Global 'WannaCry' Ransomware Cyberattack Seeks Cash for Data - NBC 10 Philadelphia

Global 'WannaCry' Ransomware Cyberattack Seeks Cash for Data

Who perpetrated this wave of attacks remains unknown. Two security firms — Kaspersky Lab and Avast — said they identified the malicious software in more than 70 countries

    processing...

    NEWSLETTERS

    A cyberattack hit hospitals across the United Kingdom, forcing emergency rooms to temporarily shut down on Friday, May 12, 2017. British Prime Minister Theresa May said there was no evidence patient security had been compromised. (Published Friday, May 12, 2017)

    A global "ransomware" cyberattack, unprecedented in scale, had technicians scrambling to restore Britain's crippled hospital network Saturday and secure the computers that run factories, banks, government agencies and transport systems in many other nations.

    The worldwide effort to extort cash from computer users spread so widely that Microsoft quickly changed its policy, making security fixes available for free for the older Windows systems still used by millions of individuals and smaller businesses.

    A malware tracking map showed "WannaCry" infections popping up around the world. Britain canceled or delayed treatments for thousands of patients, even people with cancer. Train systems were hit in Germany and Russia, and phone companies in Madrid and Moscow. Renault's futuristic assembly line in Slovenia, where rows of robots weld car bodies together, was stopped cold.

    In Brazil, the social security system had to disconnect its computers and cancel public access. The state-owned oil company Petrobras and Brazil's Foreign Ministry also disconnected computers as a precautionary measure, and court systems went down, too.

    Olympians Share Their Most Embarrassing School Memories

    [NATL] Olympians Share Their Most Embarrassing School Memories

    From bad school pictures to awkward first day wardrobes, Team USA members can now look back on some of their most embarrassing school moments and laugh.

    (Published Friday, Aug. 18, 2017)

    Britain's home secretary said one in five of 248 National Health Service groups had been hit. Home Secretary Amber Rudd said all but six of the NHS trusts back to normal Saturday.

    The U.K.'s National Cyber Security Center was "working round the clock" to restore vital health services, while urging people to update security software fixes, run anti-virus software and back up their data elsewhere.

    Who perpetrated this wave of attacks remains unknown. Two security firms — Kaspersky Lab and Avast — said they identified the malicious software in more than 70 countries. Both said Russia was hit hardest.

    These hackers "have caused enormous amounts of disruption— probably the biggest ransomware cyberattack in history," said Graham Cluley, a veteran of the anti-virus industry in Oxford, England.

    And all this may be just a taste of what's coming, another cyber security expert warned.

    Computer users worldwide — and everyone else who depends on them — should assume that the next big "ransomware" attack has already been launched, and just hasn't manifested itself yet, Ori Eisen, who founded the Trusona cybersecurity firm in Scottsdale, Arizona, told The Associated Press.

    2 Dead, 6 Injured in Knife Attack in Turku, Finland

    [NATL] 2 Dead, 6 Injured in Knife Attack in Turku, Finland

    Finland police said a man stabbed several people in Turku, Finland. Two people are confirmed dead and six others are injured. Police officers shot one suspect in the leg and took him into custody. Warnings were posted throughout the city for people to stay away from the downtown area.

    (Published Friday, Aug. 18, 2017)

    The attack held hospitals and other entities hostage by freezing computers, encrypting data and demanding money through online bitcoin payments. But it appears to be "low-level" stuff, Eisen said Saturday, given the amount of ransom demanded — $300 at first, rising to $600 before it destroys files hours later.

    He said the same thing could be done to crucial infrastructure, like nuclear power plants, dams or railway systems.

    "This is child's play, what happened. This is not the serious stuff yet. What if the same thing happened to 10 nuclear power plants, and they would shut down all the electricity to the grid? What if the same exact thing happened to a water dam or to a bridge?" he asked.

    "Today, it happened to 10,000 computers," Eisen said. "There's no barrier to do it tomorrow to 100 million computers."

    This is already believed to be the biggest online extortion attack ever recorded, disrupting services in nations as diverse as the U.S., Ukraine, Brazil, Spain and India. Europol, the European Union's police agency, said the onslaught was at "an unprecedented level and will require a complex international investigation to identify the culprits."

    In Russia, government agencies insisted that all attacks had been resolved. Russian Interior Ministry, which runs the national police, said the problem had been "localized" with no information compromised. Russia's health ministry said its attacks were "effectively repelled."

    Steve Bannon Out as White House Chief Strategist

    [NATL] Steve Bannon Out as White House Chief Strategist

    Steve Bannon has departed the White House, where he was President Donald Trump’s chief strategist. His tenure lasted seven months. White House chief of staff John Kelly and Bannon mutually agreed that Friday would be Bannon’s last day, according to a statement from the press secretary that said they were “grateful for his service.”

    (Published Friday, Aug. 18, 2017)

    The ransomware exploits a vulnerability in Microsoft Windows that was purportedly identified by the U.S. National Security Agency for its own intelligence-gathering purposes. Hackers said they stole the tools from the NSA and dumped them on the internet.

    It could have been much worse if not for a young cybersecurity researcher who helped to halt its spread by accidentally activating a so-called "kill switch" in the malicious software.

    The 22-year-old Britain-based researcher, identified online only as MalwareTech, explained Saturday that he spotted a hidden web address in the "WannaCrypt" code and made it official by registering its domain name. That inexpensive move redirected the attacks to MalwareTech's server, which operates as a "sinkhole" to keep malware from escaping.

    "Because WannaCrypt used a single hardcoded domain, my registration of it caused all infections globally to believe they were inside a sandbox ... thus we initially unintentionally prevented the spread," the researcher said, humbly and anonymously, in his blog post.

    His move may have saved governments and companies millions of dollars and slowed the outbreak before U.S.-based computers were more widely infected.

    Indeed, while FedEx Corp. reported that its Windows computers were "experiencing interference" from malware — it wouldn't say if it had been hit by the ransomware — other impacts in the U.S. were not readily apparent on Saturday.

    Attack Kills 13, Police Kill 5 Suspects in Spain: Officials

    [NATL] 13 Killed in Car Attack in Barcelona; 5 Suspects Killed in Cambrils: Officials

    A white van jumped the sidewalk in Barcelona’s Las Ramblas district on Aug. 17, 2017. Police say 13 people have been killed and more than 100 injured in this terrorist attack. The area is one of the city’s top tourist destinations. Later, police shot and killed five terror suspects in Cambrils, Spain, in a separate incident.

    (Published Friday, Aug. 18, 2017)

    That said, the threat hasn't disappeared, the MalwareTech researcher said.

    "One thing that is very important to note is our sinkholing only stops this sample and there is nothing stopping them removing the domain check and trying again, so it's incredibly important that any unpatched systems are patched as quickly as possible," he warned.

    The kill switch also couldn't help those already infected. Short of paying, options for these individuals and companies are usually limited to recovering data files from a backup, if available, or living without them.

    Security experts said it appeared to be caused by a self-replicating piece of software that enters companies when employees click on email attachments, then spreads quickly as employees share documents.

    The security holes it exploits were disclosed weeks ago by TheShadowBrokers, a mysterious hacking group. Microsoft swiftly released software "patches" to fix those holes, but many users still haven't installed updates or still use older versions of Windows.

    Microsoft had made fixes for older systems, such as 2001's Windows XP, available only to mostly larger organizations, including Britain's National Health Service, that paid extra for extended technical support. In light of Friday's attacks, Microsoft announced that it's making the fixes free to all.

    Manhunt For Suspects in Spain Terrorism Attacks

    [NATL] Manhunt For Suspects in Spain Terrorism Attacks

    Terrorism attacks in Spain left 14 people dead from two car rammings in Barcelona and Cambrils. A house explosion in Alcanar was also believed to be linked to the car attacks.

    (Published Friday, Aug. 18, 2017)

    Cluley said "There's clearly some culpability on the part of the U.S. intelligence services. Because they could have done something ages ago to get this problem fixed, and they didn't do it."

    "It's very, very difficult these days, with encryption, to spy on people," Cluley added. "But I don't think that those concerns should hide the fact that ALL of us need to be protected ... We're living an online life, and we all deserve security there."