Nations grapple with huge cyberattack

A young cybersecurity researcher has been credited with helping to halt the ransomware’s spread by accidentally activating a so-called “kill switch” in the malicious software.

National Security Agency for its own intelligence-gathering purposes. The NSA tools were stolen by hackers and dumped on the internet. The ransomware appeared to exploit a vulnerability in Microsoft Windows that was purportedly identified by the U.S.
Short of paying, options for these individuals and companies are to recover data files from a backup, if available, or to live without them. The kill switch couldn’t help those already infected, however.
A spokesman for the Russian Health Ministry, Nikita Odintsov, tweeted that the cyberattacks on his ministry were “effectively repelled.”

What if the same exact thing happened to a water dam or to a bridge?” he asked. What if the same thing happened to 10 nuclear power plants, and they would shut down all the electricity to the grid? This is not the serious stuff yet. “This is child’s play, what happened.
Before Friday’s attack, Microsoft had made fixes for older systems, such as 2001’s Windows XP, available only to mostly larger organizations that paid extra for extended technical support. Microsoft says now it will make the fixes free for everyone.

This is already believed to be the biggest online extortion attack ever recorded, disrupting services in nations as diverse as the U.S., Russia, Ukraine, Spain and India. Europol, the European Union’s police agency, said the onslaught was at “an unprecedented level and will require a complex international investigation to identify the culprits.”

The worldwide cyberextortion attack is so unprecedented, in fact, that Microsoft quickly changed its policy, announcing security fixes available for free for the older Windows systems still used by millions of individuals and smaller businesses.
Deutsche Bahn said it deployed extra staff to help customers. Germany’s national railway said Saturday departure and arrival display screens at its train stations were affected, but there was no impact on actual train services.
The attack held hospitals and other entities hostage by freezing computers, encrypting data and demanding money through online bitcoin payments. But it appears to be “low-level” stuff, given the amounts of ransom demanded, Eisen said Saturday.

The Guardian newspaper reported Saturday that the 22-year-old Britain-based researcher, identified online only as MalwareTech, found that the software’s spread could be stopped by registering a garbled domain name.

It said his $11 purchase of the name on Friday may have saved governments and companies around the world millions, slowing its spread before U.S.-based computers were hit on a massive scale.
Russian agencies slowly acknowledged that they were affected but insisted that all attacks had been resolved.

Computer users worldwide — and everyone else who depends on them — should assume that the next big “ransomware” attack has already been launched, and just hasn’t manifested itself yet, Ori Eisen, who founded the Trusona cybersecurity firm in Scottsdale, Arizona, told The Associated Press.
Radio Slovenia said Saturday the Revoz factory in the southeastern town of Novo Mesto stopped working Friday evening to stop the malware from spreading. French carmaker Renault’s assembly plant in Slovenia halted production after it was targeted.

The onslaught forced hospitals to cancel or delay treatments for thousands of patients, even some with serious aliments like cancer. After an emergency government meeting Saturday in London, Britain’s home secretary said one in five of 248 National Health Service groups had been hit.
Elsewhere in Europe, the attack hit companies including Spain’s Telefonica, a global broadband and telecommunications company.

A screenshot of the warning screen from a purported ransomware attack, as captured by a computer user in Taiwan, is seen on laptop in Beijing, Saturday, May 13, 2017. (AP Photo/Mark Schiefelbein)

“There’s no barrier to do it tomorrow to 100 million computers.” “Today, it happened to 10,000 computers,” Eisen said.
LONDON — A global cyberattack, unprecedented in scale, had technicians scrambling to restore Britain’s crippled hospital network Saturday and secure the computers that run factories, banks, government agencies and transport systems in many other nations.

Russia’s central bank said Saturday that no incidents were “compromising the data resources” of Russian banks. Russia’s national railway system said it was attacked but rail operations were unaffected. Russian cellular phone operators Megafon and MTS were among those hit.

Change text size for the story

He said the same thing could be done to crucial infrastructure, like nuclear power plants, dams or railway systems.
actually nothing serious or deadly happened yet,” German Klimenko, a presidential adviser, said on Russian state television. “When we say that the health ministry was attacked, you should understand that it wasn’t the main server, it was local computers …

Two security firms — Kaspersky Lab and Avast — said they identified the malicious software in more than 70 countries. Both said Russia was hit hardest. Who perpetrated this wave of attacks remains unknown.

Tweet

Report an error

IF Odd, a 132-year-old Norwegian soccer club, saying its online ticketing facility was down. Other European organizations hit by the massive cyberattack included some soccer clubs.
The security holes it exploits were disclosed weeks ago by TheShadowBrokers, a mysterious group that published what it said are hacking tools used by the NSA. Microsoft swiftly announced that it had already issued software “patches” to fix those holes, but many users haven’t yet installed updates or still use older versions of Windows.

And all this may be just a taste of what’s coming, a cyber security expert warned.

The Russian Interior Ministry, which runs the country’s police, confirmed it fell victim. Ministry spokeswoman Irina Volk was quoted by the Interfax news agency Saturday as saying the problem had been “localized” with no information compromised.
———

Print this story

Security experts said it appeared to be caused by a self-replicating piece of software that enters companies when employees click on email attachments, then spreads quickly as employees share documents.
reported that its Windows computers were “experiencing interference” from malware, but wouldn’t say if it had been hit by ransomware. were not readily apparent on Saturday. Other impacts in the U.S. In the U.S., FedEx Corp.

Home Secretary Amber Rudd said 48 NHS trusts were affected and all but six were now back to normal. The U.K.’s National Cyber Security Center said it is “working round the clock” to restore vital health services.

Heintz reported from Moscow and Breed from Raleigh, N.C.

Krishna Chinthapalli, a doctor at Britain’s National Hospital for Neurology & Neurosurgery who wrote a paper on cybersecurity for the British Medical Journal, said many British hospitals still use Windows XP software, introduced in 2001.
Security officials in Britain urged organizations to protect themselves by updating their security software fixes, running anti-virus software and backing up data elsewhere.