From Politico via Edward Snowden via Vinay Gupta:
Leaked alleged NSA hacking tools appear to be behind a massive cyberattack disrupting hospitals and companies across Europe, Asia and the U.S., with Russia among the hardest-hit countries.
The unique malware causing the attacks - which has spread to tens of thousands of companies in 99 countries, according to the cyber firm Avast - have forced some hospitals to stop admitting new patients with serious medical conditions and driven other companies to shut down their networks, leaving valuable files unavailable.
The source of the world-wide digital assault seems to be a version of an apparent NSA-created hacking tool that was dumped online in April by a group calling itself the Shadow Brokers. The tool, a type of ransomware, locks up a company's networks and holds files and data hostage until a fee is paid. Researchers said the malware is exploiting a Microsoft software flaw.
One or more anti-virus companies may have been hacked prior to WannaCrypt infecting 75000 Microsoft Windows computers in 99 countries. First, anti-virus software like Avast fails to make HTTP connections. Second, five million of ransomware emails are rapidly sent. Although many centralized email servers were able to stem the onslaught, many instances of anti-virus software had outdated virus definitions and were defenseless against the attack. Indeed, successful attacks were above 1%. Of these, more than 1% have already paid the ransom. Although various governments have rules (or laws) against paying ransom, it is possible that ransoms have been paid to regain access to some systems.
Also, file scrambling ransomware has similarities to REAMDE by Neal Stephenson. Although the book is extremely badly written, its scenarios (offline and online) seem to come true with forceful regularity.
Further sources: BBC (and here), Russia Today, DailyFail, Telegraph, Guardian.
Telefónica reportedly affected. NHS failed to patch computers which affected US hospitals in 2016. 16 divisions of the UK's NHS taken offline with aid of NSA Fuzzbunch exploit. The fun of a public blockchain is that ransom payments of £415,000 have been confirmed. Cancellation of heart surgery confirmed. Doctors unable to check allergies or prescribe medication. Patient access to emergency treatment denied in part due to hospital telephone exchange being offline.
It also appears that one of the affected parties refused to answer a Freedom of Information request in Nov 2016 about cyber-security due to impact on crime detection. Similar parties provided responses to the same request.
The Guardian and the BBC report respectively about a large-scale ransomware attack on its Microsoft Windows computer systems in England and Scotland. This particular piece of malware is called "WanaCryp0r 2.0" or WannaCry and encrypts the PC's hard disk and demands bitcoin to decrypt it.
About 40 hospitals, GP surgeries and other NHS organisations are affected. Patients have had operations cancelled, ambulances have been diverted and wards have been closed.
From one of the Guardian reports:
According to one junior doctor who works in a London hospital, the attack left hospitals struggling to care for people. "However much they pretend patient safety is unaffected, it's not true. At my hospital we are literally unable to do any x-rays, which are an essential component of emergency medicine."
The NHS has stressed that patients' electronic medical records have not been compromised.
From InfoSecurity, FastCompany and elsewhere:
A major ransomware attack has been reported, with targets including banks and NHS Trusts all being hit.
According to Russia Today, a number of NHS employees have been reported as being hit by the ransomware, while one user posted on Twitter a screenshot of the ransomware which asks for "$300 worth of Bitcoin".
Australian Brodcast Corporation reports:
'Biggest ransomware outbreak in history' hits nearly 100 countries with data held for ransom
A global cyberattack has hit international shipper FedEx, disrupted Britain's health system and infected computers in nearly 100 countries.
The ransomware attack hit Britain's health service, forcing affected hospitals to close wards and emergency rooms with related attacks also reported in Spain, Portugal and Russia. [...] [the attack] is believed to have exploited a vulnerability purportedly identified for use by the US National Security Agency (NSA) and later leaked to the internet. [...] Private security firms identified the ransomware as a new variant of "WannaCry"[pt] that had the ability to automatically spread across large networks by exploiting a known bug in Microsoft's Windows operating system.
[...] Leading international shipper FedEx Corp said it was one of the companies whose system was infected with the malware that security firms said was delivered via spam emails.[...] Only a small number of US-headquartered organisations were infected because the hackers appear to have begun the campaign by targeting organisations in Europe, a research manager with security software maker Symantec said. By the time they turned their attention to US organisations, spam filters had identified the new threat and flagged the ransomware-laden emails as malicious, Vikram Thakur said.
Also at WLTX: Massive, Fast-moving Cyberattack Hits 74 Countries
The Los Angeles Times reports that a security bug in Microsoft Windows, made public when the Shadow Brokers released exploits claimed to have been taken from the NSA, is being used in ransomware. According to the story, a patch for the bug was released by Microsoft in March.
The Spanish government said several companies, including Telefonica, were targeted [...] a message that was purportedly sent to workers at Telefonica carried a subject line referencing a wire transfer and asked them to check a website for more details. That link — when launched on a Windows computer suffering from the vulnerability discovered by the NSA — unleashed the program that rendered files inaccessible.
As recently as last week, about 1.7 million computers connected to the Internet were susceptible to such an attack [...]
Among the organisations compromised by the ransomware were the UK's National Health Service and Russia's Interior Ministry.
Related: Windows Servers at Risk [UPDATED]
"Shadow Brokers" Release the Rest of Their NSA Hacking Tools
Former NSA Contractor May Have Stolen 75% of TAO's Elite Hacking Tools
The Shadow Brokers Identify Hundreds of Targets Allegedly Hacked by the NSA
NSA Contractor Accused of "Stealing" Terabytes of Information, Charged Under Espionage Act
Probe of Leaked U.S. NSA Hacking Tools Examines Operative's `Mistake'
Cisco Begins Patching an NSA Exploit Released by the Shadow Brokers
NSA `Shadow Brokers' Hack Shows SpyWar With Kremlin is Turning Hot
"The Shadow Brokers" Claim to Have Hacked NSA
Extra: 'Accidental hero' finds kill switch to stop spread of ransomware cyber-attack
Threat seen fading for now
Original Submission #1 Original Submission #2 Original Submission #3 Original Submission #4 Original Submission #5 Original Submission #6 Original Submission #7
(Score: 4, Insightful) by takyon on Saturday May 13 2017, @02:02PM (15 children)
If people start running Linux and BSD on hospital/FedEx/etc. computers, then that's what the next generation of ransomware will target.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by kaszz on Saturday May 13 2017, @02:12PM (3 children)
Sure, but it's also more straightforward to protect those systems.
Perhaps you are on to something, use as a obscure system you can live with.
(Score: 2) by looorg on Saturday May 13 2017, @02:20PM (2 children)
Perhaps you are on to something, use as a obscure system you can live with.
It's a bit hard to try and use security by obscurity when you are running a nation wide healthcare system like the NHS. After all people have to use and interact with the system daily.
(Score: 0) by Anonymous Coward on Saturday May 13 2017, @04:16PM
Training. It's a thing. Really.
(Score: 2) by kaszz on Saturday May 13 2017, @04:27PM
I was thinking more about small business and the alike.
(Score: 5, Insightful) by Runaway1956 on Saturday May 13 2017, @02:19PM (8 children)
Correct. But, there's a difference between targeting Microsoft and Linux. With Microsoft, you wait, and wait, and wait, hoping that Microsoft might offer a patch for the hole in their system. With open source software, there will probably be a patch pretty soon. If the patch is not forthcoming, you can get on the mailing lists, to see WTF is taking so long. And, if it appears that the patch isn't coming, or not coming quickly enough, you can take mitigating actions. Worst case scenario, you can make the patch yourself. Or, worst-worst-case scenario, everyone says, "Fuck it, this shit's to hard, let's just make a new application that does something similar, but works differently."
“I have become friends with many school shooters” - Tampon Tim Walz
(Score: 0) by Anonymous Coward on Saturday May 13 2017, @11:19PM
How many times have we seen Google's boffins go ahead and make public a hole in Redmond's ecosystem after waiting 90 days for MICROS~1 to patch that?
...and any time that an exploit has a logo, that's MSFT fanboys' work.
Those guys like to make a big deal of every flaw in Linux.
Just imagine how busy they'd be if they did the same thing for every MICROS~1-specific flaw.
...better still, how about putting that manpower into fixing their own bugs?
With open source software, there will probably be a patch pretty soon
-- OriginalOwner_ [soylentnews.org]
(Score: 2) by Lester on Sunday May 14 2017, @09:52AM (6 children)
As Anonymous has posted, Heartbleed probes that the thousands eyes is a myth.
There are four reasons why OSS syztems are safer than microsoft.
(Score: 2) by mcgrew on Sunday May 14 2017, @03:16PM (4 children)
You seem to forget that there are probably more Linux machines than Windows machines; most phones and tablets use Android, which uses the Linux kernel.
If your phone is laying on your desk, you have Linux (or BSD if iPhone) on the desktop.
A man legally forbidden from possessing a firearm is in charge of America's nuclear arsenal. Have a nice day.
(Score: 2) by Lester on Sunday May 14 2017, @09:02PM (3 children)
A) Aren't smartphones hacked? Yes, and a lot.
B) Android is not Linux, it has a linux kernel. But an operating system is much more than its kernel.
(Score: 2) by mcgrew on Thursday May 18 2017, @05:38PM (2 children)
A. They're hackable, any computer is, but they're far harder to crack than Windows. My guess is Android is easier than Android, since you don't have to jailbreak it to install software; you could get a dodgy APK file from the internet.
B. Correct, Linux is not an OS, it's a kernel. Ubuntu, Red Hat, Android ar OSes. Android on the desktop is no different than Red Hat on the desktop; Linus is the kernel for both.
A man legally forbidden from possessing a firearm is in charge of America's nuclear arsenal. Have a nice day.
(Score: 2) by kaszz on Thursday May 18 2017, @05:49PM (1 child)
My guess is Android is easier than Android,
Hmm? ;)
(Score: 2) by mcgrew on Friday May 19 2017, @03:04PM
What young folks call a "brain fart" and my mom calls a "senior moment". It should read "Android is easier than iPhone" since you have to jailbreak an iPhone to sideload apps.
A man legally forbidden from possessing a firearm is in charge of America's nuclear arsenal. Have a nice day.
(Score: 0) by Anonymous Coward on Sunday May 14 2017, @04:11PM
just because it doesn't apply equally to every piece of software under the sun doesn't mean it's a myth. you're either an idiot or a liar or both.
(Score: 2, Informative) by butthurt on Saturday May 13 2017, @03:24PM
> [...] that's what the next generation of ransomware will target.
As a criminological concept, target hardening has some serious deficiences. For one, it only works against opportunistic or amateurish criminals. A determined, clever criminal would probably not be deterred, and some cleverer ones might even be attracted to hardened targets. [...] Some targets are relatively unhardened, or not hardened in depth. Other, unhardened targets (ones you might never think of) become targets. Displacement effects are, of course, quite common in crime prevention, but they occur in numerous ways with target hardening. Potential offenders simply go elsewhere.
-- https://web.archive.org/web/20070712144216/http://www.apsu.edu/oconnort/3440/3440lect06a.htm [archive.org]
(Score: 2) by stormreaver on Sunday May 14 2017, @02:31AM
If people start running Linux and BSD on hospital/FedEx/etc. computers, then that's what the next generation of ransomware will target.
Except that getting it to spread will be much, much, Much, MUCH harder because Linux systems have much, much, Much, MUCH better internals and externals.