The Latest: Researcher who helped halt cyberattack applauded
LONDON (AP) — The Latest on the global cyberattack (all times local):
Cybersecurity officials in Britain have applauded a young researcher for helping halt the global ransomware cyberattack.
In a post on its website, Britain’s National Cyber Security Center said that by registering a domain name that unexpectedly stopped the spread of the malware, the anonymous Britain-based cyber specialist, known as Malware Tech, had prevented further infections and “already resulted in preventing over 100,000 potential infections.”
The researcher tweeted Saturday that he initially didn’t know that his actions would stop the malware.
A U.S. cybersecurity researcher who helped halt a global cyberattack says he’s pleased that the outbreak was stopped fairly quickly but he worried about the possibility of another attack in the next few days.
Darien Huss is a 28-year-old research engineer for the cybersecurity firm Proofpoint. The western Michigan resident and Purdue University graduate on Friday discovered a “kill switch” in the malware used in a cyberextortion scheme that was quickly spreading around the world.
Huss shared the information with a British researcher, known as Malware Tech, who had unexpectedly stopped the malware’s spread by registering a domain name.
Huss says he’s thankful it wasn’t someone “with malicious intent” who discovered how to stop the attack. But he says it wouldn’t be difficult for those responsible to re-release it or for others to mimic it.
The cyber-extortion attack known as WannaCry spread quickly around the world due to some unusual factors coming together.
First, there was a highly dangerous security hole in Microsoft Windows, which became known after hackers leaked tools that were apparently created by the U.S. National Security Agency to exploit the hole. WannaCry’s creators were able to borrow these weaponized tools to launch the attack.
Then, there were users who failed to quickly update their software after Microsoft released a fix in March. Meanwhile, the malware was able to spread widely through university, business and government networks.
Other criminals may be tempted to mimic WannaCry, which locks up computers and hold people’s files for ransom.
These conditions will be difficult to replicate. But experts say we’ll be living with less virulent strains as long as people keep failing to keep up with computer security updates.
The global cyberattack has hit Brazil’s social security system, forcing it to disconnect computers and cancel public access to the agency.
Brazil’s state-owned oil company Petrobras and Brazil’s Foreign Ministry also are affected, and both have disconnected computers as precautionary measure.
Computers in a dozen Brazilian court systems are affected as well, along with the prosecutors in Sao Paolo. The office that oversees Brazil’s National Intelligence Agency put out a statement saying there’s no indication that government archives have been affected.
An expert on malware says the world’s worst ransomware outbreak shows that hospitals are particularly vulnerable to this kind of cyberattack.
This cyberextortion scheme exploits known problems in older versions of Windows software, and hospitals depend on many devices and machines that run on these outdated operating systems.
Lawrence Abrams of BleepingComputer.com in New York says many organizations don’t install security upgrades because they’re worried about triggering bugs, or they can’t afford the downtime.
But he says that risk can mean life or death in a hospital, where without the latest Windows security updates, a worm “is just going to sweep through the network like wildfire.” And because lives are at stake, he thinks hospitals may be more likely to pay up.
Britain’s home secretary says about one in five National Health Service trusts have been hit by the international ransomware cyberattack, and that all but six are now back to normal.
Speaking Saturday after an emergency government meeting in London, Home Secretary Amber Rudd said 48 out of 248 NHS organizations were affected by the largest-ever cyber-extortion attack, though “most of them are back to the normal course of business.”
She did not elaborate on how the six remaining health groups were affected or where they were located.
Many British hospitals were hit by the malicious software on Friday, with some forced to cancel or delay treatment for patients, even those with serious aliments like cancer.
A cybersecurity expert says the biggest cyberextortion attack in history is going to be dwarfed by the next big ransomware attack.
Ori Eisen, an expert in Arizona, says the attack Friday that held hospitals, factories and government agencies hostage around the world appears to be “low-level” stuff, given the ransom demands.
But he says the same thing could be done to crucial infrastructure, like nuclear power plants, dams or railway systems.
Eisen says “this is child’s play, what happened. This is not the serious stuff yet. What if the same thing happened to 10 nuclear power plants, and they would shut down all the electricity to the grid? What if the same exact thing happened to a water dam or to a bridge?”
Eisen says the internet itself is diseased and these attacks will continue until some serious restructuring is done.
He says “today, it happened to 10,000 computers ... there’s no barrier to do it tomorrow to 100 million computers.”
A young cybersecurity researcher has been credited with helping to halt the spread of the global ransomware cyberattack by accidentally activating a so-called “kill switch” in the malicious software.
The Guardian newspaper reported Saturday that the 22-year-old Britain-based researcher, identified online only as MalwareTech, found that the software’s spread could be stopped by registering a garbled domain name.
The paper quoted the researcher as saying: “This is not over. The attackers will realize how we stopped it, they’ll change the code and then they’ll start again.”
He urged Windows users to update their systems and reboot.
The worldwide cyberextortion attack has been called “unprecedented” by Europol, which is investigating who is behind it.
The worldwide cyberextortion attack has prompted Microsoft to take the unusual step of making security fixes available for older Windows system.
Before this, Microsoft had made fixes for older systems, such as 2001′s Windows XP, available only to mostly larger organizations that pay extra for extended support. But millions of individuals and smaller businesses still had such systems.
Microsoft says now it will make the fixes free for everyone.
Friday’s attack was based on a Windows vulnerability that was purportedly identified by the U.S. National Security Agency and was later leaked to the internet.
Microsoft released fixes for the vulnerability in March, but computers that didn’t run the update were subject to the ransom attack. Once inside an organization’s network, the malware behind the attack spread rapidly using this vulnerability.
Radio Slovenia says French carmaker Renault’s assembly plant in Slovenia has halted production after it was targeted in the global cyberattack.
The radio report says the Revoz factory in the southeastern town of Novo Mesto stopped working on Friday evening to stop the malware from spreading.
Renault representative Nevenka Basek Zildzovic confirmed that “some troubles occurred with some parts of IT system at Revoz.”
She says productionwas suspended during the night, and added that “production remains halted today too.”
The head of Slovenia’s cyber emergency team, Gorazd Bozic, says seven individuals have also been targeted but no state institutions.
Union members at French carmaker Renault say the global cyberattack has forced it to halt production at sites in France in an effort to stop the malware from spreading.
The two unionists spoke on condition of anonymity because of the sensitiveness of the issue.
They say the factory of Renault factory at Sandouville, in northwestern France, was one of the sites affected.
The consequences for the company remained unclear. Renault officials were not immediately available for comment.
— By Sylvie Corbet
The European Union’s police agency, Europol, says it is working with countries hit by the global ransomware cyberattack to rein in the threat and help victims.
In a statement Saturday, Europol’s European Cybercrime Centre, known as EC3, said the attack “is at an unprecedented level and will require a complex international investigation to identify the culprits.”
EC3 says its Joint Cybercrime Action Taskforce, made up of experts in high-tech crime, “is specially designed to assist in such investigations and will play an important role in supporting the investigation.”
The attack, which locked up computers and held users’ files for ransom, was believed the biggest of its kind ever recorded.
Germany’s national railway says that it was among the organizations affected by the global cyberattack but there was no impact on train services.
Deutsche Bahn says that departure and arrival display screens at its stations were hit Friday night by the attack. The company said it deployed extra staff to busy stations to provide customer information, and recommended that passengers check its website or app for information on their connections.
The railway said that there was no impact on actual train services.
The head of Turkey’s Information and Communication Technologies Authority or BTK says the nation was among those affected by the ransomware attack. Omer Fatih Sayan said the country’s cyber security center is continuing operations against the malicious software.
The Computer Emergency Response Team of Turkey tweeted that the “wannacry ransomware” is spread over Server Message Block flaws. The team asked users to update antivirus applications and not open suspicious phishing emails.
The effects of the attack on Turkey are unclear.
Citing a written statement by BTK, Turkey’s official Anadolu news agency said the cyberattack affected 74 countries, “including Turkey in a small way.”
Britain’s National Cyber Security Center says teams are working “round the clock” to restore hospital computer systems after a global cyberattack that hit dozens of countries forced British hospitals to cancel and delay treatment for patients.
The attack, which locked up computers and held users’ files for ransom, was believed the biggest of its kind ever recorded. Several cybersecurity firms said they had identified the malicious software behind the attack, which has apparently hit Russia the hardest.
British Home Secretary Amber Rudd said Saturday that 45 public health organizations were hit, but she stressed that no patient data had been stolen.
Germany’s national railway says departure and arrival display screens at its stations were affected Friday night, but there was no impact on train services.