Global 'WannaCry' ransomware cyberattack seeks cash for data

Barsaba Taglieri
Mag 15, 2017

In Vietnam, Vu Ngoc Son, a director of Bkav Anti Malware, said dozens of cases of infection had been reported there, but he declined to identify any of the victims. "Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt", Microsoft said in a statement on May 12, adding it was working with customers to provide additional assistance.

Her IT team tried to fix the problem but to no avail until yesterday evening.

U.S. software firm Symantec said the majority of organisations affected were in Europe, and the attack was believed to be indiscriminate.

"Our market is dominated by pirated software".

But Rudd said there was no evidence that patient data had been compromised. In light of Friday's attacks, Microsoft announced that it's making the fixes free to all.

He said the affected computers likely had not applied the Microsoft patch or were running old operating systems for which no patch was available.

Health secretary Shona Robison, right, said staff were working to protect and restore their systems, but indicated some may not be operational by Monday.

Organizations around the world were digging out this weekend from what experts are calling one of the biggest cyberattacks ever.

Critically ill patients were being diverted to unaffected hospitals as computer systems failed in accident and emergency (A&E) units and doctors were locked out of test results, X- rays and patient records.

Europol's European Cybercrime Centre, known as EC3, said the attack "is at an unprecedented level and will require a complex global investigation to identify the culprits".

The Russian Interior Ministry, which runs the country's police, confirmed it was among those that fell victim to the ransomware, which typically flashes a message demanding a payment to release the user's own data.

Researchers believe spying tools developed by the US National Security Agency were used in the attack that hit global shipper FedEx, disrupted Britain's health system and forced a European carmaker to halt some production lines. "The National Security Agency (NSA) is supposed to lead the vulnerability equities process with all the other government agencies gathered round to discuss their interests in the vulnerability, and to weigh the offensive capabilities against defensive concerns for the private sector and US interests", The Guardian quoted Adam Segal, the director of the digital and cyberspace policy program at the Council on Foreign Relations, as saying.

Experts said that even as the spread of the attacks apparently has been stymied, its full ramifications are not yet known because the virus may be lurking still on computers around the world.

Germany's national railway said Saturday departure and arrival display screens at its train stations were affected, but there was no impact on actual train services.

"Its important to understand that cyber attacks can be different from other forms of crime in that their sometimes highly technical and anonymous nature means it can take some time to understand how it worked, who was behind it and what the impact is", he told the BBC.

The kill switch also couldn't help those already infected.

But @MalwareTechBlog warned that the "crisis isn't over" as those behind it "can always change the code and try again".

The spread of the ransomware capped a week of cyber turmoil in Europe that began when hackers posted a trove of campaign documents tied to French candidate Emmanuel Macron just before a runoff vote in which he was elected president of France.

Sixteen National Health Service organizations in the United Kingdom were hit, and some of those hospitals canceled outpatient appointments and told people to avoid emergency departments if possible. The software demands payments of $300 to $600 to regain access.

"We are experiencing a major IT disruption and there are delays at all of our hospitals", said the Barts Health group, which manages major London hospitals.

A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the NSA, Kaspersky said.

In order to prevent the infection, CERT-In has advised users and organisations to apply the relevant patches to Windows systems as mentioned in the Microsoft Security Bulletin MS17-010.

Altre relazioni OverNewsmagazine

Discuti questo articolo