tao Posted May 12, 2017 Share Posted May 12, 2017 The NHS has been hit by a major cyber attack, with hackers demanding a ransom. Hospitals are understood to have lost the use of phonelines and computers, with some diverting all but emergency patients elsewhere. At some hospitals patients are being told not to come to A&E with all non-urgent operations cancelled. Several hospital trusts and GP surgeries are reporting problems, but the full scale of the problems is not yet known. NHS hospitals across the North, East and West Midlands, and London are reporting IT failures, in some cases meaning there is no way of operating phones or computers. At Lister Hospital in Stevenage, the telephone and computer system has been fully disabled in an attempt to fend off the attack. Patients have been told not to come to A&E and all non-urgent appointments and operations have been cancelled. East and North Hertfordshire NHS trust said in a statement: “Today the trust has experienced a major IT problem, believed to be caused by a cyber attack. “The trust is postponing all non-urgent activity for today and is asking people not to come to A&E - please ring NHS111 for urgent medical advice or 999 if it is a life-threatening emergency. “To ensure that all back-up processes and procedures were put in place quickly, the trust declared a major internal incident to make sure that patients already in the trust’s hospitals continued to receive the care they need.” Health officials are understood to have declared a major incident and ordered a meeting of national resilience teams. NHS Digital said: “We’re aware that a number of trusts that have reported potential issues to the CareCERT team. We believe it to be ransomware.” There are reports that trusts affected include East and North Hertfordshire, North Cumbria, Morecambe Bay hospitals, Blackpool, and Barts Health in London. A number of GP surgeries also say they are also unable to use their systems. One source told Health Service Journal that multiple trusts had been affected by a suspected malware attack around 1.30pm. They said trusts had their computer systems almost entirely shut down. Services affected are thought to include picture archiving communication systems for x-ray images, pathology test results, phone and bleep systems and patient administration systems. The source added: “This will mean delays and a focus on the sickest patients. I’ve seen it once before and we relied on local trusts supporting each other. If truly widespread then that’ll not be an option.” Link to comment Share on other sites More sharing options...
tao Posted May 12, 2017 Author Share Posted May 12, 2017 Ransomware infections reported worldwide A massive ransomware campaign appears to have infected a number of organisations around the world. Computers in thousands of locations have apparently been locked by a program that demands $300 (£230) in Bitcoin. There have been reports of infections in as many as 74 countries, including the UK, US, China, Russia, Spain, Italy and Taiwan. Many security researchers are linking the incidents together. One cyber-security researcher tweeted that he had detected many thousands of cases of the ransomware, known as WannaCry and variants of that name. "This is huge," said Jakub Kroustek at Avast. Another, at cyber-security firm Kaspersky, said that the ransomware had been spotted cropping up in 74 countries and that the number was still growing. The UK's National Health Service (NHS) was also hit by a ransomware outbreak on the same day and screenshots of the WannaCry program were shared by NHS staff. A number of Spanish firms were among the apparent victims elsewhere in Europe. Telecoms giant Telefonica said in a statement that it was aware of a "cybersecurity incident" but that clients and services had not been affected. Power firm Iberdrola and utility provider Gas Natural were also reported to have suffered from the outbreak. There were reports that staff at the firms were told to turn off their computers. Screenshots of WannaCry with text in Spanish were also shared online. In Italy, one user shared images appearing to show a university computer lab with machines locked by the same program. Bitcoin wallets seemingly associated with the ransomware were reported to have already started filling up with cash. Another firm that confirmed it had been caught out was delivery company FedEx. "Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware," it said in a statement. "We are implementing remediation steps as quickly as possible." 'Spreading fast' "This is a major cyber attack, impacting organisations across Europe at a scale I've never seen before," said security architect Kevin Beaumont. According to security firm Check Point, the version of the ransomware that appeared today is a new variant. "Even so, it's spreading fast," said Aatish Pattni, head of threat prevention for northern Europe. Several experts monitoring the situation have linked the infections to vulnerabilities released by a group known as The Shadow Brokers, which recently claimed to have dumped hacking tools stolen from the NSA. A patch for the vulnerability was released by Microsoft in March, but many systems may not have had the update installed. Some security researchers have pointed out that the infections seem to be deployed via a worm - a program that spreads by itself between computers. Link to comment Share on other sites More sharing options...
Petrovic Posted May 12, 2017 Share Posted May 12, 2017 https://intel.malwaretech.com/botnet/wcrypthttps://intel.malwaretech.com/WannaCrypt.html Link to comment Share on other sites More sharing options...
clubhouse Posted May 12, 2017 Share Posted May 12, 2017 http://www.bbc.co.uk/news/live/39901370 Link to comment Share on other sites More sharing options...
mclaren85 Posted May 12, 2017 Share Posted May 12, 2017 The situation is not looking good.. http://www.bbc.com/news/technology-39901382 Link to comment Share on other sites More sharing options...
nezzi Posted May 12, 2017 Share Posted May 12, 2017 this is bad. https://arstechnica.com/security/2017/05/an-nsa-derived-ransomware-worm-is-shutting-down-computers-worldwide/?comments=1 Link to comment Share on other sites More sharing options...
clubhouse Posted May 12, 2017 Share Posted May 12, 2017 WCcrypt tracker map... https://intel.malwaretech.com/botnet/wcrypt Link to comment Share on other sites More sharing options...
CrAKeN Posted May 12, 2017 Share Posted May 12, 2017 Updated systems have the patches to block the ransomware, Microsoft says WannaCry is becoming the largest ransomware infection in history with attacks now expanding from Europe to the United States, but Microsoft says that users who are running a fully up-to-date Windows 10 system with Windows Defender running the latest virus definitions are completely secure. The infection has already made lots of high-profile victims in Europe, including the British National Health System (NHS) and other organizations in Spain, and exploits seem to be based on a leaked NSA vulnerability that reached the web last month. At that point, security experts warned of imminent attacks on Windows systems due to what it seemed to be unpatched zero days in the operating system, but Microsoft played down all these claims saying that users running the latest patches were fully secure. The same is happening this time as well, as Microsoft says that Windows users (regardless of their Windows version as long as they’re still supported – so Windows 7, 8.1, or 10) with the most recent updates installed (May 2017) and with the latest Windows Defender virus definitions are not vulnerable to attacks launched with this new form of ransomware. Windows XP users completely vulnerable On the other hand, WannaCry can still make millions of victims due to the fact that Windows XP and Windows Vista are still running on a hefty share of desktops out there, with both operating systems no longer receiving updates and security patches from the company. Third-party market share data puts Windows XP at nearly 7 percent market share, and the NHS itself has previously been criticized for still running this unsupported Windows version on its systems. Updates for Windows XP are no longer released since April 2014. The WannaCry ransomware locks down computers and requires a ransom of $300 in Bitcoin. The attacks are believed to be based on a vulnerability discovered by the NSA and which was leaked to the web by Shadow Brokers last month. Once again, it’s critical for both home users and organizations to bring their systems fully up-to-date as soon as possible, especially because the number of attacks is growing with every minute and is now expanding to new regions. Source Link to comment Share on other sites More sharing options...
humble3d Posted May 12, 2017 Share Posted May 12, 2017 https://media.scmagazine.com/images/2017/05/12/avast_wanacryptor_1222381.jpg https://www.nytimes.com/2017/05/12/world/europe/uk-national-health-service-cyberattack.html?_r=0 https://www.buzzfeed.com/sheerafrenkel/the-biggest-ransomeware-attack-in-history-is-hitting?utm_term=.vvQD97ZRz#.mvoQz7JnK https://www.scmagazine.com/nsa-tools-behind-worldwide-wanacryptor-ransomware-attack/article/661380/ Link to comment Share on other sites More sharing options...
Karlston Posted May 12, 2017 Share Posted May 12, 2017 Let's give WikiLeaks a big thanks for releasing the code so these ransomware bastards can abuse organisations who care for the sick and vulnerable. Hope the ransomware and WikiLeaks arseholes get their hides nailed to the wall. Link to comment Share on other sites More sharing options...
Cuteboy Posted May 13, 2017 Share Posted May 13, 2017 From today, they used RSA 4096 bit. aware this file @[email protected] 240kb Many webs infected like this... Link to comment Share on other sites More sharing options...
Mandy Posted May 13, 2017 Share Posted May 13, 2017 46 minutes ago, Karlston said: Let's give WikiLeaks a big thanks for releasing the code so these ransomware bastards can abuse organisations who care for the sick and vulnerable. Hope the ransomware and WikiLeaks arseholes get their hides nailed to the wall. Well said but I honestly cannot believe paid IT Pros for such delicate organization fail to run simple patches deployed way back in March Link to comment Share on other sites More sharing options...
nezzi Posted May 13, 2017 Share Posted May 13, 2017 not WikiLeaks, Shadow Brokers https://arstechnica.com/security/2017/04/nsa-leaking-shadow-brokers-just-dumped-its-most-damaging-release-yet/ Link to comment Share on other sites More sharing options...
Batu69 Posted May 13, 2017 Share Posted May 13, 2017 Topic by @CrAKeN & @Cuteboy has been merged. Link to comment Share on other sites More sharing options...
pc71520 Posted May 13, 2017 Share Posted May 13, 2017 10 hours ago, nezzi said: not Wiki-leaks, Shadow Brokers Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted May 13, 2017 Administrator Share Posted May 13, 2017 Just as everyone knows, this page contains all the information of the updates one needs or requires to prevent this depending on their OS version they use. Surprising that the above update did not disable SMBv1 on my PC, had to do it manually. However I'm kind of worried that people think only fixing or disabling SMBv1 will stop this. Link to comment Share on other sites More sharing options...
tao Posted May 13, 2017 Author Share Posted May 13, 2017 Animated Map of How Tens of Thousands of Computers Were Infected With Ransomware Link to comment Share on other sites More sharing options...
dufus Posted May 14, 2017 Share Posted May 14, 2017 Leaked NSA exploit blamed for global ransomware cyberattack Published time: 12 May, 2017 23:27Edited time: 13 May, 2017 11:28 A zero-day vulnerability tool, covertly exploited by US intelligence agencies and exposed by the Shadow Brokers hacking group has been blamed for the massive spread of malware that infected tens of thousands of computer systems globally. TrendsGlobal cyberattack LIVE UPDATES: Mass cyberattack strikes computer systems worldwide The ransomware virus which extorts Windows users by blocking their personal files and demanding payment to restore access, allegedly exploits a vulnerability that was discovered and concealed for future use by the National Security Agency (NSA), according to a range of security experts. “Our analysis indicates the attack, dubbed “WannaCry”, is initiated through an SMBv2 remote code execution in Microsoft Windows. This exploit (codenamed “EternalBlue”) has been made available on the internet through the Shadowbrokers dump on April 14th, 2017,” Russian cybersecurity firm, Kaspersky Lab, wrote in a blog post about the attack. Although Microsoft had already patched the backdoor roughly a month before it became public, many users who did not install the latest security updates seem to have become the primary victims of the attack. NOTE: WikiLeaks has not released exploit code to the CIA's "zero day" hacking software. See https://t.co/h5wzfrReyy for details — WikiLeaks (@wikileaks) May 12, 2017 Meanwhile, NSA whistleblower Edward Snowden has led the discussion on NSA’s role and responsibility in Friday’s extensive cyberattacks, noting that if the NSA had “privately disclosed the flaw used to attack hospitals when they found it, not when they lost it, this may not have happened.” If NSA builds a weapon to attack Windows XP—which Microsoft refuses to patches—and it falls into enemy hands, should NSA write a patch? https://t.co/TUTtmc2aU9 — Edward Snowden (@Snowden) May 12, 2017 This is true. Patching lags releases because IT needs to be conservative and slow. This is the danger of leaving 0-days in the wild. https://t.co/TaEz1fxuTJ — David Auerbach (@AuerbachKeller) May 12, 2017 Lots to digest on latest hack, but 1 critical point for encryption debate: The "we can keep centralized secrets safe" arg has taken a hit. — Alex Abdo (@AlexanderAbdo) May 12, 2017 Curious... does it matter that this was NSA malware? Or is the bigger issue the missing patches, open ports, and legacy systems? — Steve Ragan (@SteveD3) May 12, 2017 Snowden noted that the NSA developed these “dangerous attack tools that could target Western software” despite warnings, and that it’s now up to congress to question the agency on its knowledge of any other software vulnerabilities. Wikileaks also referred to its dealings with the whistleblower behind its Vault 7 CIA releases who warned of the extreme proliferation risk in the creation of cyber weapons. If you can't secure it--don't build it: #Vault7 whistleblower warned US cyber weapons are extreme proliferation risk https://t.co/K7wFTdlC82pic.twitter.com/SP1x7AfDF6 — WikiLeaks (@wikileaks) May 12, 2017 The impact the cyberattack has had on hospitals has raised the greatest concerns. Some 39 hospital trusts as well as GP practices and dental services in the NHS system were targeted across England and Scotland. British journalists should be asking if GCHQ knew of the vulnerability being used to attack NHS but kept it secret so they could use it. — WikiLeaks (@wikileaks) May 12, 2017 READ MORE: Hospital computers across Britain shut down by cyberattack, hackers demanding ransom The worm has also reportedly hit universities, a major Spanish telecom, FedEx, and the Russian Interior Ministry. Bruno Kramm, the chairman of the Berlin branch of the Pirate Party told RT that a lot of vulnerabilities lie in the backdoors built into operating systems. “But the sad thing is the more we find out [about] the NSA having this software, the more we also know that this software is also of course traded. There is no software which you can keep inside of the system. From the moment the NSA works with the software, you can also get the software, and once you get the software you can use it in your own way. So basically, it’s really a problem they have started.” The American Civil Liberties Union reiterated Snowden’s calls for congress to intervene. It also expressed concerns that the NSA could have been aware that Microsoft was vulnerable but failed to disclose this until after the tools were stolen. It would be deeply troubling if the NSA knew Microsoft was vulnerable in this way but waited to disclose. Congress can and should fix this. https://t.co/jdAr6kkB6N — ACLU National (@ACLU) May 12, 2017 “It is past time for Congress to enhance cybersecurity by passing a law that requires the government to disclose vulnerabilities to companies in a timely manner. Patching security holes immediately, not stockpiling them, is the best way to make everyone’s digital life safer,” Patrick Toomey, a staff attorney with the American Civil Liberties Union’s National Security Project. https://www.rt.com/usa/388187-leaked-nsa-exploit-ransomware/ asking bitcoin ransom make it illegal keep money in government private bank paper that get rid of competition Link to comment Share on other sites More sharing options...
Batu69 Posted May 14, 2017 Share Posted May 14, 2017 Topic by @dufus has been moved from general news forum & merged. Link to comment Share on other sites More sharing options...
Karlston Posted May 15, 2017 Share Posted May 15, 2017 Here we go again... WannaCry Kill-Switch(ed)? It’s Not Over! WannaCry 2.0 Ransomware Arrives (The Hacker News) Security Alert: WannaCry Leaves Exploited Computers Vulnerable to Round Two (Heimdal Security) Security Alert: Uiwix Ransomware Is Here and It Can Be Worse Than Wannacry (Heimdal Security) Our friend Woody Leonhard has a guide on what's needed to make all Windows flavours immune... How to make sure you won’t get hit by WannaCry/WannaCrypt (AskWoody) My understanding is that these Microsoft patches patch the vulnerability, not just the WannaCry version. Link to comment Share on other sites More sharing options...
humble3d Posted May 15, 2017 Share Posted May 15, 2017 PANIC IS NEVER AN OPTION... Link to comment Share on other sites More sharing options...
steven36 Posted May 15, 2017 Share Posted May 15, 2017 On undefined at 7:34 PM, Karlston said: Let's give WikiLeaks a big thanks for releasing the code so these ransomware bastards can abuse organisations who care for the sick and vulnerable. Hope the ransomware and WikiLeaks arseholes get their hides nailed to the wall. Really it's the Governments fault this was a old exploit they used in Wild long before the blackhats got a hold of it/ this is what happens when our governments use Malware and the code gets stolen ..The shadw brokers had this for sale on the darknet for along time before they leaked it for free. Quote Microsoft on WannaCry Ransomware: Government Secrecy Led to This "With the right approach, it won't be something that people will have to worry about," Microsoft's founder Bill Gates said of cyber attacks back in October on the BBC. "You won't have to spend like you spend on an army, it's just a group of experts spreading best practices." But the recent global cyber attack has shown that governments are taking a completely wrongheaded approach to the issue at the moment, wrote Microsoft's Chief Legal Officer Brad Smith in a Sunday blog post. Smith was responding to reports that the "ransomware" virus dubbed WannaCry had locked up over 200,000 computers across the world. The tools behind the attacks reportedly belonged to the U.S. National Security Agency, according to security experts. In the blog post, Smith argues that governments have stockpiled software vulnerabilities for offensive purposes, but have failed to inform tech companies of the vulnerabilities. So when the vulnerabilities fall into the wrong hands, its akin to the "U.S. military having some of its Tomahawk missiles stolen," without offering the proper defense to protect consumers against the government's own weapons. "Governments of the world should treat this attack as a wake-up call," Smith wrote."They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world... We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits." Smith also pointed to Wikileaks revealing what it said were the CIA's hacking tools. Tech companies such as Microsoft also have a responsibility to be constantly on guard with cyber security—which also means constant updates on its software systems. Microsoft released patches over the weekend to protect Windows versions against the attacks. But consumers also cannot be complacent, Smith warned. Please, he urged, don't ignore security updates. "Otherwise they’re literally fighting the problems of the present with tools from the past," Smith wrote. http://fortune.com/2017/05/15/ransomware-attack-microsoft-wannacry-patch-nsa/ People have let there guard down because things don't happen very often because of years and years of patching but I remember back in the 1early 2000s before Windows had good firewalls and things the internet being full of viruses and worms and back then about all that could be done was reformat if you was infected . Even Rasomware is not a new type of Malware Quote The first known malware extortion attack, the "AIDS Trojan" written by Joseph Popp in 1989, The notion of using public key cryptography for ransom attacks was introduced in 1996 by Adam L. Young and Moti Yung. Young and Yung critiqued the failed AIDS Information Trojan that relied on symmetric cryptography alone, the fatal flaw being that the decryption key could be extracted from the Trojan, and implemented an experimental proof-of-concept cryptovirus on a Macintosh SE/30 that used RSA and the Tiny Encryption Algorithm (TEA) to hybrid encrypt the victim's data. Since public key crypto is used, the cryptovirus only contains the encryption key. The attacker keeps the corresponding private decryption key private. Young and Yung's original experimental cryptovirus had the victim send the asymmetric ciphertext to the attacker who deciphers it and returns the symmetric decryption key it contains to the victim for a fee. Long before electronic money existed Young and Yung proposed that electronic money could be extorted through encryption as well, stating that "the virus writer can effectively hold all of the money ransom until half of it is given to him. Even if the e-money was previously encrypted by the user, it is of no use to the user if it gets encrypted by a cryptovirus".They referred to these attacks as being "cryptoviral extortion", an overt attack that is part of a larger class of attacks in a field called cryptovirology, which encompasses both overt and covert attacks Examples of extortionate ransomware became prominent in May 2005.By mid-2006, Trojans such as Gpcode, TROJ.RANSOM.A, Archiveus, Krotten, Cryzip, and MayArchive began utilizing more sophisticated RSA encryption schemes, with ever-increasing key-sizes. Gpcode.AG, which was detected in June 2006, was encrypted with a 660-bit RSA public key.In June 2008, a variant known as Gpcode.AK was detected. Using a 1024-bit RSA key, it was believed large enough to be computationally infeasible to break without a concerted distributed effort. Encrypting ransomware returned to prominence in late 2013 with the propagation of CryptoLocker https://en.wikipedia.org/wiki/Ransomware#History People just forgot what it was because it went dormant for 6 years and returned we use have too deal with all the time before, Don;t ever let you're guard down.. Link to comment Share on other sites More sharing options...
Karlston Posted May 15, 2017 Share Posted May 15, 2017 58 minutes ago, steven36 said: Really it's the Governments Nope. It's the bastards that released and used the exploit. WikiLeaks and the ransomware authors respectively. You should know to take anything that Microsoft says with an enormous grain of salt. What's that saying the US Gun Lobby uses? "it's not guns that kill people, it's people" --- Woody's posted a couple of InfoWorld articles... How to make sure your Windows PC won't get hit by ransomware like WannaCry FAQ: Are you in danger from the WannaCry ransomware? Link to comment Share on other sites More sharing options...
steven36 Posted May 15, 2017 Share Posted May 15, 2017 42 minutes ago, Karlston said: Nope. It's the bastards that released and used the exploit. WikiLeaks and the ransomware authors respectively. You should know to take anything that Microsoft says with an enormous grain of salt. What's that saying the US Gun Lobby uses? "it's not guns that kill people, it's people" That's nothing new if it was not the Shadow Brokers it be would someone else rasomware , worms, and virus have existed since the 80s .. People use would give you a virus for shits and giggles just to see if they could pull it off and they would lock up you're PC and never give you the key lol. you had too reformat. If the Government dont warn vendors when there malware gets stolen it will keep happening and if you dont do updates you stay vulnerable .It's not Rocket Science to do you're updates you know? I don't want hear no more about Woody has too say for a few years hes been promoting not doing updates tell they been tested in the wild a good while you could of done been infected by them. He just changed his tune here in last few months after he seen how bad things are again.. People listen to that crap and procrastinate don't come crying when something like this happens. They issued a patch for this rasomware in March for supported OS and now because people are so stubborn or just dont have the money are don't have the brains to update there OS Microsoft issued a patch for them too witch really there is no good excuse to still be on XP online if you dont have the money Linux is free and was never vulnerable to this strain! Link to comment Share on other sites More sharing options...
steven36 Posted May 15, 2017 Share Posted May 15, 2017 3 minutes ago, 0bin said: Who are the Shadow Brokers? The hacking group who stole the NSA hacking tools . https://en.wikipedia.org/wiki/The_Shadow_Brokers Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.