Dozens of countries hit by huge cyberextortion attack

Adjust Comment Print

The cyberextortion attack hitting dozens of countries spread quickly and widely thanks to an unusual confluence of factors: a known and highly risky security hole in Microsoft Windows, tardy users who didn't apply Microsoft's March software fix, and a software design that allowed the malware to spread quickly once inside university, business and government networks. What is indicative of all these attacks is that both users of connected devices will continue to be targets as long as there is money to be made. Technical experts have warned that slightly varied versions of this ransomware attack could be witnessed in near future. To stop the spread of the contagion, some organizations, including the US Pentagon, CIA, the British Parliament, shut down their mail system.

He said it was too early to say who is behind the onslaught and what their motivation was.

The ransomware was created to repeatedly contact an unregistered domain listed in its code.

"Later we found out that the domain was supposed to be unregistered and the malware was counting on this, thus by registering it we inadvertently stopped any subsequent infections", @MalwareTechBlog told CNNTech. "Our immediate priority as a government is to disrupt the attack, restore affected services as soon as possible, and establish who was behind it". The temporary fix initially helped slow down the rate of infected computers.

The most disruptive attacks were reported in Britain, where hospitals and clinics were forced to turn away patients after losing access to computers.

Clapper and Europol say the scope of the problem may become bigger Monday when people switch on their computers.

The WannaCry virus hit computers in 16 United Kingdom hospitals, Telefonica Telecom in Spain, Gas Natural, Iberdrola, and more than 50,000 cases reported in 74 countries.

It says universities and educational institutions were among the hardest hit, numbering 4,341, or about 15 percent of internet protocol addresses attacked.

Puts the computers in hostage and to release them and do not delete the data, it asks ransom to Bitcoin.

The malicious software behind the onslaught appeared to exploit a vulnerability in Microsoft Windows that was supposedly identified by the US' National Security Agency (NSA) for its own intelligence-gathering purposes and was later leaked to the internet. The attack has started debate on keeping computer systems updated with latest security patches provided by software majors.

A cyberattack that is forcing computer owners to pay hundreds of dollars in ransom to unlock their files has hit nearly every corner of the world. Lidov said that the attack involved demands of payment of $300 worth to free up the system. Fortune reported Thursday that the price of bitcoin was at an all-time high.

Mikko Hypponen, chief research officer at the Helsinki-based cybersecurity company F-Secure, said ransomware attacks like WannaCry are "not going to be the norm". FILE - This Friday Aug. 14, 2009 file photo shows a sign outside one of London's National Health Service hospitals. But the NHS said Saturday it does not have any evidence that patient data was breached. Doctors told him two weeks ago they needed to schedule a prostate biopsy to determine if he has cancer.

Spanish authorities confirmed the ransomware is spreading through the vulnerability, called "EternalBlue", and advised people to patch. "If I know I have cancer, I could deal with it".

The attacks use a malware called Wanna Decryptor, also known as WannaCry. According to reports from multiple outlets, some of those cybersecurity professionals work for the U.S. Cyber Response Group that has been huddled with Homeland Security Adviser Tom Bossert all weekend.

Consumers who have up-to-date software are protected from this ransomware. It'll update automatically but you can induce the same or download the patch from here.

Security experts are advising victims to wait before paying the ransom. It said the company was working with its customers to provide additional assistance.

No one has yet identified the culprit.

But those attacks - blamed on Russian Federation, which has repeatedly denied them - followed an entirely different modus operandi involving penetrating the accounts of individuals and political organizations and then releasing hacked material online.