It looks like the so called “Shadow Brokers” may be behind the recent cyber attack that has affected over 50,000 victims including major businesses in over 74 countries worldwide in the last 24 hours. The number of victims is still growing. This could turn out to be the largest ever cyber attack to date, but you don’t say we weren’t warned.
Microsoft has issued a statement saying the new malicious software is known as Ransom:Win32.WannaCrypt. This is what happens when we can’t keep our virtual weapons locked up.
H/T Zero Hedge:
According to Avast, the ransomware has also targeted Russia, Ukraine and Taiwan. The virus is apparently the upgraded version of the ransomware that first appeared in February. Believed to be affecting only Windows operated computers, it changes the affected file extension names to “.WNCRY.” It then drops ransom notes to a user in a text file, demanding $300 worth of bitcoins to be paid to unlock the infected files within a certain period of time.
While the victim’s wallpaper is being changed, affected users also see a countdown timer to remind them of the limited time they have to pay the ransom. If they fail to pay, their data will be deleted, cybercriminals warn. According to the New York Times, citing security experts, the ransomware exploits a “vulnerability that was discovered and developed by the National Security Agency (NSA).” The hacking tool was leaked by a group calling itself the Shadow Brokers, the report said, adding, that it has been distributing the stolen NSA hacking tools online since last year.
Predictably, Edward Snowden – who has been warning about just such an eventuality – chimed in on Twitter, saying “Whoa: @NSAGov decision to build attack tools targeting US software now threatens the lives of hospital patients.”
In a shocking revelation, The FT reports that hackers responsible for the wave of cyber attacks that struck organisations across the globe used tools stolen from the US National Security Agency.
In a first update, it was reported that a hacking tool known as “eternal blue”, developed by US spies has been weaponized by the hackers to super-charge an existing form of ransomware known as WannaCry, three senior cyber security analysts said. Their reading of events was confirmed by western security officials who are still scrambling to contain the spread of the attack. The NSA’s eternal blue exploit allows the malware to spread through file-sharing protocols set up across organizations, many of which span the globe.
Telecoms giant Telefonica said in a statement that it was aware of a “cybersecurity incident” but that clients and services had not been affected.
Power firm Iberdrola and utility provider Gas Natural were also reported to have suffered from the outbreak.
There were reports that staff at the firms were told to turn off their computers.
In Italy, one user shared images appearing to show a university computer lab with machines locked by the same program.
The UK National Health Service said: “We’re aware that a number of trusts that have reported potential issues to the CareCERT team. We believe it to be ransomware.” It added that trusts and hospitals in London, Blackburn, Nottingham, Cumbria and Hertfordshire had been affected and were reporting IT failures, in some cases meaning there was no way of operating phones or computers.
Microsoft has issued a statement, confirming the status the vulnerability:
Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt.
In March, we provided a security update which provides additional protections against this potential attack.
Those who are running our free antivirus software and have Windows updates enabled, are protected. We are working with customers to provide additional assistance.
Today’s WannaCry attack appears to use an NSA exploit codenamed ETERNALBLUE, a software weapon that would have allowed the spy agency’s hackers to break into any of millions of Windows computers by exploiting a flaw in how certain version of Windows implemented a network protocol commonly used to share files and to print. Even though Microsoft fixed the ETERNALBLUE vulnerability in a March software update, the safety provided there relied on computer users keeping their systems current with the most recent updates. Clearly, as has always been the case, many people (including in governments) are not installing updates. Before, there would have been some solace in knowing that only enemies of the NSA would have to fear having ETERNALBLUE used against them–but from the moment the agency lost control of its own exploit last summer, there’s been no such assurance.
Today shows exactly what’s at stake when government hackers can’t keep their virtual weapons locked up.
As security researcher Matthew Hickey, who tracked the leaked NSA tools last month, put it, “I am actually surprised that a weaponized malware of this nature didn’t spread sooner.”
Just recently, President Trump signed an executive order to bolster the federal government’s cyber security and protect the country’s cyber infrastructure. The order prioritized the protection of federal networks, established guidelines for building a better integrated system and directed agencies to help centralize risks.
Up until now, most of us probably thought cyber attacks were going to happen, but it would be in our future. The future is now. This is only the beginning of these cyber attacks, so brace yourself.
As Tom Bossert, President Trump’s Homeland Security Adviser said, “Sitting by and doing nothing is no longer an option.“