Vendredi, 30 Octobre 2020
Dernières nouvelles
Principale » Dozens of countries hit by huge cyberextortion attack, including US

Dozens of countries hit by huge cyberextortion attack, including US

13 Mai 2017

Several individual British health service trusts, each responsible for several hospitals, reported problems with their computer systems.

The problem appeared to begin Friday morning when hospitals in the United Kingdom were crippled by a large-scale cyberattack, which forced operations to be canceled and ambulances to be diverted.

"This is not targeted at the NHS, it's an worldwide attack and a number of countries and organizations have been affected", British Prime Minister Theresa May said.

Around 1,000 computers at the Russian Interior Ministry were affected by the cyber attack, a spokeswoman for the ministry told Interfax.

In an statement released around 11:30 a.m. ET, the system's digital office said, "This attack was not specifically targeted at the NHS and is affecting organizations from across a range of sectors".

Jakub Kroustek of Avast said on Twitter the security firm had detected "36,000 detections of #WannaCry (aka #WanaCypt0r aka #WCry) #ransomware so far".

According to a Microsoft spokesperson, the software company issued a security update to guard against the potential for an attack by the new malicious software, known as "Ransom:Win32.WannaCrypt".

"Effected machines have six hours to pay up and every few hours the ransom goes up", said Kurt Baumgartner, the principal security researcher at Kaspersky Lab.

"It's unequivocally scary", said John Dickson of the Denim Group, a USA security consultancy.

Man injured when tornado touches down in Louisiana
A survey team in the capital city was notified of tornado reports and video of a tornado in the Coursey and Sherwood Forest areas. Officials said damage from the Baton Rouge tornado was found on Old Hammond Highway and Sherwood Forest.

The malware was circulated by e-mail; targets were sent an encrypted, compressed file that, once loaded, allowed the ransomware to infiltrate its targets. FedEx said it was "experiencing interference", according to an Associated Press report.

WannaCry also reportedly uses DOUBLEPULSAR, present in the same ShadowBrockers release, to inject into running processes as part of this infection process.

Security experts said the attack appeared to be caused by a self-replicating piece of software that enters companies and organizations when employees click on email attachments, then spreads quickly internally from computer to computer when employees share documents and other files.

Bart's Health, which runs several London hospitals, said it had activated its major incident plan, cancelling routine appointments and diverting ambulances to neighboring hospitals.

The Shadow Brokers released Eternal Blue as part of a trove of hacking tools that they said belonged to the USA spy agency.

The impact on services is not a result of the ransomware itself, but due to NHS Trusts shutting down systems to prevent it from spreading, said Brian Lord, a former deputy director of Government Communications Headquarters (GCHQ), the U.K.'s signals intelligence agency, who is now managing director of cybersecurity firm PGI Cyber.

The attack, boiling down to a computer virus that makes users' computers useless unless a payment is made to those who hacked their system, has prompt wide alarm around the globe. It's important to avoid clicking on links or opening attachments in those messages, since they could unleash malware, Villasenor said. In 2016, Hollywood Presbyterian Medical Center in California said it had paid a $17,000 ransom to regain control of its computers from hackers.

"Ransomware becomes particularly nasty when it infects institutions like hospitals, where it can put people's lives in danger", said Kroustek, the Avast analyst. They asked patients not to come to the hospitals unless it was an emergency.

Reuters reported that British hospitals and clinics were forced to turn away patients because their computers were infected by Wanna Cry. We are dealing with urgent problems only. However, it is possible that several computers around the world, most likely including the ones targeted in yesterday's cyberattack, had failed to update their systems with the Microsoft patch. Shadow Brokers said that they obtained it from a secret NSA server.

Dozens of countries hit by huge cyberextortion attack, including US