Massive Ransomware Attack "WannaCry" Goes Global - Huge

[rmstock]

The ransomware has been identifed as WannaCry
"Worst-Ever Recorded" Ransomware Attack Strikes Over 57,000 Users Worldwide, Using NSA-Leaked Tools
by Tyler Durden May 12, 2017 1:52 PM
http://www.zerohedge.com/news/2017-05-12/massive-ransomware-attack-goes-global-huge
  " * * *
   
   Update 4: According to experts tracking and analyzing the worm and its
   spread, this could be one of the worst-ever recorded attacks of its
   kind. The security researcher who tweets and blogs as MalwareTech told
   The Intercept "I've never seen anything like this with ransomware," and
   "the last worm of this degree I can remember is Conficker." Conficker
   was a notorious Windows worm first spotted in 2008; it went on to
   infect over nine million computers in nearly 200 countries. As The
   Intercept details,
   
      Today's WannaCry attack appears to use an NSA exploit codenamed
      ETERNALBLUE, a software weapon that would have allowed the spy agency's
      hackers to break into any of millions of Windows computers by
      exploiting a flaw in how certain version of Windows implemented a
      network protocol commonly used to share files and to print. Even though
      Microsoft fixed the ETERNALBLUE vulnerability in a March software
      update, the safety provided there relied on computer users keeping
      their systems current with the most recent updates. Clearly, as has
      always been the case, many people (including in governments) are not
      installing updates. Before, there would have been some solace in
      knowing that only enemies of the NSA would have to fear having
      ETERNALBLUE used against them–but from the moment the agency lost
      control of its own exploit last summer, there's been no such assurance.
   
      Today shows exactly what's at stake when government hackers can't keep
      their virtual weapons locked up.
   
      As security researcher Matthew Hickey, who tracked the leaked NSA tools
      last month, put it, "I am actually surprised that a weaponized malware
      of this nature didn't spread sooner."
   
   Update 3: Microsoft  has issued a statement, confirming the status the
   vulnerability:
   
      Today our engineers added detection and protection against new
      malicious software known as Ransom:Win32.WannaCrypt.
   
      In March, we provided a security update which provides additional
      protections against this potential attack.
   
      Those who are running our free antivirus software and have Windows
      updates enabled, are protected. We are working with customers to
      provide additional assistance.
   
   Update 2: Security firm Kaspersky Lab has recorded more than 45,000
   attacks in 74 countries in the past 10 hours. Seventy-four countries
   around the globe have been affected, with the number of victims still
   growing, according to Kaspersky Lab. According to Avast, over 57,000
   attacks have been detected worldwide, the company said, adding that it
   "quickly escalated into a massive spreading."
   
   https://twitter.com/JakubKroustek/status/863079654290313217
   
   According to Avast, the ransomware has also targeted Russia, Ukraine
   and Taiwan. The virus is apparently the upgraded version of the
   ransomware that first appeared in February. Believed to be affecting
   only Windows operated computers, it changes the affected file extension
   names to ".WNCRY." It then drops ransom notes to a user in a text file,
   demanding $300 worth of bitcoins to be paid to unlock the infected
   files within a certain period of time.
   
   While the victim's wallpaper is being changed, affected users also see
   a countdown timer to remind them of the limited time they have to pay
   the ransom. If they fail to pay, their data will be deleted,
   cybercriminals warn. According to the New York Times, citing security
   experts, the ransomware exploits a "vulnerability that was discovered
   and developed by the National Security Agency (NSA)." The hacking tool
   was leaked by a group calling itself the Shadow Brokers, the report
   said, adding, that it has been distributing the stolen NSA hacking
   tools online since last year.
   
   Predictably, Edward Snowden - who has been warning about just such an
   eventuality - chimed in on Twitter, saying
   https://twitter.com/Snowden/status/863099254822371328?ref_src=twsrc%5Etfw&ref_url=https%3A%2F%2Fwww.rt.com%2Fnews%2F388153-thousands-ransomeware-attacks-worldwide%2F
"Whoa: @NSAGov decision to
   build attack tools targeting US software now threatens the lives of
   hospital patients."
   
   *  *  *
   
   Update 1: In a shocking revelation, The FT reports that hackers
   responsible for the wave of cyber attacks that struck organisations
   across the globe used tools stolen from the US National Security Agency.
   
   A hacking tool known as "eternal blue", developed by US spies has been
   weaponised by the hackers to super-charge an existing form of
   ransomware known as WannaCry, three senior cyber security analysts
   said. Their reading of events was confirmed by western security
   officials who are still scrambling to contain the spread of the attack.
   The NSA's eternal blue exploit allows the malware to spread through
   file-sharing protocols set up across organisations, many of which span
   the globe.
   
   As Sam Coates summed up...
   
   https://twitter.com/SamCoatesTimes/status/863092883104124928
   
   *  *  *
   
   We earlier reported in the disturbing fact that hospitals across the
   United Kingdom had gone dark due to a massive cyber-attack...
   
      Hospitals across the UK have been hit by what appears to be a major,
      nationwide cyber-attack, resulting in the loss of phonelines and
      computers, with many hospitals going "dark" and some diverting all but
      emergency patients elsewhere. At some hospitals patients are being told
      not to come to A&E with all non-urgent operations cancelled, the BBC
      reports.
   
      The UK National Health Service said: "We're aware that a number of
      trusts that have reported potential issues to the CareCERT team. We
      believe it to be ransomware." It added that trusts and hospitals in
      London, Blackburn, Nottingham, Cumbria and Hertfordshire have been
      affected and are reporting IT failures, in some cases meaning there is
      no way of operating phones or computers.
       
      At Lister Hospital in Stevenage, the telephone and computer system has
      been fully disabled in an attempt to fend off the attack.
       
      NHS England says it is aware of the issue and is looking into it.
   
   UK Prime Minister Theresa May confirms today's massive cyber hit on NHS
   is part of wider international attack and there is no evidence patient
   data has been compromised.
   
   https://twitter.com/SkyNewsTonight/status/863093694571790337
   
   The situation has got significantly worse as The BBC reports the
   ransomware attack has gone global.
   
   Screenshots of a well known program that locks computers and demands a
   payment in Bitcoin have been shared online by parties claiming to be
   affected.
   
   
   
   It is not yet clear whether the attacks are all connected. One
   cyber-security researcher tweeted that he had detected 36,000 instances
   of the ransomware, called WannaCry and variants of that name.
   
      "This is huge," he said.
   
   There have been reports of infections in the UK, US, China, Russia,
   Spain, Italy, Vietnam, Taiwan and others.
   
   The BBB details a number of Spanish firms were among the apparent
   victims elsewhere in Europe.
   
      Telecoms giant Telefonica said in a statement that it was aware of a
      "cybersecurity incident" but that clients and services had not been
      affected.
   
      Power firm Iberdrola and utility provider Gas Natural were also
      reported to have suffered from the outbreak.
   
      There were reports that staff at the firms were told to turn off their
      computers.
   
   In Italy, one user shared images appearing to show a university
   computer lab with machines locked by the same program
 

   Bitcoin wallets seemingly associated with the ransomware were reported
   to have already started filling up with cash.
   
      "This is a major cyber attack, impacting organisations across Europe at
       a scale I've never seen before," said security architect Kevin Beaumont.
   
   According to security firm Check Point, the version of the ransomware
   that appeared today is a new variant.
   
      "Even so, it's spreading fast," said Aatish Pattni, head of threat
       prevention for northern Europe.
   
   Several experts monitoring the situation have linked the attacks to
   vulnerabilities released by a group known as The Shadow Brokers, which
   recently claimed to have dumped hacking tools stolen from the NSA.
   
   China SPY New York Times Twitter Fail fixed Ukraine national security
   Italy Twitter Bitcoin
   160,493 470 "
   


https://twitter.com/SkyNews/status/863127421670830080
https://twitter.com/SkyNews/status/863098690860326912
https://twitter.com/SkyNewsTonight/status/863095181184192512
https://twitter.com/BreakingNLive/status/863148883454676993

https://twitter.com/zerohedge/status/863136447024566272

https://twitter.com/UID_/status/863133867640844291

[rmstock]

All these attacks are based on a Windows vulnerability which never was fixed,
was kept a state secret for NSA and CIA. Watch the documentary Zerodays.

https://www.theregister.co.uk/2017/05/13/wannacrypt_ransomware_worm/

"[ ... ]
To recap, WannaCrypt is installed on Windows computers by a worm that
spreads across networks by exploiting a vulnerability in Microsoft's
SMB file-sharing services. It specifically abuses a bug designated 
MS17-010 that Redmond patched [1] in March for modern versions of Windows –
unpatched systems, or ones running legacy versions such as Windows XP,
are therefore vulnerable and can be attacked
[ ... ]
[1] https://www.theregister.co.uk/2017/03/15/microsoft_massive_patch_tuesday_bundle/
[ ... ]"

Bill Gates -- AGAIN -- cannot be held accountable for WannaCry, because
his newest Windows 10 was patched for this a couple of weeks ago.
Does this ring a bell ?


ZERO DAYS: Obama Order Sped Up Wave of Cyberattacks Against Iran
rmstock « on: September 20, 2016, 04:29:13 AM »

[yankeedoodle]

Very interesting and informative discussion of this problem on Radio New Zealand.  Very concise, also:  10 minutes.

Global cyberattack
Juha Saarinen is a technology journalist and writer living in Auckland. He contributes to the New Zealand Herald over the years, he has written for the Guardian, Wired, PC World, Computerworld and ITnews Australia, covering networking, hardware, software, enterprise IT as well as the business and social aspects of computing.
http://www.radionz.co.nz/national/programmes/saturday/audio/201843725/global-cyberattack

[rmstock]

The #NHScyberattack has made Microsoft do the right thing at this time :

https://twitter.com/microsoft/status/863286567137402880

[yankeedoodle]

Here's a curious little video - about the length of a TV advert - that is telling people to go out and get Windows 10.   Hmm...wonder if...hmm....

https://www.youtube.com/watch?v=mbnrpWscZ6c

[rmstock]

Why would Deutsche Bahn (German Railroads) want to upgrade its Windows XP screens
to windows 10  when everything works perfect ? This would mean an IT investment ,
including a new time period to iron out Windows 10 quirks, which could make DB
go belly up.
In the case of NHS in the UK, the ICT department has special contracts with
Microsoft Certified ICT companies, to deliver adjusted versions of Windows XP  enabling
interfacing with older and existing hospital equipment, like X-ray or CT-scan, guaranteeing
working results. Insert Windows 10 and the Microsoft HEAT is on for NHS.

Here's a  Microsoft Document, (this must be a sick joke), of over 5679 pages
how to migrate your application and to Validate your Windows app using the
Windows App Certification Kit to Windows 10 :

Porting apps to Windows 10
2017-2-8 2 min to read
https://docs.microsoft.com/en-us/windows/uwp/porting/
https://opbuildstorageprod.blob.core.windows.net/output-pdf-files/en-us/Win.windows-apps/live.pdf

This is the simple guide for your Android and/or iOS iphone app.
But what happens when you have your own piece of hardware,
e.g. some hospital equipment, and are required to get it Windows Certified,
including the legal stuff might software errors occur.