NEW YORK (AP) — Dozens of countries were hit with a huge cyberextortion attack Friday that locked up computers and held users’ files for ransom at a multitude of hospitals, companies and government agencies.
It was believed to the biggest attack of its kind ever recorded.
The malicious software behind the onslaught appeared to exploit a vulnerability in Microsoft Windows that was supposedly identified by the National Security Agency for its own intelligence-gathering purposes and was later leaked to the internet.
Britain’s national health service fell victim, its hospitals forced to close wards and emergency rooms and turn away patients. Russia appeared to be the hardest hit, according to security experts, with the country’s Interior Ministry confirming it was struck.
All told, several cybersecurity firms said they had identified the malicious software, which so far has been responsible for tens of thousands of attacks, in more than 60 countries. That includes the United States, although its effects there didn’t appear to be widespread, at least initially.
The attack infected computers with what is known as “ransomware” — software that locks up the user’s data and flashes a message demanding payment to release it. In the U.S., FedEx reported that its Windows computers were “experiencing interference” from malware, but wouldn’t say if it had been hit by ransomware.
Mikko Hypponen, chief research officer at the Helsinki-based cybersecurity company F-Secure, called the attack “the biggest ransomware outbreak in history.”
Security experts said the attack appeared to be caused by a self-replicating piece of software that enters companies and organizations when employees click on email attachments, then spreads quickly internally from computer to computer when employees share documents and other files.
Its ransom demands start at $300 and increase after two hours to $400, $500 and then $600, said Kurt Baumgartner, a security researcher at Kaspersky Lab. Affected users can restore their files from backups, if they have them, or pay the ransom; otherwise they risk losing their data entirely.
Chris Wysopal of the software security firm Veracode said criminal organizations were probably behind the attack, given how quickly the malware spread.
“For so many organizations in the same day to be hit, this is unprecedented,” he said.
The security holes it exploits were disclosed several weeks ago by TheShadowBrokers, a mysterious group that has published what it says are hacking tools used by the NSA as part of its intelligence-gathering.
Cyber attacks linked to North Korea, security experts claim
Computer security experts have linked code in the WannaCry ransomware software to North Korea
Cyber security researchers have found technical clues they said could link North Korea with the global WannaCry "ransomware" cyber attack that has infected more than 300,000 machines in 150 countries since Friday.
Symantec and Kaspersky Lab said on Monday some code in an earlier version of the WannaCry software had also appeared in programs used by the Lazarus Group, which researchers from many companies have identified as a North Korea-run hacking operation.
"This is the best clue we have seen to date as to the origins of WannaCry," Kaspersky Lab researcher Kurt Baumgartner told Reuters.
“At this time, all we have is a temporal link,” Eric Chien, an investigator at Symantec, told the New York Times. “We want to see more coding similarities to give us more confidence.’’
Experts have linked WannaCry to the Lazarus Group, a North Korean operation Credit: Bloomberg
American officials said Monday that they had also seen the same similarities, the newspaper reported.
Both firms said it was too early to tell whether North Korea was involved in the attacks, which crippled the NHS on Friday and became one of the fastest-spreading extortion campaigns on record.
The cyber companies' research will be closely followed by law enforcement agencies around the world, including Washington, where US President Donald Trump's homeland security adviser said on Monday that both foreign nations and cyber criminals were possible culprits.
Read more at http://www.telegraph.co.uk/technology/2017/05/15/north-korea-linked-global-cyber-attack-experts-examine-ransomware/