NHS England hit by 'cyber attack'

It's pretty crazy that so many businesses today use really old copies of Windows XP, and have not even at least patched it! This stuff happens over and over, yet they continue to use the same old crummy systems and do not have reliable backups. I guess their reasoning is that it's easier to just pay the $300 Million ransom?!

 

https://www.symantec.com/connect/blogs/what-you-need-know-about-wannacry-ransomware

 

https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-548#post-2674800

 

Ransomware that infected Telefonica and NHS hospitals is spreading aggressively, with over 50,000 attacks so far, today

 

As already posted in other threads on the board about the same issue, for example here, a kill switch was found to stop the spreading of the ransomware cyber-attack. So let's hope that that will indeed stop the further spreading. But I guess that it doesn't help systems that are already infected by this ransomware and that have their files already encrypted and that have no proper backups.

Some more from the Fox-IT blog:
https://blog.fox-it.com/2017/05/12/...-large-amounts-of-computers-around-the-world/

 

As I posted in the other thread I created on this issue, this is a new variant of the malware. When I checked VT early yesterday morning, none of the AI solutions there had detected it. Most of the major AV vendors did have sigs for it within a few hours after it appeared in the wild.

As far as the constant spread of the malware throughout yesterday, that one is hard to determine. Many corps. don't allow for auto updating of their endpoints but rather delay updating till AV updates are tested. Then they are deployed to all endpoints on the network. Also since this malware exploited existing vulnerabilities, one being a kernel level exploit, any security product mitigation would have been impaired.

 

OK, thanks itman!

PS: that other thread is the Telefonica thread https://www.wilderssecurity.com/thr...ters-amid-massive-ransomware-outbreak.393952/

 

Been watching the Live Botnet Attack Map this AM.

What is striking are two things:

1) The wcrypt attacks continue at a fairly rapid rate.

2) The percentage of tracked attacks this morning (EST) are predominantly wcrypt attacks, unlike yesterday afternoon (EST).

 

LOL, yes it's ridiculous, they only have their selves to blame. Most "next gen" AV's would have easily blocked this attack. I really wonder what type of defense all of these companies were using.

 

Live Attack Tracking Map is back online.

https://intel.malwaretech.com/pewpew.html

 

FYI: The owner/operator of intel.malware .com, apparently is the "Accidental Hero" who was reported late yesterday as at least temporarily stopping the attacks by creating a sinkhole (until the crooks rework(ed) their code).

Details of how he did it are at:

https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html

So it is unclear (to hawki) if the attacks shown on the live map are having a malicious result.

 

"...Europol also warned a 'complex international investigation" was required "to identify the culprits.'

Ransomware encrypted data on at least 75,000 computers in 99 countries on Friday. ....

Although the spread of the malware - known as WannaCry and variants of that name - appears to have slowed, the threat is not yet over.

Europol said its cyber-crime team, EC3, was working closely with affected countries to mitigate the threat and assist victims...

Coincidentally, finance ministers from the G7 group of leading industrial countries had been meeting on Friday to discuss the threat of cyber-attacks...

The number of infections seems to be slowing after a "kill switch" appears to have been accidentally triggered by a UK-based cyber-security researcher tweeting as @MalwareTechBlog.

But in a BBC interview, he warned that it was only a temporary fix. 'It is very important that people patch their systems now because there will be another one coming and it will not be stoppable by us,' he said..."

http://www.bbc.com/news/world-europe-39907965

 

As far as defense that's a good question and looking forward to some articles of the one's affected.

https://phys.org/news/2017-05-huge-cyberattack-microsoft-free-tech.html

This time around some help of free fix for those old systems but it only covers this particular strain.

 

"Bank of China ATMs Go Dark As Ransomware Attack Cripples China...

WCry 2.0 functions PERFECTLY under Wine, you can infect your Linux desktops too if you are so inclined!.."

https://twitter.com/95cnsec

 

USA seems to be getting hit almost as bad with zeroaccess2

https://nakedsecurity.sophos.com/zeroaccess4/

 

I don't think that fix will cover only this specific strain. As I understand update will close this vulnerability so it can't be used by other malware also.

 

I was looking at that live map monitoring about this virus on that earlier. It kept showing up new dots. I haven't checked last hour. Wow

 

BREAKING NEWS :

"Ransomware attack reveals breakdown in US intelligence protocols, expert says

Attack renews debate over agencies such as the NSA leaving vulnerabilities in place for strategic purposes rather than alerting companies immediately...

'The NSA is supposed to lead the vulnerability equities process with all the other government agencies gathered round to discuss their interests in the vulnerability, and to weigh the offensive capabilities against defensive concerns for the private sector and US interests,” said Adam Segal, the director of the digital and cyberspace policy program at the Council on Foreign Relations. The EternalBlue-WanaCrypt0r attack showed that the NSA did not reveal the vulnerability it had discovered before it was stolen and apparently auctioned off, Segal said.'..."

https://www.theguardian.com/technology/2017/may/13/ransomware-cyber-attack-us-intelligence

 

"Global ‘Wana’ Ransomware Outbreak Earned Perpetrators $26,000 So Far..."

https://krebsonsecurity.com/2017/05...re-outbreak-earned-perpetrators-26000-so-far/

NB: They could have threatened and asked all their victims for 50 cents each and done better. Maybe they did not do it for the money (this time).

1. Anarchists -- chaos for chaos' sake.

2. Anti-NSA pro-privacy terrorists.

 

http://news.sky.com/story/former-nhs-hacker-i-gained-access-in-less-than-an-hour-10876747

 

Nothing I know of compares to the news sources about this disaster right here. I just finished watching the NYC CBS news, the attention-grabbing "Another cyber-attack is imminent" turned into 30 seconds' worth of rehash of this one. I know things need to be brief while on the air but for events like these, I'll rely on the written word.

 

"...Friday's cyber-attack has affected more than 200,000 victims in 150 countries, Europol chief Rob Wainwright says...

Mr Wainwright said he was concerned that the numbers of those affected would continue to rise when people returned to work on Monday morning...

However, Mr Wainwright said that so far 'remarkably few' payments had been made by victims of the attack.

BBC analysis of three accounts linked with the global attack suggests the hackers have been paid the equivalent of £22,080..."

http://www.bbc.com/news/technology-39913630

 

It would be easier for these cretins to collect from private businesses and individuals than from government agencies. I bet they got nothing from the Russian Internal Ministry as collecting their extortion demand from them would be fraught with peril.