Shadow Brokers threaten to release even more NSA-sourced malware

[Karlston]

The hacking group claims it will launch in June a subscription-based monthly dump of compromised data

Credit: Thinkstock

Late last night, someone claiming to represent Shadow Brokers—the people responsible for releasing stolen NSA hacking tools—posted a new message on the Steemit website. In a hard-to-fathom rant, the group makes several claims and also threatens to release even more damaging material.

 

I've loosely quoted Shadow Brokers' post below, editing their statement heavily for clarity. Any translation errors are mine. Note that The Equation Group is a well-established “persistent threat” organization, widely thought to be tied to the NSA. 

Shadow Brokers feels that it was “being very responsible” about April’s dump—the one that resulted in WannaCrypt/WannaCry, and the potential for many more exploits. Last August, Shadow Brokers warned that The Equation Group had been hacked, and they had the goods. Shadow Brokers offered some of their wares at auction. To prove they had sufficiently interesting goods, they released The Equation Group’s 2013 firewall tools and an old Cisco zero-day exploit. Nobody believed Shadow Brokers.

Why an auction? Shadow Brokers is not interested in bug bounties, selling to “cyber thugs,” or “giving to greedy corporate empires.” They want to pick a worthy opponent. It’s always been about Shadow Brokers vs The Equation Group. But The Equation Group didn’t bid to buy back its wares; nor did any governments, tech companies, or security companies.

In December, Shadow Brokers cancelled the auction, and offered to sell pieces of the trove one at a time. Even then, there were no takers. So Shadow Brokers asked themselves why there were no bids. Perhaps nobody was interested because they didn’t believe Shadow Brokers had the good stuff.

In January, Shadow Brokers posted screenshots taken from programs on The Equation Group’s 2013 Windows Ops disk. When they posted the shots, they knew that The Equation Group would recognize them, and warn Microsoft.

(Shadow Brokers wrangler Matt Suiche acknowledges that “Shadow Brokers seems very well informed that *only* The Equation Group would have identified the vulnerabilities from those screenshots.”)

In February, Microsoft missed Patch Tuesday. Shadow Brokers said that it knows that Microsoft skipped Patch Tuesday to fix the exploits in the 2013 Windows Ops Disk. In March, Microsoft issued the patch for the SMB vulnerabilities. Oracle patched “huge number of vulnerabilities.” Shadow Brokers waited and didn’t release the exploits.

(That matches up precisely with the MS17-010 release, which tackled the SMB security holes, and conjectures many of us have had about the skipped February patches.)

 

In April, 90 days after the screenshots were posted, and 30 days after the Microsoft patch, Shadow Brokers released the contents of the 2013 Windows Ops Disk. “Because why not? The Shadow Brokers is having many more… This is The Shadow Brokers way of telling The Equation Group, ‘all your base are belong to us.’ Shadow Brokers isn’t interested in stealing grandmothers’ retirement money. This has always been about The Shadow Brokers vs The Equation Group.”

Shadow Brokers waited 30 days after the Windows patch was available before dumping the exploits. Microsoft has a huge contract worth “millions or billions of USD each year” with The Equation Group. The Equation Group has spies inside Microsoft and other tech companies, as do Russia, China, Iran and Israeli intelligence. Even Google Project Zero has a former The Equation Group member. Remember the “Wormable Zero Day” that Project Zero uncovered? Microsoft took two days to fix it. Was that a coincidence?

Is it fake news if we say that The Equation Group is paying US tech companies to NOT PATCH vulnerabilities until they’re revealed publicly? Why was Microsoft patching the SMB vulnerabilities in secret? Is Microsoft embarrassed because The Equation Group is lying to Microsoft, not telling them about the SMB vulnerabilities? Microsoft thinks it knows all the vulnerabilities that The Equation Group has, and it’s being paid to hold off patches.

At this point the post trails off into a diatribe about Brad Smith, Microsoft’s head lawyer, before picking up again.

In May, we didn’t release any new vulnerabilities, but WannaCry appeared. WannaCry is very strange for crimeware. A killswitch? It cares about the target country? “The oracle” told us that North Korea is responsible for WannaCry.

To which Matt Suiche tweets, “Shadow Brokers thinks it’s strange too that there are killswitches in the ransomeware WannaCry.” He has written an extensive side-by-side comparison of code from WannaCry and known code from the Lazarus Group—the shadowy group behind the 2014 attack on Sony Pictures and the $81 million heist at Bangladesh Bank—and concludes that there’s a strong, if coincidental, link between WannaCry and North Korea.

 

The Shadow Brokers post continues:

In June, Shadow Brokers will announce “The Shadow Brokers Data Dump of the Month” service. We are launching a new monthly subscription model, like the wine of the month club. Each month you pay a membership fee, then members only get a data dump. What members do with it after the dump is up to them.

The Shadow Brokers Monthly Data Dump could include:

• web browser, router, handset exploits and tools
• select items from newer Ops Disks, including newer exploits for Windows 10
• compromised network data from more SWIFT providers and Central banks
• compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs

More details in June.

If a responsible party buys all lost data before it is sold, then Shadow Brokers will have no more financial incentives to be taking continued risks of operation and will go dark permanently. You have our Bitcoin address.

Remarkably, that last part, including the bullet items, reverts to standard English. 

 

Matt Suiche tweets, “Shadow Brokers’ claim on Windows 10 implies they have files later than 2013. Did the NSA have a disagreement with a contractor?”

 

The Shadow Brokers rant lines up with what we’ve seen from the outside. You have to wonder if they’ve been privy to what’s been happening inside.

 

Discussion—and speculation—continues on the AskWoody Lounge.

 

Source: Shadow Brokers threaten to release even more NSA-sourced malware (InfoWorld - Woody Leonhard)

[PrEzi]

When I read things like this ---

• compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs

it makes me kinda nervous... 

I mean... Shadow Broker or not --- they should also have some kind of self-preservation, right?

[steven36]

 

 

 

Quote

Group linked to NSA spy leaks threatens sale of new tech secrets

A group that took credit for leaking NSA cyber spying tools - including ones used in the WannaCry global ransomware attack - has said it plans to sell code that can be used to hack into the world's most used computers, software and phones.

 

 

Using trademark garbled English, the Shadow Brokers group said in an online statement that, from June, it will begin releasing software to anyone willing to pay for access to some of the tech world's biggest commercial secrets.

 

 

In the blog post, the group said it was setting up a "monthly data dump" and that it could offer tools to break into web browsers, network routers, phone handsets, plus newer exploits for Windows 10 and data stolen from central banks.

 

 

It said it was set to sell access to previously undisclosed vulnerabilities, known as zero-days, that could be used to attack Microsoft Corp's (MSFT.O) latest software system, Windows 10. The post did not identify other products by name.

 

 

It also threatened to dump data from banks using the SWIFT international money transfer network and from Russian, Chinese, Iranian or North Korean nuclear and missile programs, without providing further details.

 

"More details in June," it promised.

 

Shadow Brokers came to public attention last August when it mounted an unsuccessful attempt to auction off a set of older cyber-spying tools it said were stolen from the U.S. National Security Agency.

 

The leaks, and the global WannaCry virus attack, have renewed debate over how and when intelligence agencies should disclose vulnerabilities used in cyber spying programs to so that businesses and consumers can better defend themselves against attacks.

 

"ShadowBrokers are back" tweeted Matthieu Suiche, a French hacker and founder of the United Arab Emirates-based cyber security firm Comae Technologies, who has studied the Shadow Broker releases and believes the group has access to NSA files.

 

Hacking tools believed to belong to the NSA that were leaked online last month were built into WannaCry ransomware -- also known as WannaCrypt -- that swept the globe on Friday

 

 

The attack stoked fears that the spy agency's powerful cyber weapons could now be turned to criminal use, ratcheting up cyber security threats to a whole new level.

 

The NSA has not commented on Shadow Brokers since the group emerged last year, or the contents of past leaks. It has not responded to repeated requests for comment about the ransomware attack.

 

A spokeswoman for Microsoft said it was preparing a response. Microsoft has connected previous exploits of its products released by the mysterious Shadow Brokers group to tools which were stolen from NSA cyber warfare operations.

 

(Reporting By Eric Auchard in Frankfurt, Dustin Volz in Washington D.C. and Jim Finkle in Toronto; Editing by Hugh Lawson and Richard Lough)

 

 

http://www.reuters.com/article/us-cyber-attacks-shadowbrokers-idUSKCN18C1N2

 

[Sylence]

their origin still unknown

 

https://en.wikipedia.org/wiki/The_Shadow_Brokers

[steven36]

 

Quote

 

Cyber attack could spark lawsuits but not against Microsoft

 

 

Businesses that failed to update Microsoft Windows-based computer systems that were hit by a massive cyber attack over the weekend could be sued over their lax cyber security, but Microsoft Corp itself enjoys strong protection from lawsuits, legal experts said.

 

The WannaCry worm has affected more than 200,000 Windows computers around the world since Friday, disrupting car factories, global shipper FedEx Corp and Britain's National Health Service, among others. The hacking tool spreads silently between computers, shutting them down by encrypting data and then demanding a ransom of $300 to unlock them.

According to Microsoft (MSFT.O), computers affected by the so-called "ransomware" did not have security patches for various Windows versions installed or were running Windows XP, which the company no longer supports.

 

"Using outdated versions of Windows that are no longer supported raises a lot of questions," said Christopher Dore, a lawyer specializing in digital privacy law at Edelson PC. "It would arguably be knowingly negligent to let those systems stay in place.”

 

Businesses could face legal claims if they failed to deliver services because of the attack, said Edward McAndrew, a data privacy lawyer at Ballard Spahr. "There is this stream of liability that flows from the ransomware attack," he said. "That's liability to individuals, consumers and patients."

 

WannaCry exploits a vulnerability in older versions of Windows, including Windows 7 and Windows XP. Microsoft issued a security update in March that stops WannaCry and other malware in Windows 7. Over the weekend the company took the unusual step of releasing a similar patch for Windows XP, which the company announced in 2014 it would no longer support.

 

Dore said companies that faced disruptions because they did not run the Microsoft update or because they were using older versions of Windows could face lawsuits if they publicly touted their cyber security. His law firm sued LinkedIn after a 2012 data breach, alleging individuals paid for premium accounts because the company falsely stated it had top-quality cyber security measures. LinkedIn settled for $1.25 million in 2014.

 

But Scott Vernick, a data security lawyer at Fox Rothschild that represents companies, said he was skeptical that WannaCry would produce a flood of consumer lawsuits. He noted there was no indication the cyber attack had resulted in widespread disclosure of personal data.

 

"It isn’t clear that there has been a harm to consumers," he said.

 

Vernick said businesses that failed to update their software could face scrutiny from the U.S. Federal Trade Commission, which has previously sued companies for misrepresenting their data privacy measures.

 

LICENSING AGREEMENTS LIMIT LIABILITY

Microsoft itself is unlikely to face legal trouble over the flaw in Windows being exploited by WannaCry, according to legal experts.

When Microsoft sells software it does so through a licensing agreement that states the company is not liable for any security breaches, said Michael Scott, a professor at Southwestern Law School. Courts have consistently upheld those agreements, he said.

 

Alex Abdo, a staff attorney at the Knight First Amendment Institute at Columbia University, said Microsoft and other software companies have strategically settled lawsuits that could lead to court rulings weakening their licensing agreements.

 

"This area of law has been stunted in its growth," he said. "It is very difficult to hold software manufacturers accountable for flaws in their products."

Also enjoying strong protection from liability over the cyber attack is the U.S. National Security Agency, whose stolen hacking tool is believed to be the basis for WannaCry. The NSA did not immediately return a request for comment.

 

Jonathan Zittrain, a professor specializing in internet law at Harvard Law School, said courts have frequently dismissed lawsuits against the agency on the grounds they might result in the disclosure of top secret information.

 

On top of that, the NSA would likely be able to claim that it is shielded from liability under the doctrine of sovereign immunity, which says that the government cannot be sued over carrying out its official duties.

 

"I doubt there can be any liability that stems back to the NSA," Dore said.

 

(Reporting by Jan Wolfe; Editing by Anthony Lin and Mary Milliken)

 

 

http://www.reuters.com/article/us-cyber-attack-liability-idUSKCN18B2SE

 

[steven36]

 

Quote

 

Cyber attack eases, hacking group threatens to sell code

 

Governments turned their attention to a possible new wave of cyber threats on Tuesday after the group that leaked U.S. hacking tools used to launch the global WannaCry "ransomware" attack warned it would release more malicious code.

 

The fast-spreading cyber extortion campaign, which has infected more than 300,000 computers worldwide since Friday, eased for second day on Tuesday, but the identity and motive of its creators remain unknown.

 

The attack includes elements that belong to the U.S. National Security Agency and were leaked online last month.

 

Shadow Brokers, the group that has taken credit for that leak, threatened on Tuesday to release more recent code to enable hackers to break into the world's most widely used computers, software and phones.

 

A blog post written by the group promised from June to release tools every month to anyone willing to pay for access to some of the tech world's biggest commercial secrets.

It also threatened to dump data from banks using the SWIFT international money transfer network and from Russian, Chinese, Iranian or North Korean nuclear and missile programs. "More details in June," it promised.

 

The spread of the WannaCry attack - which encrypts a user's data and demands a "ransom" be paid electronically to free it up again - slowed to a trickle on Tuesday, with few, isolated examples being reported.

 

In Canada, the Universite de Montreal was hit, with 120 of the French-language university’s 8,300 computers affected, according to a university spokeswoman.

There were no new, major incidents in the United States. Fewer than 10 U.S. organizations have reported attacks to the Department of Homeland Security since Friday, a U.S. official told reporters on Tuesday.

 

The attack has caused most damage in Russia, Taiwan, Ukraine and India, according to Czech security firm Avast.

 

The United States likely avoided greater harm as the attack targeted older versions of Microsoft Corp's (MSFT.O) Windows operating system, and more U.S. users have licensed, up-to-date, patched versions of the software, compared to other regions of the world.

 

 

The Department of Homeland Security began an "aggressive awareness campaign" to alert the tech industry to the importance of installing the patch that Microsoft issued in March that protected users from the vulnerability exploited by the attack, a U.S. official working on the attack told Reuters.

 

Microsoft said on Tuesday it was aware of Shadow Brokers' most recent claim and that its security teams monitor potential threats in order to "help us prioritize and take appropriate action."

Microsoft President and Chief Legal Officer Brad Smith said earlier this week the WannaCry attack used elements stolen from the NSA. The U.S. government has not commented directly on the matter.

NORTH KOREA LINK PROBED

Cyber security researchers around the world have said they have found evidence that could link North Korea with the WannaCry cyber attack.

 

 

A researcher from South Korea's Hauri Labs said on Tuesday their own findings matched those of Symantec (SYMC.O) and Kaspersky Lab, who said on Monday that some code in an earlier version of the WannaCry software had also appeared in programs used by the Lazarus Group, identified by some researchers as a North Korea-run hacking operation.

 

"It is similar to North Korea's backdoor malicious codes," said Simon Choi, a senior researcher with Hauri who has done extensive research into North Korea's hacking capabilities and advises South Korean police and National Intelligence Service.

 

Both Symantec and Kaspersky said it was too early to tell whether North Korea was involved in the attacks, based on the evidence that was published on Twitter by Google security researcher Neel Mehta.

 

FireEye Inc , another large cyber security firm, said it was also investigating, but it was cautious about drawing a link to North Korea.

"The similarities we see between malware linked to that group and WannaCry are not unique enough to be strongly suggestive of a common operator," FireEye researcher John Miller said.

U.S. and European security officials told Reuters on condition of anonymity that it was too early to say who might be behind the attacks, but they did not rule out North Korea as a suspect.

 

 

The Lazarus hackers, acting for impoverished North Korea, have been more brazen in their pursuit of financial gain than others, and have been blamed for the theft of $81 million from the Bangladesh central bank, according to some cyber security firms. The United States accused it of being behind a cyber attack on Sony Pictures in 2014.

 

North Korea has denied being behind the Sony and banking attacks. North Korean officials were not immediately available for comment and its state media has been quiet about the matter.

NO INFORMATION TO SHARE

 

In China, foreign ministry spokeswoman Hua Chunying said she had no information to share, when asked about the origin of the attack and whether North Korea might be connected.

Several Asian countries have been affected by the malware, although the impact has not been as widespread as some had feared.

 

In Malaysia, cyber security firm LE Global Services said it identified 12 cases so far, including a large government-linked corporation, a government-linked investment firm and an insurance company. It did not name any of the entities.

 

"We may not see the real picture yet, as companies are not mandated to disclose security breaches to authorities in Malaysia," said LE Global CEO Fong Choong Fook.

"The real situation may be serious. In one of the cases, the attack was traced back to early April."

 

Vietnam's state media said on Tuesday more than 200 computers had been affected, but one of the country's leading anti virus companies, Bkav, later put the figure at 1,900.

 

Taiwan Power Co. TAIWP.UL said that nearly 800 of its computers were affected, although these were used for administration, not for systems involved in electricity generation.

 

 

(Additional reporting by Eric Auchard in Frankfurt, Julia Edwards Ainsley in Washington, Jim Finkle in Toronto, Allison Lampert in Montreal, Jess Macy Yu in Taipei, My Pham and Mai Nguyen in Hanoi, Ju-min Park in Seoul, Michael Martina in Beijing and Liz Lee in Kuala Lumpur,; Writing by Jeremy Wagstaff in Singapore and Bill Rigby in New York; Editing by Sam Holmes)

 

 

 

 

 

 

 

 

 

http://www.reuters.com/article/us-cyber-attack-idUSKCN18B0AC

 

[Sylence]

Quote

government cannot be sued over carrying out its official duties.

 

so the U.S government's official duties is to disrupt and infect computers in 150 countries and steal people's data and get ransom? hmm Interesting 

[steven36]

Yes just like every other country have spies too

 

United States government security breaches

https://en.wikipedia.org/wiki/United_States_government_security_breaches

If they want the CIA or the NSA they must be charged with war crimes and since no one died fat chance of that  and in the USA there Immune so unless you can catch them in a country were there laws are were  they could be prosecuted  there is  no chance  of anything being done to anyone  unless they are found out too be a spy.

 

Really in Recent days the CIA  or the NSA  want  even acknowledge that any of these exploits really  belongs too them if you look at that list no one acknowledge the fact  since 2007 , So it's you're word against there's because they want say nothing too incriminate themselves  in the media  .

 

Quote

That’s a good question. But the ransomware racing around the globe is based on a cache of apparent NSA hacking software and documents that a group calling itself “the Shadow Brokers” posted online on April 14. (Shadow Brokers first began making these kinds of dumps last year.) The Trump and former Obama administrations have refused to confirm that the NSA had lost control of its tools, but former intelligence officials say the leaked material is genuine.

http://www.politico.com/story/2017/05/15/global-cyberattack-nsa-238412

 

[steven36]

 

Quote

 

The Real Roots of the Worldwide Ransomware Outbreak: Militarism and Greed

 

A runaway strain of malware hit Windows computers Friday and spread through the weekend, rendering hundreds of thousands of computers around the world more or less useless. The big twist: The virus was made possible by U.S. government hackers at the National Security Agency. But the finger-pointing won’t stop there, and it probably shouldn’t.

As the worm, known as WannaCry, has been contained, more free time has opened up in which to argue and assign blame beyond the anonymous hackers who used leaked NSA code to assemble the virus, and whatever party decided to turn it into ransomware. Microsoft isn’t holding back.

 

In an unusually bold and forthright post by president Brad Smith, the company called out the NSA by name for not just creating, but “stockpiling” — and then, like Cyber Frankenstein, losing all control over — the attacks that made WannaCry possible:

This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.

Every software weakness the NSA (or CIA, or FBI) decides to use for itself in total secrecy is necessarily one it won’t share with a company like Microsoft so that it can write and release a software update to keep its customers safe. (Whether or not you see this as a good and necessary thing likely has a lot to do with your opinion of whether the NSA too often prioritizes its ability to hurt adversaries over the privacy and safety of U.S. citizens or over the privacy and safety of people in general).

 

The government’s official decision to withhold or disclose is driven by something called the Vulnerabilities Equity Process (or VEP), and its exact mechanism is not entirely known. The VEP is meant to balance the advantages gained by keeping a given software vulnerability secret versus the potential risks to the world at large.

 

When the NSA adds to its arsenal an undisclosed software vulnerability, known as a “zero day,” rather than reporting it to the maker of the software, any common cybercriminal who happens to independently discover it will be free to exploit the security hole for their own ends, sometimes for years and years. Even if everything goes according to plan for the NSA, this sort of stockpiling values the military and intelligence community’s offensive capabilities over the digital safety of, well, literally everyone else, and is rightfully controversial.

 

But per Microsoft’s point, things aren’t going according to plan recently, and our nation’s secret keepers have been having a lot of trouble keeping their computer weapons away from the likes of the Shadow Brokers and Wikileaks. It’s a true and damning argument on Smith’s part: Whether due to internal leakers or  external attackers, two of the most advanced and secretive spy agencies in the world have seen some of their most prized offensive tools snatched out of the shadows and not only made public, but weaponized against British hospitals, Chinese universities, and FedEx. Congressman Ted Lieu, a rare legislator with any background in computer science, sees WannaCry as an opportunity to overhaul the VEP in favor of more disclosure: “Currently the Vulnerabilities Equities Process is not transparent and few people understand how the government makes these critical decisions,” the California Democrat wrote in a statement as WannaCry raged around the world. “Today’s worldwide ransomware attack shows what can happen when the NSA or CIA write malware instead of disclosing the vulnerability to the software manufacturer.”

 

The NSA did not create WannaCry. Rather, it discovered weaknesses in various versions of Windows and wrote programs that would allow American spies to penetrate computers running Microsoft’s operating system, and it was one of these programs, codenamed ETERNALBLUE and repurposed by still-unidentified hackers, that allowed WannaCry to spread as quickly and uncontrollably as it did last week. Whether or not you think the causal chain is such that the NSA is in some sense morally responsible, it’s undeniable that without the agency’s work, there is no ETERNALBLUE, and without ETERNALBLUE, there is no May 2017 WannaCry Crisis. In this sense, Microsoft is right–but the blame shouldn’t end there.

Microsoft also did not create WannaCry. But it did create something something nearly as bad: Windows Vista, an operating system so horrendously bloated, broken, and altogether unpleasant to use that many PC users back in 2007 skipped upgrading altogether, opting instead to stick with the outdated Windows XP, a decision that has left many people on that decade-and-a-half-old operating system even today, years after Microsoft stopped updating it.

 

When Microsoft responded to the startling initial reports of ETERNALBLUE’s public release by noting it had already inoculated Windows against the threat via software patch, it did not mention that XP users were not included. Using an operating system after its expiration date is unwise, but in fairness to the millions of people around the world still using old versions of Windows, expecting consumers to regularly buy expensive software of uncertain quality is unwise too. It’s only relatively recently that Microsoft has started to shake off the stink from Vista (and the confusing Windows 8).

 

Some of the NSA’s defenders are quick to blame computer owners and IT administrators for not keeping their software current, but less likely to blame Microsoft for writing insecure code, alienating customers with shoddy operating systems and planned obsolescence, or dropping support for older OSes still in wide use. (The fact that Microsoft did actually release a WannaCry security patch for Windows XP over the weekend shows that it’s entirely possible to make old software safer). It can’t be overstated that the choice to let older versions of Windows lapse into a condition of permanent insecurity is as much a business strategy as an engineering decision, and one that leaves Microsoft customers in the lurch when something like WannaCry breaks loose. In the case of a large, high-stakes organization like a hospital or manufacturing plant, upgrading to the next version of Windows isn’t just a matter of waiting for the progress bar to fill, but a nightmarish web of compatibility issues with specialized hardware and niche, 3rd party software. If letting a computer network in you administer run Windows XP is negligent, it’s surely a negligence that pales compared to losing a military cyberweapon, or leaving vulnerable customers whose computers work fine.

 

The NSA surely wants to do its work in full secrecy, undisturbed as much as possible by obligations to anyone or anything else–it’s the business they’re in. Microsoft surely wants to continue to sell successive versions of Windows every several years and gradually forget about its earlier attempts–it’s the business they’re in. But these two agendas, of militarism, absolute secrecy, and software profit maximization create an environment that allows something like WannaCry to stomp all over the globe, hobbling hospitals and train stations in its wake.

 

https://theintercept.com/2017/05/16/the-real-roots-of-the-worldwide-ransomware-outbreak-militarism-and-greed/