Stories
Slash Boxes
Comments

SoylentNews is people

posted by takyon on Saturday May 13 2017, @01:26PM   Printer-friendly
from the shadow-brokers-strike-back dept.

NSA-created cyber tool spawns global ransomware attacks

From Politico via Edward Snowden via Vinay Gupta:

Leaked alleged NSA hacking tools appear to be behind a massive cyberattack disrupting hospitals and companies across Europe, Asia and the U.S., with Russia among the hardest-hit countries.

The unique malware causing the attacks - which has spread to tens of thousands of companies in 99 countries, according to the cyber firm Avast - have forced some hospitals to stop admitting new patients with serious medical conditions and driven other companies to shut down their networks, leaving valuable files unavailable.

The source of the world-wide digital assault seems to be a version of an apparent NSA-created hacking tool that was dumped online in April by a group calling itself the Shadow Brokers. The tool, a type of ransomware, locks up a company's networks and holds files and data hostage until a fee is paid. Researchers said the malware is exploiting a Microsoft software flaw.

Thoughts on a similar scenario were published by the Harvard Business Review two days before this incident.

One or more anti-virus companies may have been hacked prior to WannaCrypt infecting 75000 Microsoft Windows computers in 99 countries. First, anti-virus software like Avast fails to make HTTP connections. Second, five million of ransomware emails are rapidly sent. Although many centralized email servers were able to stem the onslaught, many instances of anti-virus software had outdated virus definitions and were defenseless against the attack. Indeed, successful attacks were above 1%. Of these, more than 1% have already paid the ransom. Although various governments have rules (or laws) against paying ransom, it is possible that ransoms have been paid to regain access to some systems.

Also, file scrambling ransomware has similarities to REAMDE by Neal Stephenson. Although the book is extremely badly written, its scenarios (offline and online) seem to come true with forceful regularity.

Further sources: BBC (and here), Russia Today, DailyFail, Telegraph, Guardian.

Telefónica reportedly affected. NHS failed to patch computers which affected US hospitals in 2016. 16 divisions of the UK's NHS taken offline with aid of NSA Fuzzbunch exploit. The fun of a public blockchain is that ransom payments of £415,000 have been confirmed. Cancellation of heart surgery confirmed. Doctors unable to check allergies or prescribe medication. Patient access to emergency treatment denied in part due to hospital telephone exchange being offline.

It also appears that one of the affected parties refused to answer a Freedom of Information request in Nov 2016 about cyber-security due to impact on crime detection. Similar parties provided responses to the same request.

UK National Health Service Paralysed by Windows Ransomware Attack

The Guardian and the BBC report respectively about a large-scale ransomware attack on its Microsoft Windows computer systems in England and Scotland. This particular piece of malware is called "WanaCryp0r 2.0" or WannaCry and encrypts the PC's hard disk and demands bitcoin to decrypt it.

About 40 hospitals, GP surgeries and other NHS organisations are affected. Patients have had operations cancelled, ambulances have been diverted and wards have been closed.

From one of the Guardian reports:

According to one junior doctor who works in a London hospital, the attack left hospitals struggling to care for people. "However much they pretend patient safety is unaffected, it's not true. At my hospital we are literally unable to do any x-rays, which are an essential component of emergency medicine."

The NHS has stressed that patients' electronic medical records have not been compromised.

From InfoSecurity, FastCompany and elsewhere:

A major ransomware attack has been reported, with targets including banks and NHS Trusts all being hit.

According to Russia Today, a number of NHS employees have been reported as being hit by the ransomware, while one user posted on Twitter a screenshot of the ransomware which asks for "$300 worth of Bitcoin".

Australian Brodcast Corporation reports:

'Biggest ransomware outbreak in history' hits nearly 100 countries with data held for ransom

A global cyberattack has hit international shipper FedEx, disrupted Britain's health system and infected computers in nearly 100 countries.

The ransomware attack hit Britain's health service, forcing affected hospitals to close wards and emergency rooms with related attacks also reported in Spain, Portugal and Russia. [...] [the attack] is believed to have exploited a vulnerability purportedly identified for use by the US National Security Agency (NSA) and later leaked to the internet. [...] Private security firms identified the ransomware as a new variant of "WannaCry"[pt] that had the ability to automatically spread across large networks by exploiting a known bug in Microsoft's Windows operating system.
[...] Leading international shipper FedEx Corp said it was one of the companies whose system was infected with the malware that security firms said was delivered via spam emails.

[...] Only a small number of US-headquartered organisations were infected because the hackers appear to have begun the campaign by targeting organisations in Europe, a research manager with security software maker Symantec said. By the time they turned their attention to US organisations, spam filters had identified the new threat and flagged the ransomware-laden emails as malicious, Vikram Thakur said.

Also at WLTX: Massive, Fast-moving Cyberattack Hits 74 Countries

Shadow Brokers Flaw Used in Ransomware

The Los Angeles Times reports that a security bug in Microsoft Windows, made public when the Shadow Brokers released exploits claimed to have been taken from the NSA, is being used in ransomware. According to the story, a patch for the bug was released by Microsoft in March.

The Spanish government said several companies, including Telefonica, were targeted [...] a message that was purportedly sent to workers at Telefonica carried a subject line referencing a wire transfer and asked them to check a website for more details. That link — when launched on a Windows computer suffering from the vulnerability discovered by the NSA — unleashed the program that rendered files inaccessible.

As recently as last week, about 1.7 million computers connected to the Internet were susceptible to such an attack [...]

Among the organisations compromised by the ransomware were the UK's National Health Service and Russia's Interior Ministry.

Related: Windows Servers at Risk [UPDATED]
"Shadow Brokers" Release the Rest of Their NSA Hacking Tools
Former NSA Contractor May Have Stolen 75% of TAO's Elite Hacking Tools
The Shadow Brokers Identify Hundreds of Targets Allegedly Hacked by the NSA
NSA Contractor Accused of "Stealing" Terabytes of Information, Charged Under Espionage Act
Probe of Leaked U.S. NSA Hacking Tools Examines Operative's `Mistake'
Cisco Begins Patching an NSA Exploit Released by the Shadow Brokers
NSA `Shadow Brokers' Hack Shows SpyWar With Kremlin is Turning Hot
"The Shadow Brokers" Claim to Have Hacked NSA

Extra: 'Accidental hero' finds kill switch to stop spread of ransomware cyber-attack
Threat seen fading for now


Original Submission #1Original Submission #2Original Submission #3Original Submission #4Original Submission #5Original Submission #6Original Submission #7

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by turgid on Saturday May 13 2017, @01:34PM (19 children)

    by turgid (4318) Subscriber Badge on Saturday May 13 2017, @01:34PM (#509136) Journal

    It's expensive. You get what you pay for.

    /me ducks.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by Geezer on Saturday May 13 2017, @01:56PM (17 children)

    by Geezer (511) on Saturday May 13 2017, @01:56PM (#509143)

    Issue here has nothing to do with closed/open architecture, and everything to do with bad original design (Microsoft), bad internal security (NSA), idiot users (who open phishing emails), rent-seeking MBA's/PHB's who don't budget for adequate security, and lazy/incompetent sysadmins who forego/delay security patches.

    Obviously the whole world needs to run FreeBSD with pfSense and without systemd, right?

    OSS: The guaranteed panacea for every computing need!

    /sarcasm

    • (Score: 0) by Anonymous Coward on Saturday May 13 2017, @03:48PM (4 children)

      by Anonymous Coward on Saturday May 13 2017, @03:48PM (#509185)

      As an admin in a large 3 letter computer company in a previous life, updates had to be agreed on with all stakeholders via a change control process. The end result was that updates were applied twice a year, on a Sunday morning at 4am.

      I expect the NHS to be just as conservative, if not more so. All an admin can do is complain and then clean up the mess when the shit hits the fan.

      • (Score: 0) by Anonymous Coward on Saturday May 13 2017, @04:14PM (1 child)

        by Anonymous Coward on Saturday May 13 2017, @04:14PM (#509192)

        I too was in such a situation, and always giggled with sadistic glee when we got hit with childishly preventable problems. As the business twisted in the wind while we "cleaned up the mess", it was positively fascinating watching the blizzard of company-wide memos from horror-stricken C-levels trying to do damage control on something they brought on themselves.

        Any CIO/CTO who agrees to an update regimen as you describe is a boob, and deserves the outcome. Minions, meanwhile, can hopefully soak up the overtime pay and enjoy the new shop jokes to tell over a beer.

        There's a bright side to everything. :-)

      • (Score: 2) by sjames on Sunday May 14 2017, @05:56PM

        by sjames (2882) on Sunday May 14 2017, @05:56PM (#509561) Journal

        Just remember, most stake holders think progress is a vampire.

      • (Score: 2) by kaszz on Monday May 15 2017, @02:46AM

        by kaszz (4211) on Monday May 15 2017, @02:46AM (#509714) Journal

        Why not a Saturday morning such that you would have two days of margin instead of one?

    • (Score: 5, Insightful) by sjames on Saturday May 13 2017, @05:12PM (11 children)

      by sjames (2882) on Saturday May 13 2017, @05:12PM (#509205) Journal

      Let's narrow it down a bit. Don't blame the sysadmins this time, they can't apply patches that don't exist. Those rent seeking MBAs didn't renew the extended support contract nor did they provide a budget to migrate away from XP.

      And let's not forget that MS perfected the email virus. Way back in the olden days, in spite of persistent hoaxes, jokes, and paranoid ramblings, you couldn't get a virus from email or any other text document. We all had a good laugh about the honor system virus and, of course the good times virus. It took the dumbest (and possibly most expensive) series of design decisions in the history of computing on the part of MS to bring all of this to life. It's not as if they weren't warned and strenuously urged to reverse their decision to make email and documents executable. They were also warned that blurring the line between opening something and running something was a very bad idea. Then just to make sure to enable the coming avalanche of email horrors, they hid the distinction between an executable and a file that executable might open.

      Yes, the NSA gets it's share of the blame for developing a cyberweapon and then leaking it to the world. Imagine if Los Alamos had accidentally published everything you needed to build an atomic bomb shortly after Hiroshima.

      The users aren't blameless provided they have received training about the dangers of clicking on emails, but they were set up by MS's series of blunders.

      • (Score: 3, Insightful) by kaszz on Saturday May 13 2017, @05:17PM (10 children)

        by kaszz (4211) on Saturday May 13 2017, @05:17PM (#509206) Journal

        Email using html is a scourge and to top it of Microsoft leaves open SMB ports, which is buggy of course.

        ASCII is the right way (minus some esc codes that still may get into the open-execute-paradigm)

        • (Score: 1) by anubi on Sunday May 14 2017, @09:07AM (9 children)

          by anubi (2828) on Sunday May 14 2017, @09:07AM (#509399) Journal

          Now that you mention it, the only files I feel perfectly safe opening in my computer are .txt files in notepad.

          Just like I used to open .BAT files perfectly safely with my EDT editor. No matter what they were.... perfectly safe.

          These "business-grade" systems I use these days have me on edge every time I have to open a file. Especially email attachments.

          --
          "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
          • (Score: 2) by kaszz on Sunday May 14 2017, @11:20AM (8 children)

            by kaszz (4211) on Sunday May 14 2017, @11:20AM (#509427) Journal

            If they have such weaknesses, they are certainly not "business-grade". It's only something marketdroids will use.
            Why do you use a Microsoft environment to get work done?

            • (Score: 2) by mcgrew on Sunday May 14 2017, @03:11PM (7 children)

              by mcgrew (701) <publish@mcgrewbooks.com> on Sunday May 14 2017, @03:11PM (#509477) Homepage Journal

              Well DUH, you use the equipment the company you work for buys.

              --
              Free Martian whores! [mcgrewbooks.com]
              • (Score: 2) by kaszz on Sunday May 14 2017, @03:28PM (6 children)

                by kaszz (4211) on Sunday May 14 2017, @03:28PM (#509485) Journal

                Well that is true. But maybe you could ask for a machine where you can install Unix to work?
                Of course that depends on the micromanagement degree of the workplace gods..

                • (Score: 2) by mcgrew on Thursday May 18 2017, @05:32PM (5 children)

                  by mcgrew (701) <publish@mcgrewbooks.com> on Thursday May 18 2017, @05:32PM (#511751) Homepage Journal

                  I'm retired now, but using your own device or software at work was strictly forbidden. I need MS Office now because magazines demand stories be in .doc format. I write in Lo and Oo but need MS Word to make sure it will open the files. Business (most businesses, anyway, there are exceptions, like Ball) and governments have mostly standardized on the decidedly non-standard Microsoft.

                  I find it amusing when people ask when the "year of Linux on the desktop" will be, because if you lay your phone on a desk, you already have either Linux or BSD on the desktop depending on whether it's an iPhone or Android.

                  I've been using Linux at home since Mandrake. I hate what they've done to KDE. I'm really glad Lo will now usually write .doc files all right. It didn't used to, Oo still won't AFAIK.

                  --
                  Free Martian whores! [mcgrewbooks.com]
  • (Score: 3, Insightful) by mcgrew on Sunday May 14 2017, @03:08PM

    by mcgrew (701) <publish@mcgrewbooks.com> on Sunday May 14 2017, @03:08PM (#509475) Homepage Journal

    You get what you pay for.

    I suspect your tongue is firmly in your cheek, but want to point out to others that the statement is a salesman's lie. For instance, Alieve is identical to generic naproxin sodium, but costs three times as much.

    You do usually pay for what you get, and often pay more than what you get.

    --
    Free Martian whores! [mcgrewbooks.com]