Hospitals, major companies and government offices have been hit by an enormous rush of cyberattacks over the globe that seize control of PCs until the casualties pay a payoff.
Cybersecurity firm Avast said it has tracked more than 75,000 attacks in 99 countries. It said the majority of the attacks targeted Russia, Ukraine and Taiwan.
It said the majority of the attacks targeted Russia, Ukraine and Taiwan. But hospitals in the U.K., and global firms like Fedex (FDX) also reported they had come under assault.
The ransomware locks down all the files on an infected computer and asks the computer’s administrator to pay in order to regain control of them.
The ransomware, called “WannaCry,” is spread by exploiting a Windows powerlessness that Microsoft (MSFT, Tech30) released a security fix for in March. However, PCs and systems that haven’t refreshed their frameworks are at risk. The exploit was released a month ago as a major aspect of a trove of NSA spy tools.
“Affected machines have six hours to pay up and every few hours the ransom goes up,” said Kurt Baumgartner, the principal security researcher at security firm Kaspersky Lab. “Most folks that have paid up appear to have paid the initial $300 in the first few hours.”
Sixteen National Health Service (NHS) associations in the UK have been hit, and some of those clinics have wiped out outpatient appointments and told people to avoid emergency departments if possible. Spanish telecom organization Telefónica (TEF) was additionally hit with the ransomware.
Spanish authorities confirmed the ransomware is spreading through the vulnerability, called “EternalBlue,” and advised people to fix.
“It is going to spread far and wide within the internal systems of organizations — this is turning into the biggest cybersecurity incident I’ve ever seen,” UK-based security architect Kevin Beaumont said.
Fedex said it was “experiencing interference with some of our Windows-based systems caused by malware” and was trying to fix the problems as quickly as possible.
Russia’s Interior Ministry released a statement acknowledging a ransomware attack on its computers, adding that less than 1% of computers were affected, and that the virus is now “localized.” The statement said antivirus systems are working to destroy it.
Megafon, a Russian telecommunications company, was also hit by the attack. Spokesman Petr Lidov told CNN that it affected call centers but not the company’s networks. He said the situation is now under control.
The U.S. Department of Homeland Security, in a statement late Friday, encouraged people to update their operating systems. “We are actively sharing information related to this event and stand ready to lend technical support and assistance as needed to our partners, both in the United States and internationally,” the department said.
Kaspersky Lab says although the WannaCry ransomware can infect computers even without the vulnerability, EternalBlue is “the most significant factor” in the global outbreak.
Beaumont examined a sample of the ransomware used to target NHS and confirmed it was the same used to target Telefónica. He said companies can apply the patch released in March to all systems to prevent WannaCry infections. Although it won’t do any good for machines that have already been hit.
He said it’s likely the ransomware will spread to U.S. firms too. The ransomware is automatically scanning for computers it can infect whenever it loads itself onto a new machine. It can infect other computers on the same wireless network.
“It has a ‘hunter’ module, which seeks out PCs on internal networks,” Beaumont said. “So, for example, if your laptop is infected and you went to a coffee shop, it would spread to PCs at the coffee shop. From there, to other companies.”
According to Matthew Hickey, founder of the security firm Hacker House, Friday’s attack is not surprising, and it shows many organizations do not apply updates in a timely fashion. When CNNTech first reported the Microsoft vulnerabilities leaked in April, Hickey said they were the “most damaging” he’d seen in several years, and warned that businesses would be most at risk.
Consumers who have up-to-date software are protected from this ransomware. Here’s how to turn automatic updates on.
It’s not the first time hackers have used the leaked NSA tools to infect computers. Soon after the leak, hackers infected thousands of defenseless machines with a backdoor called DOUBLEPULSAR.
Reference : www.money.cnn.com