Hackers exploit stolen US spy agency tool to launch global cyberattack

Adjust Comment Print

The ransomware used in Friday's cyberattacks encrypts files and demands that victims pay US$300 in bitcoin for them to be decrypted, the latest in a vexing style of security breaches that, at the very least, forces organisations to revert to backup systems to keep critical systems running. It's important to avoid clicking on links or opening attachments in those messages, since they could unleash malware, Villasenor said.

The assault is part of an attack that has affected organisations in more than 70 countries, including the US, China, Russia and Spain, and disrupted power and telephone companies. "We are implementing remediation steps as quickly as possible", it said in a statement.

Several employees of MegaFon, one of the largest cellphone operators in Russian Federation, said its systems had been attacked Friday by malware like that used against the British health service, the news website Meduza.io reported.

As similar widespread ransomware attacks were reported in Spain, Romania and elsewhere, experts warned that online extortion attempts by hackers are a growing menace.

Nissan said it is "working to resolve the issue", though it is unclear whether the ransomware attack, a type of software which hijacks files until the company pays a ransom, has affected production at the Japanese vehicle giant.

Portugal Telecom, the delivery company FedEx and a Swedish local authority were also affected.

The Spanish government said several companies had been targeted in ransomware cyberattack that affected the Windows operating system of employees' computers.

At the time, some cyber-security experts said some of the malware was real, but old.

The US Department of Homeland Security said on Friday that the patch, released by Microsoft on March 16, "addresses this specific vulnerability, and installing this patch will help secure your systems from the threat". The Shadow Brokers had previously begun to release the entire library of NSA's powerful hacking tools in August.

In December it was reported almost all NHS trusts were using an obsolete version of Windows that Microsoft had stopped providing security updates for in April 2014.

It said, "Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt". The company was providing assistance to customers, it added.

Dozens of GP surgeries, practices and hospitals were hit by the "ransomware" attack demanding money to recover files yesterday.

NHS hospitals have been forced to divert emergency ambulances and cancel operations after their computer systems were hit by a massive cyber attack.

The malware that has affected Telefonica in Spain and the NHS in Britain is the same software: a piece of ransomware first spotted in the wild by security researchers MalwareHunterTeam, at 9:45am on 12 May. The ransomware typically demands payment to undo changes that the Trojan virus has made to the victim's computer, which range from encrypting data stored on the victim's disk to blocking normal access. The interior ministry said on its website that around 1,000 computers had been infected but it had localized the virus.

Britain's National Crime Agency said it was investigating the attack.

Edward Snowden, the fugitive former NSA contractor criticized the agency for not revealing the vulnerability to certain organizations, such as hospitals, and said COngress should push the NSA on other potential flaws.