Lundi, 1 Juin 2020
Dernières nouvelles
Principale » Researcher finds 'kill switch' for cyberattack ransomeware

Researcher finds 'kill switch' for cyberattack ransomeware

14 Mai 2017

In the United Kingdom, the bug locked up IT systems and phone lines at National Health Service (NHS) hospitals, causing officials to discourage people from visiting unless they need emergency treatment. The U.S. was not immune: FedEx was among the targets.

Britain's National Health Service is a source of pride for many Britons but faces substantial budget issues and has had previous problems with its huge IT system. If you have been following Microsoft's Patch Tuesday schedule, then your machines should already be protected.

The ransomware exploited a vulnerability that has been patched in updates of recent versions of Windows since March, but Microsoft didn't make freely available the patch for Windows XP and other older systems.

But this was not clear when MalwareTech, who was supposed to be on holiday, began to investigate the program, as he described in the blog post entitled, How to Accidentally Stop a Global Cyber Attack.

Politico cybersecurity reporter Eric Gellar told CBSN that this is one of the first time cybercriminals have used the flaw in the code of Windows to spread this "ransomware" since it was exposed.

While hospitals were not the target of the WannaCry ransomware strain Friday, they were among the most infected as they often lack budgets to defend their online systems, and once their networks are down, thousands of patients lives may be put at risk.

Experts are continuing to fix computer systems after a global cyberattack using software stolen from the U.S. National Security Agency crippled thousands of computers in 99 countries across Europe and Asia. When hospital employees signed in, their files were turned into gibberish and encrypted to be unreadable. It warns that the ransom demand will double after three days and that after seven days, "you won't be able to recover your files forever". In a statement, May said that no patient data had been compromised.

Patrick Ward, 47, a sales director at Purbeck Ice Cream, from Dorset in England, poses for photographs after giving media interviews after his heart operation scheduled today was cancelled because of a cyberattack, outside St Bartholomew's Hospital in London, Friday, May 12, 2017.

Teams of technicians have been working "around the clock" since Friday to restore hospital computer systems in Britain and check transport services in other nations. Some chemotherapy patients were even sent home because their records could not be accessed.

Health Secretary failed to heed 'warning signs' before cyber attack hit NHS
Some said the attacks highlighted the need for agencies like the NSA to disclose security flaws so they can be patched. A Microsoft spokeswoman said that the company was aware of the reports and was looking into the situation.

"Both staff and patients were frankly pretty appalled that somebody, whoever they are, for commercial gain or otherwise, would attack a health care organization", he said. "It's stressful enough for someone going through recovery or treatment for cancer". In Russia, where a wide array of systems came under attack, officials said services had been restored or the virus contained.

But he also said he's concerned the authors of the malware could re-release it - perhaps in the next few days or weeks - without a kill switch or with a better one, or that copycats could mimic the attack.

Germany's national railway said Saturday departure and arrival display screens at its train stations were affected, but there was no impact on actual train services. Mikko Hypponen, its chief research officer, calls it "the biggest ransomware outbreak in history".

Europol said Saturday that the attack was of an "unprecedented level and requires worldwide investigation".

In addition to Russian Federation, the biggest targets appeared to be Ukraine and India, nations where it is common to find older versions of the Windows operating system in use.

Spain, meanwhile, activated a special protocol to protect critical infrastructure in response to the "massive infection" of personal and corporate computers in ransomware attacks.

"Unlike most other attacks, this malware is spreading primarily by direct infection from machine to machine on local networks, rather than purely by email", Lance Cottrell, chief scientist at the USA technology group Ntrepid.

Affected by the onslaught were computer networks at hospitals in Britain, Russia's interior ministry, the Spanish telecom giant Telefonica and the USA delivery firm FedEx and many other organizations. The WannaCry ransomware may be exploiting a vulnerability in Server Message Block 1.0 (SMBv1). In 2016, Hollywood Presbyterian Medical Center in California said it had paid a $17,000 ransom to regain control of its computers from hackers.

The cyberattack that spread malicious software around the world, shutting down networks at hospitals, banks and government agencies, was stemmed by a young British researcher and an low-cost domain registration, with help from another 20-something security engineer in the U.S. That number is likely to go up, Gazeley said. "I did not expect an attack on this scale".

Researcher finds 'kill switch' for cyberattack ransomeware