Please disable your Ad Blocker to better interact with this website.

“Worst-Ever Recorded” Ransomware Attack Strikes Over 57,000 Users Worldwide, Using NSA-Leaked Tools!

0

It looks like the so called “Shadow Brokers” may be behind the recent cyber attack that has affected over 50,000 victims including major businesses in over 74 countries worldwide in the last 24 hours. The number of victims is still growing. This could turn out to be the largest ever cyber attack to date, but you don’t say we weren’t warned.

Microsoft has issued a statement saying the new malicious software is known as Ransom:Win32.WannaCrypt. This is what happens when we can’t keep our virtual weapons locked up.

H/T Zero Hedge:

According to Avast, the ransomware has also targeted Russia, Ukraine and Taiwan. The virus is apparently the upgraded version of the ransomware that first appeared in February. Believed to be affecting only Windows operated computers, it changes the affected file extension names to “.WNCRY.” It then drops ransom notes to a user in a text file, demanding $300 worth of bitcoins to be paid to unlock the infected files within a certain period of time.

While the victim’s wallpaper is being changed, affected users also see a countdown timer to remind them of the limited time they have to pay the ransom. If they fail to pay, their data will be deleted, cybercriminals warn. According to the New York Times, citing security experts, the ransomware exploits a “vulnerability that was discovered and developed by the National Security Agency (NSA).” The hacking tool was leaked by a group calling itself the Shadow Brokers, the report said, adding, that it has been distributing the stolen NSA hacking tools online since last year.

Predictably, Edward Snowden – who has been warning about just such an eventuality – chimed in on Twitter, saying Whoa: @NSAGov decision to build attack tools targeting US software now threatens the lives of hospital patients.”

In a shocking revelation, The FT reports that hackers responsible for the wave of cyber attacks that struck organisations across the globe used tools stolen from the US National Security Agency.

In a first update, it was reported that a hacking tool known as “eternal blue”, developed by US spies has been weaponized by the hackers to super-charge an existing form of ransomware known as WannaCry, three senior cyber security analysts said. Their reading of events was confirmed by western security officials who are still scrambling to contain the spread of the attack. The NSA’s eternal blue exploit allows the malware to spread through file-sharing protocols set up across organizations, many of which span the globe.

 It was reported that hospitals across the UK had been hit by what appeared to be a major, nationwide cyber-attack. This resulted in the loss of phonelines and computers, with many hospitals that went “dark” and some diverted all but emergency patients elsewhere. At some hospitals patients were told not to go to A&E with all non-urgent operations cancelled, the BBC reported.
UK Prime Minister Theresa May confirmed on Friday the massive cyber hit on NHS was part of wider international attack and that there was no evidence patient data had been compromised.
Reports of infections were confirmed in the UK, US, China, Russia, Spain, Italy, Vietnam, Taiwan and others.

Telecoms giant Telefonica said in a statement that it was aware of a “cybersecurity incident” but that clients and services had not been affected.

Power firm Iberdrola and utility provider Gas Natural were also reported to have suffered from the outbreak.

There were reports that staff at the firms were told to turn off their computers.

In Italy, one user shared images appearing to show a university computer lab with machines locked by the same program.

The UK National Health Service said: “We’re aware that a number of trusts that have reported potential issues to the CareCERT team. We believe it to be ransomware.” It added that trusts and hospitals in London, Blackburn, Nottingham, Cumbria and Hertfordshire had been affected and were reporting IT failures, in some cases meaning there was no way of operating phones or computers.

 “This is a major cyber attack, impacting organizations across Europe at a scale I’ve never seen before,” said security architect Kevin Beaumont.
In one later update it was reported:
Security firm Kaspersky Lab has recorded more than 45,000 attacks in 74 countries in the past 10 hours. Seventy-four countries around the globe have been affected, with the number of victims still growing, according to Kaspersky Lab. According to Avast, over 57,000 attacks have been detected worldwide, the company said, adding that it “quickly escalated into a massive spreading.”

Microsoft  has issued a statement, confirming the status the vulnerability:

 Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt.

 

In March, we provided a security update which provides additional protections against this potential attack.

Those who are running our free antivirus software and have Windows updates enabled, are protected. We are working with customers to provide additional assistance.

According to experts tracking and analyzing the worm and its spread, this could be one of the worst-ever recorded attacks of its kind. The security researcher who tweets and blogs as MalwareTech told The Intercept “I’ve never seen anything like this with ransomware,” and “the last worm of this degree I can remember is Conficker.” Conficker was a notorious Windows worm first spotted in 2008; it went on to infect over nine million computers in nearly 200 countries. As The Intercept details,

Today’s WannaCry attack appears to use an NSA exploit codenamed ETERNALBLUE, a software weapon that would have allowed the spy agency’s hackers to break into any of millions of Windows computers by exploiting a flaw in how certain version of Windows implemented a network protocol commonly used to share files and to print. Even though Microsoft fixed the ETERNALBLUE vulnerability in a March software update, the safety provided there relied on computer users keeping their systems current with the most recent updates. Clearly, as has always been the case, many people (including in governments) are not installing updates. Before, there would have been some solace in knowing that only enemies of the NSA would have to fear having ETERNALBLUE used against them–but from the moment the agency lost control of its own exploit last summer, there’s been no such assurance.

Today shows exactly what’s at stake when government hackers can’t keep their virtual weapons locked up.

As security researcher Matthew Hickey, who tracked the leaked NSA tools last month, put it, “I am actually surprised that a weaponized malware of this nature didn’t spread sooner.”

Just recently, President Trump signed an executive order to bolster the federal government’s cyber security and protect the country’s cyber infrastructure.  The order prioritized the protection of federal networks, established guidelines for building a better integrated system and directed agencies to help centralize risks.

Up until now, most of us probably thought cyber attacks were going to happen, but it would be in our future. The future is now. This is only the beginning of these cyber attacks, so brace yourself.

As Tom Bossert, President Trump’s Homeland Security Adviser said, “Sitting by and doing nothing is no longer an option.

 

Join the conversation!

We have no tolerance for comments containing violence, racism, vulgarity, profanity, all caps, or discourteous behavior. Thank you for partnering with us to maintain a courteous and useful public environment where we can engage in reasonable discourse.

About Author

Nancy Hayes

Nancy Hayes is a Digital Media Specialist and Conservative, Grassroots Activist. Over the past 4 years - she has worked on 21 campaigns nationwide. She has been involved in several key elections, including Ted Cruz for President and Herman Cain for President . She has served in such positions as Social Media Specialist, Phone Bank Director, State Director of Volunteers, and Grassroots Activist. Stay involved! Stay inspired! Stay educated! #TeamJoe #PJNET #CruzCrew #GOHTeam

Send this to a friend