News

Ransomware cyber-attack a wake-up call, not over

By Dee-Dee S.C.E.

Microsoft said the Friday attack should be treated by governments as a ‘wake-up call,’ pointing to storing data on software vulnerabilities that could be accessed by hackers.

In a statement, Microsoft president and chief legal officer Brad Smith criticized the way governments store up information about security flaws in computer systems, as he likewise said that many organizations had failed to keep their systems up to date, allowing the virus to spread.

Smith added that unless customers update their systems, there was no way for them to protect themselves against threats.

Microsoft said it had released a Windows security update in March but many users were yet to run it.

Microsoft had criticized US intelligence for the “Eternal Blue” tool developed by the National Security Agency that allowed ransomware to infect computers.

The tools had been dumped onto the public internet by a hacking group known as the Shadow Brokers.

Even as the cyber-attack was in progress Friday, its spread was brought to a sudden halt as a cybersecurity researcher found and inadvertently activated a ‘kill switch’ in the malware.

The researcher said he saw the news influx about organizations being hit by the ransomware and had a ‘bit of a look’ into the incident.

Remaining unidentified, the researcher said he saw that it was connecting to an unregistered specific domain.

He then bought the domain for $10.69, immediately registering thousands of connections every second.

“The intent was to just monitor the spread and see if we could do anything about it later on,” he said, adding that they actually stopped the spread just by registering the domain.

However, the researcher warned, “This is not over. The attackers will realize how we stopped it, they’ll change the code and then they’ll start again. Enable windows update, update and then reboot.”

The worldwide ransomware cyber-attack that happened Friday has continued to affect thousands of computers, infecting about 200,000 machines in nearly 150 countries until Monday, locking national health system files and demanding a $300 in bitcoin payment to restore access.

Britain’s National Health Service was thought to be one of the first victims of the attack, which started in the UK and Spain before spreading around the world.

Known as WannaCry ransomware or Wanna Decryptor, it affected in the first few hours of the attack the US with delivery company FedEx affected; the UK with 61 NHS organizations disrupted; France where some Renault factories had to stop production; Russia where its interior ministry reported 1,000 of its computers affected; and Spain where telephone and gas companies reported being struck.

Various methods such as phishing emails and on systems without up-to-date security patches were used in spreading the ransomware.

The cyber-attack left the UK NHS literally unable to do any x-rays, while likewise leaving patients in limbo with scheduled operations canceled at the last minute. In a statement, FedEx, disclosing limited details, said that like many other companies, they were “experiencing interference with some of our Windows-based systems caused by malware,” and that they were “implementing remediation steps as quickly as possible.”

On Monday, payment had reached $38,000, according to an analysis done of three accounts linked to the ransom. Earlier, experts at a company said they have identified at least three bitcoin addresses as being associated with the malware. Payments may increase as the ransomware said that the cost would double after three days. The ransomware threatens to delete files within seven days if no payment is made.

Europol, which assists EU member states in fighting serious international crime and terrorism, said the attack was unprecedented, as it warned a “complex international investigation” was required to “identify the culprits.” It said its cyber-crime team, EC3, was “working closely with affected countries to mitigate the threat and assist victims.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s