One Year Ago — Cyberattack Cripples Institutions Around The World

Posted on May 12, 2018 by L

“One NSA tool, an exploit of Microsoft Windows called EternalBlue, is being used as one method for rapidly spreading a ransomware variant called WannaCry across the world.”

Forbes — Friday May 12 2017

May 12 2017 — A massive cyberattack that infects computers with ransomware is crippling major institutions and companies in scores of countries. Follow us on Twitter: @INTEL_TODAY

RELATED POST: Former NSA Mike Flynn advised Israeli cyberweapons dealers

RELATED POST: Acts of War in Cyberspace

RELATED POST: Inside the Intrigue of ‘Russia’s Cyberattacks’

RELATED POST: CYBER AWARENESS CHALLENGE: Take the US DoD TEST!

RELATED POST: International Law and Cyber Warfare. From the Tallinn Manual to a Digital Geneva Convention?

UPDATE (May 12 2018) — In December 2017, the United States, United Kingdom and Australia formally asserted that North Korea was behind the attack.

North Korea denied being responsible for the cyberattack.

Marcus Hutchins — who managed to  temporarily stop the WannaCry ransomware attack — was arrested in Las Vegas in August 2017.

US Prosecutors allege that Hutchins assisted in the creation and spread of a piece of banking malware known as Kronos in 2014 and 2015. The charges are not related to WannaCry.

Hutchins denied any wrongdoing and pleaded not guilty to the charges against him on August 2017. He is out on bail pending trial and remains in Los Angeles.

END of UPDATE

On Friday (May 12 2017), a major cyberattack hit nearly 100 nations at hospitals, telecommunications firms and other companies. The virus infects computer files and then demands bitcoins to unblock them.

The attack appeared to exploit a vulnerability purportedly identified for use by the U.S. National Security Agency and later leaked to the internet.

The attack hit Britain’s health service, forcing affected hospitals to close wards and emergency rooms.

In a matter of hours, 75,000 cases of the ransomware – known as WannaCry and variants of that name – were reported around the world.

There have been reports of infections in 99 countries, including the UK, US, China, Russia, Ukraine, Spain, Italy and Taiwan. It is reported that the attack has hit Russia hardest.

How to Accidentally Stop a Global Cyber Attacks

Here is the amazing story of Marcus Hutchins, the man who singlehandedly stopped the virus.

“I woke up at around 10 AM. (The person was actually on vacation!) There were a few of your usual posts about various organisations being hit with ransomware, but nothing significant…yet.

I ended up going out to lunch with a friend, meanwhile the WannaCrypt ransomware campaign had entered full swing.

When I returned home at about 2:30, the threat sharing platform was flooded with posts about various NHS systems all across the country being hit

I was quickly able to get a sample of the malware. Upon running the sample in my analysis environment I instantly noticed it queried an unregistered domain, which I promptly registered.

ProofPoint researcher Darien Huss [realized] that our registration of the domain had actually stopped the ransomware and prevent the spread.

So why did our sinkhole cause an international ransomware epidemic to stop?

The reason which was suggested is that the domain is a “kill switch” in case something goes wrong, but I now believe it to be a badly thought out anti-analysis.

I believe they were trying to query an intentionally unregistered domain which would appear registered in certain sandbox environments, then once they see the domain responding, they know they’re in a sandbox the malware exits to prevent further analysis.” (Read the full story here)

EUROPOL

Europol also warned a “complex international investigation” was required “to identify the culprits”.

Europol said its cyber-crime team, EC3, was working closely with similar teams in the affected countries to “mitigate the threat and assist victims”.

In the UK, the head of the cyber security agency said experts were “working around the clock” to restore the systems of some 45 NHS organisations in England and Scotland that were hit by the attack.

Massive ‘Ransomeware’ Cyber Attack Worldwide

REFERENCES

An NSA Cyber Weapon Might Be Behind A Massive Global Ransomware Outbreak — Forbes

How to Accidentally Stop a Global Cyber Attacks

Cyber-attack: Europol says it was unprecedented in scale — BBC

=

Cyberattack cripples institutions, companies around the world

One Year Ago — Cyberattack Cripples Institutions Around The World

This entry was posted in Cyber Warfare, Cyber-Security, Cybercrime, NSA, WannaCry ransomware and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s