GLOBAL RANSOMEWARE ATTACK
The majority of the attacks targeted Russia, Ukraine and Taiwan. But the National Health Service in the United Kingdom and global firms such as Fedex also reported they had come under assault Friday. Experts suggested Saturday that the ransomware's progress had been halted, but new attacks could soon follow.
Cybersecurity experts have been working round the clock to try to halt a malware attack that is unprecedented in scale.
The ransomware's progress has been halted by the accidental discovery late Friday of a "kill switch" hidden within the code by a security researcher, said cybersecurity consultant David Kennedy, formerly of the US National Security Agency.
"The software has actually stopped spreading across the world," he told CNN.
"He actually probably saved lives by accident," Kennedy said, referring to the security researcher who discovered the kill switch.
The ransomware was designed to repeatedly contact an unregistered domain listed in its code. The security researcher -- who uses the Twitter handle @MalwareTechBlog -- registered that domain to collect the ransomware traffic for analysis and to track infections.
"Later we found out that the domain was supposed to be unregistered and the malware was counting on this, thus by registering it we inadvertently stopped any subsequent infections," @MalwareTechBlog told CNNTech. The security researcher has posted an online account of finding the kill switch.
However, a hacker could change the code to create a new variant and try the ransomware attack again.
Michael Gazeley, managing director of cybersecurity firm Network Box, told CNN that the danger is far from over and that a company's security patch on Saturday might not still work by Monday.
"A lot of people are going to go to work on Monday and click on a link in their mail -- completely oblivious that all of this is going on or have heard about it and think that it's over -- and suddenly wipe out their whole company," Gazeley said from Hong Kong.
"IT managers need to be extremely aware that new variants of this ransomware attack are being launched almost hourly, so they can't just check that their computer systems are protected, then relax, assuming everything will stay that way," he said.
Cybersecurity firm Avast said it tracked more than 75,000 ransomware attacks in 99 countries Friday. That number is likely to go up, Gazeley said.
European police agency Europol said it was working to support countries, saying the malware attack was at an "unprecedented level and requires international investigation."
What is it?
The Network Box cybersecurity operations center in Hong Kong.
The ransomware, called WannaCrypt or WannaCry, locks down all the files on an infected computer and asks the computer's administrator to pay to regain control of them. The exploit was leaked last month as part of a trove of US National Security Agency spy tools.
The malware is spread by taking advantage of a Windows vulnerability that Microsoft released a security patch for in March. But computers and networks that didn't update their systems remained at risk.
Those affected see a message on their computer screens demanding payment in the digital currency bitcoin to restore access. The initial demand was for $300 in bitcoins, but it now has gone up to $600 worth of the currency, Gazeley said. Fortune reported Thursday that the price of bitcoin was at an all-time high.
It's having a real-life impact
The cyberattack affected 16 organizations that are part of the National Health Service on Friday, causing some surgical procedures to be canceled and ambulances diverted. But the NHS said Saturday it does not have any evidence that patient data was breached.
Here's what you should do
In the wake of the attack, Microsoft said it had taken the "highly unusual step" of releasing a patch for computers running older operating systems, including Windows XP, Windows 8 and Windows Server 2003. Users should download the patch before clicking on any link in email. Consumers who have up-to-date software are protected from this ransomware. Here's how to turn automatic updates on. And
Outlined 5 Things :
1. Backup now and make regular backups as frequently as you
can. Keep offline backups.
2: Run Windows update and ensure your computer stays up to
date.
3: Antivirus must be kept up to date, and run a scan.
4: Install Malwarebytes Antimalware and run scans regularly.
5: Always be vigilant. Don't open email attachments unless
you are 100% sure they are valid. Don't click popups on Websites.
If your computer has been affected, there's no guarantee that paying the ransom will restore it, Gazeley said. In past ransomware attacks, some victims have paid, only to find the key they are given doesn't work, while others have found their files are corrupted and can't be properly restored, he said.
Managers at many companies and other organizations have not taken steps to put proper cybersecurity systems in place despite talking about their importance, Gazeley said. "Most organizations just keep their heads in the sand," he said.
Who's behind the cyberattack?
No one has yet identified the culprit.
"We see all the finger-pointing at the usual suspects, saying it's probably people in Russia or China, but, to quote Sherlock Holmes, it's not really a good idea to guess without the evidence," Gazeley said. Bitcoin is set up to be untraceable, so investigators will struggle to follow a money trail, he said.
Nonetheless, authorities around the world will be seeking to track down those responsible.
"I think these hackers have to recognize that these authorities will come after them with a vengeance," Gazeley said.
It also may never be known how much the hackers have netted from the ransomware attack. Many firms are unlikely to want to reveal they fell victim to it and whether they paid up.
CNN's Selena Larson, Mariano Castillo and Jessica King contributed to this report.
No comments:
Post a Comment