Chris Wysopal of the software security firm Veracode said criminal organizations were probably behind the attack, given how quickly the malware spread. The ransomware is automatically scanning for computers it can infect whenever it loads itself onto a new machine. According to security researchers, the ransomware exploits a vulnerability in Microsoft's Windows operating system that was disclosed in an April leak of NSA spying tools. But authorities in Spain said Spanish companies were among those targeted. The kill switch appears to work like this: If the malicious program can't connect to the domain, it'll proceed with the infection.
It is not yet clear whether the attacks are all connected. "It came to light that a side effect of us registering the domain stopped the spread of the infection", he said in an email.
Alan Woodward, visiting professor of computing at the University of Surrey, said there was evidence the ransomware was spreading using a Microsoft flaw exposed in a recent leak of information from US intelligence agencies.
"We are also working with CERT NZ to provide information on how individuals, small businesses and operators of larger systems can reduce their vulnerability to ransomware attacks". He warned that other versions of the same ransomware strain may be out there that have fixed the kill-switch problem or are configured to contact another web domain.
No patient data was believed to have been accessed by the ransomware attack but it was unclear whether it had impacted any emergency cases. At least some of those emails appeared to be messages from a bank about a money transfer, according to Cisco's Talos group.
He said consumers who have up-to-date software are protected from this ransomware. The outbreak was first reported in the United Kingdom, where hospital computers suddenly got locked by ransomware demanding $300 in bitcoin to give back acccess to files.
"This appears to be the first incidence of the use of an NSA exploit in a broad and far reaching cybercriminal campaign", John Bambenek of Fidelis Cybersecurity said.
Liam Payne fans ecstatic as One Direction star teases new music
Another added: "I'm so proud of you Li!" But Liam has plenty of competition in the charts from his former One Direction bandmates. The insider continued: " Liam was in Los Angeles and was told that Ed was beginning to write a song with Liam in mind".
The hacking tool, dubbed EternalBlue, can make it easy to hijack unpatched older Windows machines.
Malicious software that blocks access to computers is spreading swiftly across the world, snarling critical systems in hospitals, telecommunications and corporate offices, apparently with the help of a software vulnerability originally discovered by the National Security Agency.
As the malware that affected the National Health Service (NHS) England hospitals continues to spread across various parts of the world, Kaspersky Lab, a cybersecurity company based in Moscow, has published a blog post in which it estimates that 45,000 attacks have been carried out in 74 countries, mostly in Russian Federation.
The National Health Service (NHS) said 16 of its organizations reported they were victims.
The ransomware was created to work in numerous languages, including English, Chinese and Spanish, with ransom notes in each. In February 2016, the Hollywood Presbyterian Medical Center in California said it had paid a $17,000 ransom to regain control of its computers from hackers.
Thus, every time the NSA discovers a new vulnerability, it is supposed to go through an "equities process", in which it determines whether it is better to disclose the vulnerability to software companies (so that USA citizens, firms and the government can be protected) or keep it for its own use (so that it can compromise foreign systems).
Comments