TechViews News …..
Tens of thousands of ransomware attacks are targeting organizations around the world on Friday. The Cyber-attacks that hit 74 countries across Europe and Asia Friday, impacting the public health system in Britain, apparently involved a leaked hacking tool from the National Security Agency.
Security firm Kaspersky Lab has recorded more than 45,000 attacks in 74 countries in the past 10 hours, with many of the attacks targeting Russia.
The attack used ransomware, which is malware that encrypts data and locks a user from their data until they pay a ransom. The tool, which was leaked by a group known as Shadow Brokers, had been stolen from the N.S.A. as part of a wide swath of tools illegally released in 2016.
The ransomware, called “WannaCry,” locks down all the files on an infected computer and asks the computer’s administrator to pay in order to regain control of them. Researchers say it is spreading through a Microsoft (MSFT, Tech30) Windows exploit called “EternalBlue,” which Microsoft released a patch for in March.
Microsoft said that they had rolled out a patch to fix the issue, but certain targets, including the hospitals in Britain, had not yet updated their systems.
The impact of the attacks caused phone lines to go down, appointments to be canceled and patients to be turned away, but there has been no reported evidence of patient data being breached.
There were a number of pictures posted to social media highlighting the ransomware, which asked for $300 in Bitcoin.
NHS Digital, which oversees cybersecurity in Britain, said the attack did not specifically target the NHS and “is affecting organizations from across a range of sectors.” In total, 16 NHS organizations said they were affected.
Tom Donnelly, a spokesman for N.H.S. Digital, said the attack was still “ongoing” and that that the organization was “made aware of it this afternoon.”
In addition, several Spanish companies had also been affected via a ransomware attack. Spain did not say which companies were affected, but Telefonica, a telecom giant said it had detected an incident which affected some of its employees.
“It is going to spread far and wide within the internal systems of organizations — this is turning into the biggest cybersecurity incident I’ve ever seen,” UK-based security architect Kevin Beaumont said.
He said it’s likely the ransomware will spread to U.S. firms too. The ransomware is automatically scanning for computers it can infect whenever it loads itself onto a new machine. It can infect other computers on the same wireless network.
“It has a ‘hunter’ module, which seeks out PCs on internal networks,” Beaumont said. “So, for example, if your laptop is infected and you went to a coffee shop, it would spread to PCs at the coffee shop. From there, to other companies.”
Be Safe – Backup Your Data Regularly!
And don’t forget to take advantage of our FREE subscription to the TechViews.org Newsletter. A must-read if you are interested in Internet Security.