From Politico via Edward Snowden via Vinay Gupta:
Leaked alleged NSA hacking tools appear to be behind a massive cyberattack disrupting hospitals and companies across Europe, Asia and the U.S., with Russia among the hardest-hit countries.
The unique malware causing the attacks - which has spread to tens of thousands of companies in 99 countries, according to the cyber firm Avast - have forced some hospitals to stop admitting new patients with serious medical conditions and driven other companies to shut down their networks, leaving valuable files unavailable.
The source of the world-wide digital assault seems to be a version of an apparent NSA-created hacking tool that was dumped online in April by a group calling itself the Shadow Brokers. The tool, a type of ransomware, locks up a company's networks and holds files and data hostage until a fee is paid. Researchers said the malware is exploiting a Microsoft software flaw.
One or more anti-virus companies may have been hacked prior to WannaCrypt infecting 75000 Microsoft Windows computers in 99 countries. First, anti-virus software like Avast fails to make HTTP connections. Second, five million of ransomware emails are rapidly sent. Although many centralized email servers were able to stem the onslaught, many instances of anti-virus software had outdated virus definitions and were defenseless against the attack. Indeed, successful attacks were above 1%. Of these, more than 1% have already paid the ransom. Although various governments have rules (or laws) against paying ransom, it is possible that ransoms have been paid to regain access to some systems.
Also, file scrambling ransomware has similarities to REAMDE by Neal Stephenson. Although the book is extremely badly written, its scenarios (offline and online) seem to come true with forceful regularity.
Further sources: BBC (and here), Russia Today, DailyFail, Telegraph, Guardian.
Telefónica reportedly affected. NHS failed to patch computers which affected US hospitals in 2016. 16 divisions of the UK's NHS taken offline with aid of NSA Fuzzbunch exploit. The fun of a public blockchain is that ransom payments of £415,000 have been confirmed. Cancellation of heart surgery confirmed. Doctors unable to check allergies or prescribe medication. Patient access to emergency treatment denied in part due to hospital telephone exchange being offline.
It also appears that one of the affected parties refused to answer a Freedom of Information request in Nov 2016 about cyber-security due to impact on crime detection. Similar parties provided responses to the same request.
The Guardian and the BBC report respectively about a large-scale ransomware attack on its Microsoft Windows computer systems in England and Scotland. This particular piece of malware is called "WanaCryp0r 2.0" or WannaCry and encrypts the PC's hard disk and demands bitcoin to decrypt it.
About 40 hospitals, GP surgeries and other NHS organisations are affected. Patients have had operations cancelled, ambulances have been diverted and wards have been closed.
From one of the Guardian reports:
According to one junior doctor who works in a London hospital, the attack left hospitals struggling to care for people. "However much they pretend patient safety is unaffected, it's not true. At my hospital we are literally unable to do any x-rays, which are an essential component of emergency medicine."
The NHS has stressed that patients' electronic medical records have not been compromised.
From InfoSecurity, FastCompany and elsewhere:
A major ransomware attack has been reported, with targets including banks and NHS Trusts all being hit.
According to Russia Today, a number of NHS employees have been reported as being hit by the ransomware, while one user posted on Twitter a screenshot of the ransomware which asks for "$300 worth of Bitcoin".
Australian Brodcast Corporation reports:
'Biggest ransomware outbreak in history' hits nearly 100 countries with data held for ransom
A global cyberattack has hit international shipper FedEx, disrupted Britain's health system and infected computers in nearly 100 countries.
The ransomware attack hit Britain's health service, forcing affected hospitals to close wards and emergency rooms with related attacks also reported in Spain, Portugal and Russia. [...] [the attack] is believed to have exploited a vulnerability purportedly identified for use by the US National Security Agency (NSA) and later leaked to the internet. [...] Private security firms identified the ransomware as a new variant of "WannaCry"[pt] that had the ability to automatically spread across large networks by exploiting a known bug in Microsoft's Windows operating system.
[...] Leading international shipper FedEx Corp said it was one of the companies whose system was infected with the malware that security firms said was delivered via spam emails.[...] Only a small number of US-headquartered organisations were infected because the hackers appear to have begun the campaign by targeting organisations in Europe, a research manager with security software maker Symantec said. By the time they turned their attention to US organisations, spam filters had identified the new threat and flagged the ransomware-laden emails as malicious, Vikram Thakur said.
Also at WLTX: Massive, Fast-moving Cyberattack Hits 74 Countries
The Los Angeles Times reports that a security bug in Microsoft Windows, made public when the Shadow Brokers released exploits claimed to have been taken from the NSA, is being used in ransomware. According to the story, a patch for the bug was released by Microsoft in March.
The Spanish government said several companies, including Telefonica, were targeted [...] a message that was purportedly sent to workers at Telefonica carried a subject line referencing a wire transfer and asked them to check a website for more details. That link — when launched on a Windows computer suffering from the vulnerability discovered by the NSA — unleashed the program that rendered files inaccessible.
As recently as last week, about 1.7 million computers connected to the Internet were susceptible to such an attack [...]
Among the organisations compromised by the ransomware were the UK's National Health Service and Russia's Interior Ministry.
Related: Windows Servers at Risk [UPDATED]
"Shadow Brokers" Release the Rest of Their NSA Hacking Tools
Former NSA Contractor May Have Stolen 75% of TAO's Elite Hacking Tools
The Shadow Brokers Identify Hundreds of Targets Allegedly Hacked by the NSA
NSA Contractor Accused of "Stealing" Terabytes of Information, Charged Under Espionage Act
Probe of Leaked U.S. NSA Hacking Tools Examines Operative's `Mistake'
Cisco Begins Patching an NSA Exploit Released by the Shadow Brokers
NSA `Shadow Brokers' Hack Shows SpyWar With Kremlin is Turning Hot
"The Shadow Brokers" Claim to Have Hacked NSA
Extra: 'Accidental hero' finds kill switch to stop spread of ransomware cyber-attack
Threat seen fading for now
Original Submission #1 Original Submission #2 Original Submission #3 Original Submission #4 Original Submission #5 Original Submission #6 Original Submission #7
(Score: 5, Insightful) by The Mighty Buzzard on Saturday May 13 2017, @01:34PM (13 children)
I hope the shit admins and beancounters who command them end up having to explain paying millions for not giving a flying fuck about securing some of our most sensitive personal information. It's never going to change until their pockets get hit.
My rights don't end where your fear begins.
(Score: 2) by takyon on Saturday May 13 2017, @01:39PM (1 child)
Judging by turgid's bit, it will become apparent soon if anybody died as a result of this. That's what we need: cyber deaths in hospitals. Long predicted, now delivered to you courtesy of the NSA's competing and counterproductive missions.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Saturday May 13 2017, @04:31PM
It'll only be a reason for jacking up healthcare costs even more.
(Score: 1, Insightful) by Anonymous Coward on Saturday May 13 2017, @02:00PM
They'll just use it as a new excuse to curtail internet freedoms.
(Score: 3, Informative) by c0lo on Saturday May 13 2017, @02:05PM (2 children)
Jeremy Cunt 'ignored warning signs' before cyber-attack hit NHS [theguardian.com]
---
"Nobody was fired for buying Microsoft". I think there will be some heads to roll for not buying Microsoft [mirror.co.uk] (don't go there if you can avoid it).
---
It's not only an IT related disease [theguardian.com]
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by kaszz on Sunday May 14 2017, @05:56AM (1 child)
The Government Digital Service, set up by David Cameron , decided not to extend a £5.5million one-year support deal with Microsoft for Windows XP.
Amber Rudd, minister of interior says it's a prioritized questions to find out who's responsible and put them to justice. Britain were hit hard when IT-systems in hospitals went inoperable.
Hypocrites?
That 5.5 million GBP could have saved a lot of trouble. Not to mention a program to transform all Microsoft Windows usage everywhere in hospitals into solid Unix platforms. Perhaps even ReactOS or Wine is a alternative.
I can really see when the military get the same kind of infection. They will just sue the enemy! ;-)
It's a way to operate that just won't work.
(Score: 0) by Anonymous Coward on Sunday May 14 2017, @09:16AM
I mean... the person who blocked the support deal with Microsoft?
Oh, sorry, silly me.
(Score: 5, Insightful) by bradley13 on Saturday May 13 2017, @02:55PM (6 children)
Well, yes, the admins who were running insecure networks carry some fault. So does the government, that failed to disclose a weakness so that it could be repaired. This ought to be a lesson (but won't be) for all those clueless politicians who think that backdoors in encryption algorithms are a good idea. Backdoors never stay hidden, period.
But you know what strikes me? This is where international agencies like the NSA should be earning their keep. If they, and their counterparts in other affected countries, cannot trace the people behind this, then WTF are we paying their salaries for?
The people behind these ransomware attacks are certainly all part of an extended community. If their members were to start...disappearing...one after another, the community might just decide that the risk isn't worth the payday.
Everyone is somebody else's weirdo.
(Score: 3, Insightful) by AthanasiusKircher on Saturday May 13 2017, @06:03PM (3 children)
This is where international agencies like the NSA should be earning their keep. If they, and their counterparts in other affected countries, cannot trace the people behind this, then WTF are we paying their salaries for?
Uh, to spy on citizens, thereby increasing and consolidating governmental power, with the ultimate aim of producing a "benign" police state.
I thought that was their obvious purpose. The only thing more nefarious-sounding than "National Security Agency" is the term "Homeland Security."
(Score: 3, Insightful) by kaszz on Sunday May 14 2017, @05:59AM (2 children)
You always has to ask yourself who's security against whom. There's no such thing as a universal security that makes all bad things go away.
(Score: 3, Informative) by mcgrew on Sunday May 14 2017, @03:04PM (1 child)
I'm offtopic here, but "Who's" is a contraction for "who is". The word you want is whose.
I see this far too often on the internet.
We not only don't have all the answers, we don't even have all of the questions.
(Score: 2) by kaszz on Sunday May 14 2017, @03:09PM
Thanks. Good to learn something.
(Score: 2) by Runaway1956 on Sunday May 14 2017, @12:42AM (1 child)
"If their members were to start...disappearing..."
I kinda like that idea - but if they start on one community, who is to say they won't start on another community? They came for the Jews, and I didn't speak up . . . .
But, you're right. The NSA has all those resources available, which are wasted on silly crap. Make a phone call, so that Grandma can talk to her distant cousin in Fuckistan, and the NSA starts tracking all your phone calls? FFS, what a waste.
“I have become friends with many school shooters” - Tampon Tim Walz
(Score: 0) by Anonymous Coward on Sunday May 14 2017, @03:53PM
oh, it's not wasted on silly crap. it's spent on exactly what they mean to spend it on. a supranational surveillance state. has nothing to do with national defense.