefs from the Group of Seven rich countries were to commit on Saturday to joining forces to fight the growing threat of global cyber attacks, according to a draft statement of a meeting they are holding in Italy."Appropriate economy-wide policy responses are needed", the ministers said in their draft statement, seen by Reuters. Two security firms - Kaspersky Lab and Avast - said they identified the malicious software in more than 70 countries.

European Union's law enforcement agency Europol described the attack as unprecedented in terms of its scale.

The ransomware, called WannaCrypt or WannaCry, locks down all the files on an infected computer and asks the computer's administrator to pay to regain control of them.

The attacks apparently exploited a flaw exposed in documents leaked from the US National Security Agency (NSA).

The malware is spread by taking advantage of a Windows vulnerability that Microsoft released a security patch for in March.

Comac C919 takes off for maiden flight in China
Already the second-largest commercial aviation market for passengers in the world, China is expected to surpass the U.S. by 2024. Soaring in the fiercely competitive commercial-aviation market is a far tougher proposition, aviation analysts say.

The worldwide effort to extort cash from computer users is so unprecedented that Microsoft quickly changed its policy, announcing security fixes available for free for the older Windows systems still used by millions of individuals and smaller businesses. Pictures posted on social media showed screens of NHS computers with images demanding payment of Dollars 300 (275 euros) in Bitcoin, saying: "Ooops, your files have been encrypted!"

The Home Secretary admitted that outdated software left some NHS systems vulnerable, adding that it is important to remember that it was not the health service alone that has been affected. The NHS said in a statement on Saturday that there was no evidence that patient information had been compromised.

It was reported yesterday (Friday, May 12) that hospitals - including Watford General, Hemel Hempstead and St Albans - had been facing issues with their phone and computer systems.

Grant Gowers, 50, from Clacton-on-Sea in southern England, told CNN how the ransomware attack had directly affected him.

But around 5 p.m. Friday he got a call to say his biopsy had been canceled as a result of the ransomware attack. But that's not good enough for Gowers.

The First Minister and Ms Robison have been updated on the situation and Justice Secretary Michael Matheson has participated in the UK Government COBR meeting chaired by the Home Secretary this afternoon.

He said that Russian Federation and India were hit particularly hard, in large part because the older Windows XP operating software is still widely used in the countries. Users should download the patch before clicking on any link in email.

Microsoft said it pushed out automatic Windows updates to defend existing clients from WannaCry.

If your computer has been affected, there's no guarantee that paying the ransom will restore it, Gazeley said.

Sberbank, Russia's largest bank, is quoted to have said that its systems "detected in time the attempts to penetrate bank infrastructure".

"Measures are being put in place to stop the spread of the virus; it's the first step".

Like this: