With New Digital Tools, Even Nonexperts Can Wage Cyberattacks
Posted in: Legal & Security at 14/05/2017 22:36
Hackers are discovering that it is far more profitable to hold your data hostage than it is to steal it.
A decade-old internet scourge called ransomware went mainstream on Friday when cybercriminals seized control of computers around the world, from the delivery giant FedEx in the United States to Britain’s public health system, universities in China and even Russia’s powerful Interior Ministry.
On Saturday, investigators could not yet tell who was behind the attack as security experts around the world raced to contain it. Across Asia, several universities and organizations said they had been affected. Renault, the European automaker, said on Saturday that its French operations had been hit, while one of its plants in Slovakia was shut down because of the digital outbreak.
More than 150 countries affected by massive cyberattack, Europol says
Europol confirmed Sunday that computer networks in more than 150 countries and more than 200,000 people had been affected by one of the biggest cybersecurity attacks in recent history. “It is the biggest ransomware attack ever,” Europol spokesman Jan Op Gen Oorth said.
The number of affected networks and individuals is likely to go up, he said, because “many workers left their computer turned on last Friday and will probably find out that they are also affected by the malware on Monday morning.”
Cyberattack’s Impact Could Worsen as Computers Are Turned On Monday
Security experts warned that the global cyberattack that began on Friday might be magnified in the new workweek as users return to their offices and turn on their computers.
Many workers, particularly in Asia, had already logged off on Friday when the malicious software, stolen from the United States government, began proliferating across computer systems around the world. So the true impact of the attack may emerge on Monday as employees return and log in.
Ransomware attack reveals breakdown in US intelligence protocols, expert says
The attack that temporarily crippled the NHS in Britain and dozens of other institutions across Europe and Russia reveals the failure of the US government’s protocols for warning software developers and the private sector about system vulnerabilities, a cyber-security expert told the Guardian.
Under the vulnerability equities process (VEP) established by the US government, US intelligence agencies are supposed to collectively determine whether to disclose a vulnerability it has obtained or discovered – so the software developer has a chance to fix the problem – or withhold the information to use the flaw for offensive or defensive purposes.
How a $10.69 purchase may have sidelined the global malware attack
As the world began Friday to understand the dimensions of Wanna Decryptor 2.0, the ransomware that has crippled computers worldwide, a vacationing British cybersecurity researcher was already several steps ahead.
About 3 p.m. Eastern time, the specialist with U.S. cybersecurity enterprise Kryptos Logic bought an unusually long and nonsensical domain name ending with “gwea.com.” The 22-year-old says he paid $10.69, but his purchase might have saved companies and governmental institutions around the world billions of dollars.
'Accidental hero' finds kill switch to stop spread of ransomware cyber-attack
An “accidental hero” has halted the global spread of the WannaCry ransomware, reportedly by spending a few dollars on registering a domain name hidden in the malware.
Cyber-attack sparks bitter political row over NHS spending
The cyber-attack that disrupted NHS systems and forced operations to be cancelled throughout the UK on Saturday has become a bitterly contested election issue, with Labour and the Liberal Democrats blaming the crisis on the government’s failure to upgrade hospital computers.
A Cobra emergency ministerial meeting held on Saturday afternoon heard that 48 NHS organisations – a fifth of the total – were caught up in the attack, which spread to 99 countries.