Slash Boxes

SoylentNews is people

posted by takyon on Saturday May 13 2017, @01:26PM   Printer-friendly
from the shadow-brokers-strike-back dept.

NSA-created cyber tool spawns global ransomware attacks

From Politico via Edward Snowden via Vinay Gupta:

Leaked alleged NSA hacking tools appear to be behind a massive cyberattack disrupting hospitals and companies across Europe, Asia and the U.S., with Russia among the hardest-hit countries.

The unique malware causing the attacks - which has spread to tens of thousands of companies in 99 countries, according to the cyber firm Avast - have forced some hospitals to stop admitting new patients with serious medical conditions and driven other companies to shut down their networks, leaving valuable files unavailable.

The source of the world-wide digital assault seems to be a version of an apparent NSA-created hacking tool that was dumped online in April by a group calling itself the Shadow Brokers. The tool, a type of ransomware, locks up a company's networks and holds files and data hostage until a fee is paid. Researchers said the malware is exploiting a Microsoft software flaw.

Thoughts on a similar scenario were published by the Harvard Business Review two days before this incident.

One or more anti-virus companies may have been hacked prior to WannaCrypt infecting 75000 Microsoft Windows computers in 99 countries. First, anti-virus software like Avast fails to make HTTP connections. Second, five million of ransomware emails are rapidly sent. Although many centralized email servers were able to stem the onslaught, many instances of anti-virus software had outdated virus definitions and were defenseless against the attack. Indeed, successful attacks were above 1%. Of these, more than 1% have already paid the ransom. Although various governments have rules (or laws) against paying ransom, it is possible that ransoms have been paid to regain access to some systems.

Also, file scrambling ransomware has similarities to REAMDE by Neal Stephenson. Although the book is extremely badly written, its scenarios (offline and online) seem to come true with forceful regularity.

Further sources: BBC (and here), Russia Today, DailyFail, Telegraph, Guardian.

Telefónica reportedly affected. NHS failed to patch computers which affected US hospitals in 2016. 16 divisions of the UK's NHS taken offline with aid of NSA Fuzzbunch exploit. The fun of a public blockchain is that ransom payments of £415,000 have been confirmed. Cancellation of heart surgery confirmed. Doctors unable to check allergies or prescribe medication. Patient access to emergency treatment denied in part due to hospital telephone exchange being offline.

It also appears that one of the affected parties refused to answer a Freedom of Information request in Nov 2016 about cyber-security due to impact on crime detection. Similar parties provided responses to the same request.

UK National Health Service Paralysed by Windows Ransomware Attack

The Guardian and the BBC report respectively about a large-scale ransomware attack on its Microsoft Windows computer systems in England and Scotland. This particular piece of malware is called "WanaCryp0r 2.0" or WannaCry and encrypts the PC's hard disk and demands bitcoin to decrypt it.

About 40 hospitals, GP surgeries and other NHS organisations are affected. Patients have had operations cancelled, ambulances have been diverted and wards have been closed.

From one of the Guardian reports:

According to one junior doctor who works in a London hospital, the attack left hospitals struggling to care for people. "However much they pretend patient safety is unaffected, it's not true. At my hospital we are literally unable to do any x-rays, which are an essential component of emergency medicine."

The NHS has stressed that patients' electronic medical records have not been compromised.

From InfoSecurity, FastCompany and elsewhere:

A major ransomware attack has been reported, with targets including banks and NHS Trusts all being hit.

According to Russia Today, a number of NHS employees have been reported as being hit by the ransomware, while one user posted on Twitter a screenshot of the ransomware which asks for "$300 worth of Bitcoin".

Australian Brodcast Corporation reports:

'Biggest ransomware outbreak in history' hits nearly 100 countries with data held for ransom

A global cyberattack has hit international shipper FedEx, disrupted Britain's health system and infected computers in nearly 100 countries.

The ransomware attack hit Britain's health service, forcing affected hospitals to close wards and emergency rooms with related attacks also reported in Spain, Portugal and Russia. [...] [the attack] is believed to have exploited a vulnerability purportedly identified for use by the US National Security Agency (NSA) and later leaked to the internet. [...] Private security firms identified the ransomware as a new variant of "WannaCry"[pt] that had the ability to automatically spread across large networks by exploiting a known bug in Microsoft's Windows operating system.
[...] Leading international shipper FedEx Corp said it was one of the companies whose system was infected with the malware that security firms said was delivered via spam emails.

[...] Only a small number of US-headquartered organisations were infected because the hackers appear to have begun the campaign by targeting organisations in Europe, a research manager with security software maker Symantec said. By the time they turned their attention to US organisations, spam filters had identified the new threat and flagged the ransomware-laden emails as malicious, Vikram Thakur said.

Also at WLTX: Massive, Fast-moving Cyberattack Hits 74 Countries

Shadow Brokers Flaw Used in Ransomware

The Los Angeles Times reports that a security bug in Microsoft Windows, made public when the Shadow Brokers released exploits claimed to have been taken from the NSA, is being used in ransomware. According to the story, a patch for the bug was released by Microsoft in March.

The Spanish government said several companies, including Telefonica, were targeted [...] a message that was purportedly sent to workers at Telefonica carried a subject line referencing a wire transfer and asked them to check a website for more details. That link — when launched on a Windows computer suffering from the vulnerability discovered by the NSA — unleashed the program that rendered files inaccessible.

As recently as last week, about 1.7 million computers connected to the Internet were susceptible to such an attack [...]

Among the organisations compromised by the ransomware were the UK's National Health Service and Russia's Interior Ministry.

Related: Windows Servers at Risk [UPDATED]
"Shadow Brokers" Release the Rest of Their NSA Hacking Tools
Former NSA Contractor May Have Stolen 75% of TAO's Elite Hacking Tools
The Shadow Brokers Identify Hundreds of Targets Allegedly Hacked by the NSA
NSA Contractor Accused of "Stealing" Terabytes of Information, Charged Under Espionage Act
Probe of Leaked U.S. NSA Hacking Tools Examines Operative's `Mistake'
Cisco Begins Patching an NSA Exploit Released by the Shadow Brokers
NSA `Shadow Brokers' Hack Shows SpyWar With Kremlin is Turning Hot
"The Shadow Brokers" Claim to Have Hacked NSA

Extra: 'Accidental hero' finds kill switch to stop spread of ransomware cyber-attack
Threat seen fading for now

Original Submission #1Original Submission #2Original Submission #3Original Submission #4Original Submission #5Original Submission #6Original Submission #7

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Informative) by kaszz on Saturday May 13 2017, @01:49PM (16 children)

    by kaszz (4211) on Saturday May 13 2017, @01:49PM (#509141) Journal

    According to Avast 99 countries are affected. Worst affected is Russia, Ukraine and Taiwan. Also British hospitals, Spanish telephone operator Telefónica, and US transportation company Fedex has been disrupted.

    The French car manufacturer Renault has been forced to stop the manufacturing in Slovenia and at facilities in France, after being hit according to AFP. In Russia banks and departments has been affected.

    This is the largest ransomware attack says Rich Barger at the IT-company Splunk, to Reuters

    Unlocking cost circa 300–600 US$.

    The used hole had a patch in 2017-03-14. (but then who trusts Microsoft to fix more than they screw up)

    When will Microsoft addicts take the hint that what they are using is digital poison?

    Starting Score:    1  point
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 4, Insightful) by takyon on Saturday May 13 2017, @02:02PM (15 children)

    by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Saturday May 13 2017, @02:02PM (#509145) Journal

    If people start running Linux and BSD on hospital/FedEx/etc. computers, then that's what the next generation of ransomware will target.

    [SIG] 10/28/2017: Soylent Upgrade v14 []
    • (Score: 2) by kaszz on Saturday May 13 2017, @02:12PM (3 children)

      by kaszz (4211) on Saturday May 13 2017, @02:12PM (#509154) Journal

      Sure, but it's also more straightforward to protect those systems.

      Perhaps you are on to something, use as a obscure system you can live with.

      • (Score: 2) by looorg on Saturday May 13 2017, @02:20PM (2 children)

        by looorg (578) on Saturday May 13 2017, @02:20PM (#509159)

        Perhaps you are on to something, use as a obscure system you can live with.

        It's a bit hard to try and use security by obscurity when you are running a nation wide healthcare system like the NHS. After all people have to use and interact with the system daily.

        • (Score: 0) by Anonymous Coward on Saturday May 13 2017, @04:16PM

          by Anonymous Coward on Saturday May 13 2017, @04:16PM (#509194)

          Training. It's a thing. Really.

        • (Score: 2) by kaszz on Saturday May 13 2017, @04:27PM

          by kaszz (4211) on Saturday May 13 2017, @04:27PM (#509197) Journal

          I was thinking more about small business and the alike.

    • (Score: 5, Insightful) by Runaway1956 on Saturday May 13 2017, @02:19PM (8 children)

      by Runaway1956 (2926) Subscriber Badge on Saturday May 13 2017, @02:19PM (#509158) Homepage Journal

      Correct. But, there's a difference between targeting Microsoft and Linux. With Microsoft, you wait, and wait, and wait, hoping that Microsoft might offer a patch for the hole in their system. With open source software, there will probably be a patch pretty soon. If the patch is not forthcoming, you can get on the mailing lists, to see WTF is taking so long. And, if it appears that the patch isn't coming, or not coming quickly enough, you can take mitigating actions. Worst case scenario, you can make the patch yourself. Or, worst-worst-case scenario, everyone says, "Fuck it, this shit's to hard, let's just make a new application that does something similar, but works differently."

      Your private safe room in the back of your mind? Trump pooped in it.
      • (Score: 0) by Anonymous Coward on Saturday May 13 2017, @11:19PM

        by Anonymous Coward on Saturday May 13 2017, @11:19PM (#509282)

        How many times have we seen Google's boffins go ahead and make public a hole in Redmond's ecosystem after waiting 90 days for MICROS~1 to patch that?

        ...and any time that an exploit has a logo, that's MSFT fanboys' work.
        Those guys like to make a big deal of every flaw in Linux.
        Just imagine how busy they'd be if they did the same thing for every MICROS~1-specific flaw.

        ...better still, how about putting that manpower into fixing their own bugs?

        With open source software, there will probably be a patch pretty soon

        Heartbleed [] (orig) []

        Bodo Moeller and Adam Langley of Google prepared the fix for Heartbleed. The resulting patch was added to Red Hat's issue tracker on March 21, 2014
        Neel Mehta of Google's security team secretly reported Heartbleed [to OpenSSL, its maintainer] on April 1, 2014
        Stephen N. Henson applied the fix to OpenSSL's version control system on 7 April

        -- OriginalOwner_ []

      • (Score: 2) by Lester on Sunday May 14 2017, @09:52AM (6 children)

        by Lester (6231) on Sunday May 14 2017, @09:52AM (#509405) Journal

        As Anonymous has posted, Heartbleed probes that the thousands eyes is a myth.

        There are four reasons why OSS syztems are safer than microsoft.

        1. OSS users are more advanced. There is no secure system when to the message "This program demands to bypass security and change the system" user clicks yes. Microsoft average user is more likely to click yes than Linux or freebsd average user.
        2. A OSS user doesn't usually run as root. Many microsoft workstations are run with adminitrator powers, even nowadays, let alone old XP. Windows comes from domestic world, where user was alone so he had to be almighty, and also was not a technician, so they couldn't bother him with security complexities and tough security policías.
        3. Target windows, target 95% of world. Target linux, freebsd, target 5%. Which system are criminals going to devote more time to investigate how to crack?
        4. I looks like NSA works closely with Microsoft to keep software hackeable
        • (Score: 2) by mcgrew on Sunday May 14 2017, @03:16PM (4 children)

          by mcgrew (701) <> on Sunday May 14 2017, @03:16PM (#509478) Homepage Journal

          You seem to forget that there are probably more Linux machines than Windows machines; most phones and tablets use Android, which uses the Linux kernel.

          If your phone is laying on your desk, you have Linux (or BSD if iPhone) on the desktop.

          Free Martian whores! []
          • (Score: 2) by Lester on Sunday May 14 2017, @09:02PM (3 children)

            by Lester (6231) on Sunday May 14 2017, @09:02PM (#509607) Journal

            A) Aren't smartphones hacked? Yes, and a lot.

            B) Android is not Linux, it has a linux kernel. But an operating system is much more than its kernel.

            • (Score: 2) by mcgrew on Thursday May 18 2017, @05:38PM (2 children)

              by mcgrew (701) <> on Thursday May 18 2017, @05:38PM (#511754) Homepage Journal

              A. They're hackable, any computer is, but they're far harder to crack than Windows. My guess is Android is easier than Android, since you don't have to jailbreak it to install software; you could get a dodgy APK file from the internet.

              B. Correct, Linux is not an OS, it's a kernel. Ubuntu, Red Hat, Android ar OSes. Android on the desktop is no different than Red Hat on the desktop; Linus is the kernel for both.

              Free Martian whores! []
        • (Score: 0) by Anonymous Coward on Sunday May 14 2017, @04:11PM

          by Anonymous Coward on Sunday May 14 2017, @04:11PM (#509502)

          just because it doesn't apply equally to every piece of software under the sun doesn't mean it's a myth. you're either an idiot or a liar or both.

    • (Score: 2, Informative) by butthurt on Saturday May 13 2017, @03:24PM

      by butthurt (6141) on Saturday May 13 2017, @03:24PM (#509174) Journal

      > [...] that's what the next generation of ransomware will target.

      As a criminological concept, target hardening has some serious deficiences. For one, it only works against opportunistic or amateurish criminals. A determined, clever criminal would probably not be deterred, and some cleverer ones might even be attracted to hardened targets. [...] Some targets are relatively unhardened, or not hardened in depth. Other, unhardened targets (ones you might never think of) become targets. Displacement effects are, of course, quite common in crime prevention, but they occur in numerous ways with target hardening. Potential offenders simply go elsewhere.

      -- []

    • (Score: 2) by stormreaver on Sunday May 14 2017, @02:31AM

      by stormreaver (5101) on Sunday May 14 2017, @02:31AM (#509322)

      If people start running Linux and BSD on hospital/FedEx/etc. computers, then that's what the next generation of ransomware will target.

      Except that getting it to spread will be much, much, Much, MUCH harder because Linux systems have much, much, Much, MUCH better internals and externals.