Global hacking attack infects 57,000 computers
Hackers exploit stolen US spy agency tools to launch massive cyber-attack on nearly 100 countries with Russia hit hard.
A global cyber-attack using hacking tools believed to have been created by the US National Security Agency (NSA) has infected tens of thousands of computers in nearly 100 countries.
Cyber-extortionists on Friday tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings, and other legitimate files.
The ransomware then encrypted data on the computers, demanding payments of $300-$600 to restore access. Security researchers said they observed some victims paying via the digital currency bitcoin, though they did not know what percent had given in to the digital extortionists.
Researchers with security software maker Avast said they had observed 57,000 infections in 99 countries with Russia, Ukraine, and Taiwan the top targets.
The most disruptive attacks were reported in Britain, where hospitals and clinics were forced to turn away patients after losing access to computers.
"We are experiencing a major IT disruption and there are delays at all of our hospitals," said the Barts Health group, which manages major London hospitals. Routine appointments had been cancelled and ambulances were being diverted to neighbouring hospitals.
International shipper FedEx Corp said some of its Windows computers were also infected.
The hackers, who have not come forward to claim responsibility or otherwise been identified, likely made it a "worm", or self-spreading malware, by exploiting a piece of NSA code known as "Eternal Blue", which was released last month by a group known as the Shadow Brokers, researchers with several private cyber-security firms said.
"This is one of the largest global ransomware attacks the cyber-community has ever seen," said Rich Barger, director of threat research with Splunk, one of the firms that linked WannaCry to the NSA.
The Shadow Brokers released Eternal Blue as part of a trove of hacking tools that they said belonged to the US spy agency.
On Friday, Russia's interior and emergencies ministries, as well as the country's biggest bank, Sberbank, said they were targeted. The interior ministry said on its website about 1,000 computers had been infected but it had localised the virus.
Although cyber-extortion cases have been rising for several years, they have to date affected small-to-mid-sized organisations, disrupting services provided by hospitals, police departments, public transportation systems and utilities in the United States and Europe.
The news is also likely to embolden cyber-extortionists when selecting targets, Chris Camacho, chief strategy officer with cyber intelligence firm Flashpoint, said.
"Now that the cyber criminals know they can hit the big guys, they will start to target big corporations. And some of them may not be well prepared for such attacks," Camacho said.
No comments:
Post a Comment