Tech Report: Global cyberattack cripples computers demanding ransom

 

(KRON) — A cyberattack that is forcing computer owners to pay hundreds of dollars in ransom to unlock their files has hit almost every corner of the world.

Secure on Friday says it’s gotten reports from more than 60 countries. Mikko Hypponen, its chief research officer, calls it “the biggest ransomware outbreak in history.”

Security experts from Kaspersky Lab and Avast Software say Russia was the hardest hit, followed by Ukraine and Taiwan.

Researchers believe a criminal organization is behind this, given its sophistication.

Kurt Baumgartner, principal security researcher at Kaspersky, says the malware has translations in dozens of languages, such that instructions for paying the ransom are displayed in the language set for that computer.

He and others say the malware takes advantage of an exploit purportedly identified by the National Security Agency.

Security experts say the cyberattack that holds computer data for ransom grew out of vulnerabilities purportedly identified by the National Security Agency.

Microsoft has released fixes for vulnerabilities and related tools disclosed by TheShadowBrokers, a mysterious group that has repeatedly published alleged NSA software code. But many companies and individuals haven’t installed the fixes yet, or are using older versions of Windows that Microsoft no longer supports and didn’t fix.

Hospitals in the U.K. and telecommunications companies in Spain are among those hit by a “ransomware” attack that locked up computer data and demanded payment to free it. The attacks use a malware called Wanna Decryptor, also known as WannaCry.

Chris Wysopal of the software security firm Veracode says criminal organizations are likely behind this, given how quickly the malware has spread. He says “for so many organizations in the same day to be hit, this is unprecedented.”

FedEx Corp. is confirming that it is suffering a malware attack.

A statement from the delivery company Friday said its Windows-based systems were “experiencing interference” due to malware and that it was trying to fix the issue as quickly as possible.

It gave no further details.

Russia’s Interior Ministry says it has come under cyberattack.

Agency spokeswoman Irina Volk says in a statement carried by Russian news agencies that Friday’s cyberattacks hit about 1,000 computers. She said the ministry’s servers haven’t been affected.

Volk added that ministry experts are now working to recover the system and do necessary security updates.

Russian media also said that the Investigative Committee, the nation’s top criminal investigation agency, also has been targeted. The committee denied the reports.

Megafon, a top Russian mobile operator, also said it has come under cyberattacks that appeared similar to those that crippled U.K. hospitals on Friday.

Romania’s intelligence service says it has intercepted an attempted cyberattack on a government institution which it said likely came from cybercriminal group APT28 also known as Fancy Bear.

Cyberint, subordinated to the Romanian Intelligence Service, said Friday it thwarted a cyberattack to a government institution, without saying when it occurred, following notification from NATO and the Romanian foreign intelligence agency.

The foreign ministry did not confirm whether it was the institution in question.

The statement said “due to the efficient cooperation between the institutions, the attack was prevented as were damages, as the targets were identified as well as the methodology of the attack.”

The statement said there were thousands of cyberattacks daily “and Romania is no exception.”

Spain has activated a special protocol to protect critical infrastructure in response to the “massive infection” of personal and corporate computers targeted in ransomware cyberattacks.

The National Center for the Protection of Critical Infrastructure says Friday it was communicating with more than 100 providers of energy, transportation, telecommunications and financial services about the attack even if basic services had not suffered any disruption.

The Ministry of Energy, Tourism and Digital Agenda says the attack Friday affected the Windows operating system of employees’ computers in several companies. It said the attacks were carried out with a version of WannaCry ransomware that encrypted files and prompted a demand for money transfers to free up the system.

Spain’s Telefonica was among the companies hit.

Britain’s National Health Service says hospitals across the country have been hit by a “ransomware” cyberattack but there is no evidence that patient data has been accessed.

NHS Digital, which oversees hospital cybersecurity, says the attack used the Wanna Decryptor variant of malware, which holds affected computers hostage while the attackers demand a ransom.

NHS Digital says the attack “was not specifically targeted at the NHS and is affecting organizations from across a range of sectors.”

The attack is causing canceled procedures and appointments at hospitals across England. NHS Digital says 16 NHS organizations report being hit.

France’s government cybersecurity agency is urging French Internet users to take measures to protect themselves from a new ransomware detected in several other countries.

An official with the ANSSI cybersecurity agency told The Associated Press that it has not detected any French targets of the new ransomware so far. The official was not authorized to be publicly named.

ANSSI issued a warning message Friday night suggesting upgrades to security systems and measures to protect servers. It says any device using Windows is vulnerable to the ransomware.

ANSSI has been investigating a hacking attack and document leaks targeting French President-elect Emmanuel Macron’s election campaign.

WEB LINKS:

http://redlock.io.

WHAT OTHERS ARE CLICKING ON:

>> MORE TOP STORIES

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s