“One NSA tool, an exploit of Microsoft Windows called EternalBlue, is being used as one method for rapidly spreading a ransomware variant called WannaCry across the world.”
Forbes — Friday May 12 2017
A massive cyberattack that infected computers with ransomware is crippling major institutions and companies in scores of countries. Follow us on Twitter: @INTEL_TODAY
[Quick comment: I have written that the alleged DNC hacking by Russia does not amount to an “Act of war”. However, if a State is proven guilty of this cyber attack and if there are casualties, then I would argue that it may very well be considered as an “Act of war”. More about this later…]
On Friday, a major cyberattack hit nearly 100 nations at hospitals, telecommunications firms and other companies. The virus infects computer files and then demands bitcoins to unblock them.
The attack appeared to exploit a vulnerability purportedly identified for use by the U.S. National Security Agency and later leaked to the internet.
The attack hit Britain’s health service, forcing affected hospitals to close wards and emergency rooms.
RELATED POST: Acts of War in Cyberspace
RELATED POST: Inside the Intrigue of ‘Russia’s Cyberattacks’
RELATED POST: CYBER AWARENESS CHALLENGE: Take the US DoD TEST!
In a matter of hours, 75,000 cases of the ransomware – known as WannaCry and variants of that name – were reported around the world.
There have been reports of infections in 99 countries, including the UK, US, China, Russia, Ukraine, Spain, Italy and Taiwan. It is reported that the attack has hit Russia hardest.
How to Accidentally Stop a Global Cyber Attacks
Here is the amazing story of the man who singlehandedly stopped the virus.
I woke up at around 10 AM. (The person was actually on vacation!) There were a few of your usual posts about various organisations being hit with ransomware, but nothing significant…yet.
I ended up going out to lunch with a friend, meanwhile the WannaCrypt ransomware campaign had entered full swing.
When I returned home at about 2:30, the threat sharing platform was flooded with posts about various NHS systems all across the country being hit
I was quickly able to get a sample of the malware. Upon running the sample in my analysis environment I instantly noticed it queried an unregistered domain, which i promptly registered.
ProofPoint researcher Darien Huss [realized] that our registration of the domain had actually stopped the ransomware and prevent the spread.
So why did our sinkhole cause an international ransomware epidemic to stop?
The reason which was suggested is that the domain is a “kill switch” in case something goes wrong, but I now believe it to be a badly thought out anti-analysis.
I believe they were trying to query an intentionally unregistered domain which would appear registered in certain sandbox environments, then once they see the domain responding, they know they’re in a sandbox the malware exits to prevent further analysis.
(Read the full story here)
Europol also warned a “complex international investigation” was required “to identify the culprits”.
Europol said its cyber-crime team, EC3, was working closely with similar teams in the affected countries to “mitigate the threat and assist victims”.
In the UK, the head of the cyber security agency said experts were “working around the clock” to restore the systems of some 45 NHS organisations in England and Scotland that were hit by the attack.
Massive ‘Ransomeware’ Cyber Attack Worldwide
Cyberattack cripples institutions, companies around the world