• IP addresses are NOT logged in this forum so there's no point asking. Please note that this forum is full of homophobes, racists, lunatics, schizophrenics & absolute nut jobs with a smattering of geniuses, Chinese chauvinists, Moderate Muslims and last but not least a couple of "know-it-alls" constantly sprouting their dubious wisdom. If you believe that content generated by unsavory characters might cause you offense PLEASE LEAVE NOW! Sammyboy Admin and Staff are not responsible for your hurt feelings should you choose to read any of the content here.

    The OTHER forum is HERE so please stop asking.

Serious It can be Kim Jong Nuke: Massive Cyber War on going now! Ang Moh shit bricks!

war is best form of peace

Alfrescian
Loyal
b06b4a5bd6a84d03decbddc1aaecc5a5


http://www.news.com.au/technology/o...d/news-story/b248da44b753489a3f207dfee2ce78a9


Massive cyber attack creates chaos around the world

A WAVE of cyber attacks has swept across the globe, apparently exploiting a flaw exposed in documents leaked from the US National Security Agency.
Julia Corderoy and wires
news.com.au
May 13, 20172:37pm

Video
Image

THE group behind the cyber attacks wreaking havoc worldwide could have links to the Russian government.

On Friday, a massive wave of cyber attacks swept across 99 countries, possibly including Australia, with cyber security experts claiming it could be the biggest attack of its kind ever recorded.

The attack, believed to be part of an extortion plot, has so far created chaos in hospitals in Britain as well as the Spanish telecom giant Telefonica and the US delivery firm FedEx.

Cyber extortionists have tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.

The ransomware encrypted data on the computers, demanding payments of $US300 ($AU406) to $US600 ($AU812) to restore access.

The hackers have not come forward to claim responsibility but a mysterious hacking organisation, called Shadow Brokers, is being blamed for the attack — possibly in retaliation for US air strikes on Syria.

In April, Shadow Brokers released a piece of National Security Agency (NSA) code known as “Eternal Blue”, as part of a trove of hacking tools they said belonged to the US spy agency.

The Eternal Blue code gives access to all computers using Microsoft Windows, the world’s most popular computer operating system. The NSA had developed it to gain access to computers used by terrorists and enemy states.

It is believed that Eternal Blue, having been dumped by Shadow Brokers, was then picked up by a separate crime gang which used it to launch the extraordinary worldwide cyber security breach.

According to The Telegraph, some experts believe the timing of this cyber dump is significant and indicates that Shadow Brokers has links to the Russian government.

In an internet posting, six days before it hacked the NSA and released the Eternal Blue code on April 14 — and a day after the first air strikes — Shadow Brokers appeared to issue a warning to US President Donald Trump.

“Respectfully, what the f*** are you doing? The Shadow Brokers voted for you. The Shadow Brokers supports you. The Shadow Brokers is losing faith in you. Mr Trump helping the Shadow Brokers, helping you. Is appearing you are abandoning ‘your base’, ‘the movement’, and the peoples who getting you elected,” the group said in broken English in a statement, according to The Telegraph.

UPDATE YOUR SOFTWARE

Experts are now urging Microsoft users to update their software.

Microsoft has released software patches for the security holes, although not everyone has installed those updates.

“If your software is not patched, you can exploit that user. Anyone who applied the patch that Microsoft released likely wasn’t affected by this,” John Villasenor, a professor at the University of California, Los Angeles said.

Mr Villasenor also said users should regularly back up their data and ensure that security updates are installed on their computer as soon as they are released. Up-to-date backups make it possible to restore files without paying a ransom.
People are being urged to update their Microsoft software following the massive cyber attack. Picture: Drew Angerer/Getty Images/AFP

People are being urged to update their Microsoft software following the massive cyber attack. Picture: Drew Angerer/Getty Images/AFPSource:AFP

BIGGEST IN HISTORY

Cyber security experts are calling the hack the biggest attack of its kind ever recorded.

Mikko Hypponen, chief research officer at the Helsinki-based cybersecurity company F-Secure, has called it “the biggest ransomware outbreak in history”.

Another expert, Chris Wysopal of the software security firm Veracode, said he believes criminal organisations are behind the attack, given how quickly the malware spread.

“For so many organisations in the same day to be hit, this is unprecedented,” Mr Wysopal said.

There are currently no confirmed reports Australian organisations have been hit by the cyber breach but the federal government said it will remain vigilant.

“We are continuing to monitor the situation closely and stand ready to deal with any cyber-security threat to Australia’s critical infrastructure,” Prime Minister Malcolm Turnbull said through a spokesman on Saturday.

The prime minister’s right-hand man on cyber security, Alastair MacGibbon, is working with officials and health agencies to determine any impact on Australia.

But the US Department of Homeland Security’s computer emergency response team said it was aware of ransomware infections “in several countries around the world.”

“We are now seeing more than 75,000 detections ... in 99 countries,” Jakub Kroustek of the security firm Avast said in a blog post around 2000 GMT.

Earlier, Kaspersky researcher Costin Raiu cited 45,000 attacks in 74 countries, saying that the malware, a self-replicating “worm,” was spreading quickly.

MALICIOUS EMAIL ATTACK

Forcepoint Security Labs said that “a major malicious email campaign” consisting of nearly five million emails per hour was spreading the new ransomware.

The malware’s name is WCry, but analysts were also using variants such as WannaCry.

Forcepoint said in a statement that the attack had “global scope”, affecting organisations in Australia, Belgium, France, Germany, Italy and Mexico.

In the United States, FedEx acknowledged it had been hit by malware and was “implementing remediation steps as quickly as possible.”

The UK’s state-run National Health Service declared a “major incident” after the attack, which forced some hospitals to divert ambulances and scrap operations.
The NHS: East and North Hertfordshire notifying users of a problem in its network on May 12. Picture: Daniel Leal-Olivas/AFP

The NHS: East and North Hertfordshire notifying users of a problem in its network on May 12. Picture: Daniel Leal-Olivas/AFPSource:AFP

In Spain, major firms including Telefonica were hit, with employees told to shut down workstations immediately through megaphone announcements.

Russia’s interior ministry also confirmed Friday some of its computers had been hit by a “virus attack”.

Ministry spokeswoman Irina Volk told Russian news agencies it had “recorded a virus attack on the ministry’s personal computers controlled by a Windows operating system”.

“The virus has been localised. Technical work is under way to destroy it and renew the means of virus protection,” she said.

Volk added that some 1,000 computers — less than one per cent of their total number — had been affected, Interfax reported.

An unnamed source told Interfax that the attack had not led to any information leaks.

The ministry’s statement comes as an increasing number of cyber strikes are reported around the world, including against dozens of British hospitals.

Russian telecom operator MegaFon said it had also been victim of a cyber attack on Friday that interrupted the work of its call centres.

“We needed to partly turn off whole networks internally so the virus didn’t spread,” RIA Novosti news agency quoted MegaFon public relations director Pyotr Lidov as saying.

‘DIRECT INFECTION’

At least 16 organisations within the NHS, some of them responsible for several hospitals each, reported being targeted.

“We are aware that a number of NHS organisations have reported that they have suffered from a ransomware attack. This is not targeted at the NHS, it’s an international attack and a number of countries and organisations have been affected,” Prime Minister Theresa May said.

Britain’s National Cyber Security Centre and its National Crime Agency were looking into the UK incidents.

Pictures posted on social media showed screens of NHS computers with images demanding payment of $300 ($AU406) in Bitcoin, saying: “Oops, your files have been encrypted!”.

It demands payment in three days or the price is doubled, and if none is received in seven days, the files will be deleted, according to the screen message.

A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the NSA, Kaspersky said.

Although Microsoft released a security patch for the flaw earlier this year, many systems have yet to be updated, researchers said.

“Unlike most other attacks, this malware is spreading primarily by direct infection from machine to machine on local networks, rather than purely by email,” Lance Cottrell, chief scientist at the US technology group Ntrepid.

“The ransomware can spread without anyone opening an email or clicking on a link.”
The malware has crippled organisations around the world.

The malware has crippled organisations around the world.Source:istock

AMBULANCES DIVERTED

NHS Incident Director Anne Rainsberry urged the British public to “use the NHS wisely while we deal with this major incident which is still ongoing”.

The sort of ransom demands seen on the NHS screens are not without precedent at medical facilities. In February 2016, a Los Angeles hospital, the Hollywood Presbyterian Medical Center, paid $17,000 ($AU23,000) in Bitcoin to hackers who took control of its computers for more than a week.

“Ransomware becomes particularly nasty when it infects institutions like hospitals, where it can put people’s lives in danger,” Avast analyst Kroustek said.

A spokesman for Barts Health NHS Trust in London said it was experiencing “major IT disruption” and delays at all four of its hospitals.

“We have activated our major incident plan to make sure we can maintain the safety and welfare of patients,” the spokesman said. “Ambulances are being diverted to neighbouring hospitals.” Two employees at St Bartholomew’s Hospital, which is part of Barts Health, told AFP that all the computers in the hospital had been turned off.

Caroline Brennan, 41, went to the hospital to see her brother, who had open heart surgery.

“They told us there was a problem. They said the system was down and that they cannot transfer anyone till the computer system was back up so he is still in the theatre.”

— With AFP, AP and AAP
 

war is best form of peace

Alfrescian
Loyal
http://news.xinhuanet.com/world/2017-05/13/c_1120966771.htm



全球网络攻击波及中国 因美国网络武器库泄漏
2017-05-13 13:12:28 来源: 新华社
关注新华网
微信
微博
Qzone
评论
图集

  新华社北京5月13日电 综合新华社驻外记者报道:全球多个国家12日遭受一种勒索软件的攻击,受害者包括中国一些高校和英国多家医院。据了解,这种勒索软件是不法分子利用了美国国家安全局网络武器库中泄漏出的黑客工具。

  中国网络安全公司360首席安全工程师郑文彬告诉新华社记者,电脑被这种勒索软件感染后,其中文件会被加密锁住,支付黑客所要求赎金后才能解密恢复。据悉,勒索金额最高达5个比特币,目前价值人民币5万多元。

  据郑文彬介绍,中国此次遭受攻击的主要是教育网用户。这种勒索软件利用微软“视窗”操作系统445端口的漏洞,国内一些网络运营商此前已封掉了该端口,但教育网并未设限。微软此前已发布相关漏洞补丁,但一些没来得及更新的电脑就会被攻击。郑文彬说,此次传播的病毒以代号ONION和WINCRY的两个家族为主,监测显示国内首先出现前者,后者在12日下午出现并在校园网中迅速扩散。

  英国多家医院的网络当天也受到攻击,有医院因此取消手术,用救护车将病人紧急转往其他地方。英方称罪魁祸首是恶意软件“想解密”(又称“想哭”)。英国首相特雷莎·梅就此表示,这次袭击不是专门针对英国,而是一场波及整个世界的网络袭击的一部分。

  西班牙国家情报中心12日证实,西班牙多家公司遭受了“大规模”的网络黑客攻击。该国电信业巨头西班牙电信总部的多台电脑陷入瘫痪。

  俄罗斯网络安全企业卡巴斯基实验室12日发布一份报告说,当时已发现全球74个国家和地区遭受了此次攻击,实际范围可能更广。该机构说,在受攻击最多的20个国家和地区中,俄罗斯所受攻击远远超过其他受害者,中国大陆排在第五。

  卡巴斯基强调,这次网络攻击所用的黑客工具“永恒之蓝”,来源于美国国家安全局的网络武器库。今年4月,黑客组织“影子经纪人”在网上披露一批美国国安局的黑客工具,其中就包括这个漏洞工具。

  美国国土安全部12日发表声明称,已获悉上述勒索软件影响全球多个实体。但是,声明除介绍勒索软件的定义、微软已针对这个漏洞发布补丁、提醒用户应安装补丁外,没有说明更多情况。

  今年3月,“维基揭秘”网站披露了一批据称是来自美国中情局的黑客工具,批评中情局对其黑客武器库已经失控,其中大部分工具“似乎正在前美国政府的黑客与承包商中未被授权地传播”,存在“极大的扩散风险”。(综合新华社记者黄堃、马丹、林小春、梁希之、谢宇智报道)
 

war is best form of peace

Alfrescian
Loyal
https://www.rt.com/news/388153-thousands-ransomeware-attacks-worldwide/


Ransomware virus plagues 100k computers across 99 countries

Published time: 12 May, 2017 17:46
Edited time: 13 May, 2017 04:22
Get short URL
© intel.malwaretech.com
AddThis Sharing Buttons
Share to Facebook5.1KShare to TwitterShare to Reddit2Share to StumbleUponShare to Google+Share to Tumblr
A ransomware virus is spreading aggressively around the globe, with over 100,000 computers in 99 countries having been targeted, according to the latest data. The virus infects computer files and then demands bitcoins to unblock them.

LIVE UPDATES: Mass cyberattack strikes computer systems worldwide

An increase in activity of the malware was noticed starting from 8am CET (07:00 GMT) Friday, security software company Avast reported, adding that it "quickly escalated into a massive spreading."

In a matter of hours, over 75,000 attacks have been detected worldwide, the company said. Meanwhile, the MalwareTech tracker detected over 100,000 infected systems over the past 24 hours.

#wcry#WannaCry#WannaCrypt0r#ransomware hitting 100k Avast detections in less than 24 hours. 57% in Russia. Patch your systems!
— Jakub Kroustek (@JakubKroustek) 13 мая 2017 г.

Dozens of countries around the globe have been affected, with the number of victims still growing, according to the Russian multinational cybersecurity and anti-virus provider, the Kaspersky Lab.

So far, we have recorded more than 45,000 attacks of the #WannaCry ransomware in 74 countries around the world. Number still growing fast.
— Costin Raiu (@craiu) May 12, 2017

The ransomware, known as WanaCrypt0r 2.0, or WannaCry, is believed to have infected National Health Service (NHS) hospitals in the UK and Spain's biggest national telecommunications firm, Telefonica.

READ MORE: Hospital computers across Britain shut down by cyberattack, hackers demanding ransom

Britain and Spain are among the first nations who have officially recognized the attack. In Spain, apart from the telecommunications giant, Telefonica, a large number of other companies has been infected with the malicious software, Reuters reported.

The virus is said to attack computers on an internal network, as is the case with Telefonica, without affecting clients.

‘Militarization of cyberspace going out of control’: IT experts talk WannaCry ransomware hackstorm (Op-Edge) https://t.co/6FLFxJh8EW
— RT (@RT_com) 13 мая 2017 г.

Computers at Russia's Interior Ministry have been infected with the malware, the ministry said Friday evening.

Some 1,000 Windows-operated PCs were affected, which is less than one percent of the total number of such computers in the ministry, spokeswoman Irina Volk said in a statement. The virus has been localized and steps are being taken to eliminate it.

The servers of the ministry have not been affected, Volk added, saying it’s operated by different systems for Russia-developed data processing machines.

"Several" computers of Russia's Emergency Ministry had also been targeted, its representative told TASS, adding, that "all of the attempted attacks had been blocked, and none of the computers were infected with the virus."
Read more
© Kai Pfaffenbach Leaked NSA exploit blamed for global ransomware cyberattack

Russian telecom giant, Megafon has also been affected.

"The very virus that is spreading worldwide and demanding $300 to be dealt with has been found on a large number of our computers in the second half of the day today," Megafon's spokesperson Pyotr Lidov told RT.

The internal network had been affected, he said, adding that in terms of the company's customer services, the work of the support team had been temporarily hindered, "as operators use computers" to provide their services.

The company immediately took appropriate measures, the spokesperson said, adding that the incident didn't affect subscribers' devices or Megafon signal capabilities in any way.

British Prime Minister Theresa May has said the cyberattack on UK hospitals is part of a wider international attack.

In Sweden, the mayor of Timra said "around 70 computers have had a dangerous code installed," Reuters reported.

According to Avast, the ransomware has also targeted Ukraine and Taiwan.

Did you backup today? 5 easy tips to protect yourself from ransomware, #WannaCry for example https://t.co/X09CVLB1JRpic.twitter.com/5Xj9rOGOQT
— RT (@RT_com) 13 мая 2017 г.

The virus is apparently the upgraded version of the ransomware that first appeared in February. Believed to be affecting only Windows operated computers, it changes the affected file extension names to ".WNCRY."

It then drops ransom notes to a user in a text file, demanding $300 worth of bitcoins to be paid to unlock the infected files within a certain period of time.

In light of today's attack, Congress needs to be asking @NSAgov if it knows of any other vulnerabilities in software used in our hospitals.
— Edward Snowden (@Snowden) May 12, 2017

While the victim's wallpaper is being changed, affected users also see a countdown timer to remind them of the limited time they have to pay the ransom. If they fail to pay, their data will be deleted, cybercriminals warn.

According to security experts, the ransomware exploits a vulnerability that was discovered and developed by the National Security Agency. The exploit was leaked by a group calling itself the Shadow Brokers, that has been distributing the stolen NSA hacking tools online since last year.
AddThis Sharing Buttons
Share to Facebook5.1KShare to TwitterShare to Reddit2Share to StumbleUponShare to Google+Share to Tumblr
 

war is best form of peace

Alfrescian
Loyal
https://www.rt.com/usa/388187-leaked-nsa-exploit-ransomware/

Leaked NSA exploit blamed for global ransomware cyberattack
Published time: 12 May, 2017 23:27
Get short URL
© Kai Pfaffenbach / Reuters
AddThis Sharing Buttons
Share to Facebook496Share to TwitterShare to Reddit4Share to StumbleUponShare to Google+Share to Tumblr
A zero-day vulnerability tool, covertly exploited by US intelligence agencies and exposed by the Shadow Brokers hacking group has been blamed for the massive spread of malware that infected tens of thousands of computer systems globally.

LIVE UPDATES: Mass cyberattack strikes computer systems worldwide

The ransomware virus which extorts Windows users by blocking their personal files and demanding payment to restore access, allegedly exploits a vulnerability that was discovered and concealed for future use by the National Security Agency (NSA), according to a range of security experts.

“Our analysis indicates the attack, dubbed “WannaCry”, is initiated through an SMBv2 remote code execution in Microsoft Windows. This exploit (codenamed “EternalBlue”) has been made available on the internet through the Shadowbrokers dump on April 14th, 2017,” Russian cybersecurity firm, Kaspersky Lab, wrote in a blog post about the attack.

Although Microsoft had already patched the backdoor roughly a month before it became public, many users who did not install the latest security updates seem to have become the primary victims of the attack.

NOTE: WikiLeaks has not released exploit code to the CIA's "zero day" hacking software. See https://t.co/h5wzfrReyy for details
— WikiLeaks (@wikileaks) May 12, 2017

Meanwhile, NSA whistleblower Edward Snowden has led the discussion on NSA’s role and responsibility in Friday’s extensive cyberattacks, noting that if the NSA had “privately disclosed the flaw used to attack hospitals when they found it, not when they lost it, this may not have happened.”

If NSA builds a weapon to attack Windows XP—which Microsoft refuses to patches—and it falls into enemy hands, should NSA write a patch? https://t.co/TUTtmc2aU9
— Edward Snowden (@Snowden) May 12, 2017

This is true. Patching lags releases because IT needs to be conservative and slow. This is the danger of leaving 0-days in the wild. https://t.co/TaEz1fxuTJ
— David Auerbach (@AuerbachKeller) May 12, 2017

Lots to digest on latest hack, but 1 critical point for encryption debate: The "we can keep centralized secrets safe" arg has taken a hit.
— Alex Abdo (@AlexanderAbdo) May 12, 2017

Curious... does it matter that this was NSA malware? Or is the bigger issue the missing patches, open ports, and legacy systems?
— Steve Ragan (@SteveD3) May 12, 2017

Snowden noted that the NSA developed these “dangerous attack tools that could target Western software” despite warnings, and that it’s now up to congress to question the agency on its knowledge of any other software vulnerabilities.

Wikileaks also referred to its dealings with the whistleblower behind its Vault 7 CIA releases who warned of the extreme proliferation risk in the creation of cyber weapons.

If you can't secure it--don't build it: #Vault7 whistleblower warned US cyber weapons are extreme proliferation risk https://t.co/K7wFTdlC82pic.twitter.com/SP1x7AfDF6
— WikiLeaks (@wikileaks) May 12, 2017

The impact the cyberattack has had on hospitals has raised the greatest concerns. Some 39 hospital trusts as well as GP practices and dental services in the NHS system were targeted across England and Scotland.

British journalists should be asking if GCHQ knew of the vulnerability being used to attack NHS but kept it secret so they could use it.
— WikiLeaks (@wikileaks) May 12, 2017

READ MORE: Hospital computers across Britain shut down by cyberattack, hackers demanding ransom

The worm has also reportedly hit universities, a major Spanish telecom, FedEx, and the Russian Interior Ministry.

Bruno Kramm, the chairman of the Berlin branch of the Pirate Party told RT that a lot of vulnerabilities lie in the backdoors built into operating systems.

“But the sad thing is the more we find out [about] the NSA having this software, the more we also know that this software is also of course traded. There is no software which you can keep inside of the system.

From the moment the NSA works with the software, you can also get the software, and once you get the software you can use it in your own way. So basically, it’s really a problem they have started.”

The American Civil Liberties Union reiterated Snowden’s calls for congress to intervene. It also expressed concerns that the NSA could have been aware that Microsoft was vulnerable but failed to disclose this until after the tools were stolen.

It would be deeply troubling if the NSA knew Microsoft was vulnerable in this way but waited to disclose. Congress can and should fix this. https://t.co/jdAr6kkB6N
— ACLU National (@ACLU) May 12, 2017

“It is past time for Congress to enhance cybersecurity by passing a law that requires the government to disclose vulnerabilities to companies in a timely manner.

Patching security holes immediately, not stockpiling them, is the best way to make everyone’s digital life safer,” Patrick Toomey, a staff attorney with the American Civil Liberties Union’s National Security Project.
AddThis Sharing Buttons
Share to Facebook496Share to TwitterShare to Reddit4Share to StumbleUponShare to Google+Share to Tumblr
 

war is best form of peace

Alfrescian
Loyal
http://www.straitstimes.com/world/europe/hospitals-across-britain-hit-by-large-scale-cyber-attack

Hackers exploit stolen US spy agency tool to launch global cyber attack; nearly 100 countries affected

NHS England has confirmed that hospitals across the country appear to have been simultaneously hit by a bug in their IT systems.
NHS England has confirmed that hospitals across the country appear to have been simultaneously hit by a bug in their IT systems.PHOTO: REUTERS
Published
May 12, 2017, 10:33 pm SGT
Updated
1 hour ago

LONDON/MADRID (REUTERS, AFP) – A global cyber attack leveraging hacking tools widely believed by researchers to have been developed by the United States National Security Agency hit international shipper FedEx, disrupted Britain’s health system and infected computers in nearly 100 countries on Friday (May 12).

Cyber extortionists tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.

The ransomware encrypted data on the computers, demanding payments of US$300 (S$421) to US$600 to restore access.

Security researchers said they observed some victims paying via the digital currency bitcoin, though they did not know what per cent had given in to the extortionists.
Get The Straits Times
newsletters in your inbox
Sign Up

Researchers with security software maker Avast said they had observed 57,000 infections in 99 countries with Russia, Ukraine and Taiwan the top targets.

The most disruptive attacks were reported in Britain, where hospitals and clinics were forced to turn away patients after losing access to computers.

“This is not targeted at the NHS, it’s an international attack and a number of countries and organisations have been affected,” British Prime Minister Theresa May said.

International shipper FedEx Corp said some of its Windows computers were also infected. “We are implementing remediation steps as quickly as possible,” it said in a statement.

Russia’s interior ministry said that some of its computers had been hit by a “virus attack” and that efforts were underway to destroy it.
42540633_-_13_05_2017_-_britain-health-cyber_attack.jpg
A woman points to an online British health service notice, telling users about a problem in its network.
Related Story
What is the 'ransomware' WannaCry worm?
42540395_-_13_05_2017_-_britain_nhs_cyber_attack.jpg
An ambulance stands outside an NHS hospital in London, Britain, May 12, 2017.
Related Story
Cyberattacks in 12 nations said to use leaked NSA hacking tool

Still, only a small number of US-headquartered organisations were hit because the hackers appear to have begun the campaign by targeting organisations in Europe, said Vikram Thakur, research manager with security software maker Symantec.

By the time they turned their attention to the US, spam filters had identified the new threat and flagged the ransomware-laden emails as malicious, Thakur said.

The US Department of Homeland Security’s computer emergency response team said it was aware of ransomware infections “in several countries around the world.”

Jakub Kroustek of the security firm Avast said in a blog post update around 2000 GMT (4am Singapore), “We are now seeing more than 75,000 detections... in 99 countries.”

Kaspersky researcher Costin Raiu cited 45,000 attacks in 74 countries, saying that the malware, a self-replicating “worm,” was spreading quickly.

In a statement, Kaspersky Labs said it was “trying to determine whether it is possible to decrypt data locked in the attack – with the aim of developing a decryption tool as soon as possible.”

Telecommunications company Telefonica was among many targets in Spain, though it said the attack was limited to some computers on an internal network and had not affected clients or services. Portugal Telecom and Telefonica Argentina both said they were also targeted.

KILL SWITCH

On Saturday, a cybersecurity researcher told AFP he had accidentally discovered a “kill switch” that can prevent the spread of the ransomware.

The researcher, tweeting as @MalwareTechBlog, said the discovery was accidental, but that registering a domain name used by the malware stops it from spreading. Computers already affected will not be helped by the solution.

However @MalwareTechBlog warned that the “crisis isn’t over” as those behind it “can always change the code and try again”.

Private security firms identified the ransomware as a new variant of “WannaCry” that had the ability to automatically spread across large networks by exploiting a known bug in Microsoft’s Windows operating system.

“Once it gets in and starts moving across the infrastructure, there is no way to stop it,” said Adam Meyers, a researcher with cyber security firm CrowdStrike.

The hackers, who have not come forward to claim responsibility or otherwise been identified, likely made it a “worm,” or self spreading malware, by exploiting a piece of NSA code known as “Eternal Blue” that was released last month by a group known as the Shadow Brokers, researchers with several private cyber security firms said.

“This is one of the largest global ransomware attacks the cyber community has ever seen,” said Rich Barger, director of threat research with Splunk, one of the firms that linked WannaCry to the NSA.

The Shadow Brokers released Eternal Blue as part of a trove of hacking tools that they said belonged to the US spy agency.
Microsoft on Friday said it was pushing out automatic Windows updates to defend clients from WannaCry. It issued a patch on March 14 to protect them from Eternal Blue.

“Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt,”Microsoft said in a statement. It said the company was working with its customers to provide additional assistance.

SENSITIVE TIMING

The spread of the ransomware capped a week of cyber turmoil in Europe that kicked off a week earlier when hackers posted a huge trove of campaign documents tied to French candidate Emmanuel Macron just 1-1/2 days before a run-off vote in which he was elected as the new president of France.

On Wednesday, hackers disputed the websites of several French media companies and aerospace giant Airbus.

Also, the hack happened four weeks before a British parliamentary election in which national security and the management of the state-run National Health Service (NHS) are important campaign themes.

Caroline Brennan, 41, went to the hospital to see her brother, who had open heart surgery. “They told us there was a problem. They said the system was down and that they cannot transfer anyone till the computer system was back up,” Brennan said.

Authorities in Britain have been braced for possible cyber attacks in the run-up to the vote, as happened during last year’s US election and on the eve of this month’s presidential vote in France.

But those attacks – blamed on Russia, which has repeatedly denied them – followed an entirely different modus operandi involving penetrating the accounts of individuals and political organizations and then releasing hacked material online.

On Friday, Russia’s interior and emergencies ministries, as well as the country’s biggest bank, Sberbank, said they were targeted.

The interior ministry said on its website that around 1,000 computers had been infected but it had localized the virus.

The emergencies ministry told Russian news agencies it had repelled the cyber attacks while Sberbank said its cyber security systems had prevented viruses from entering its systems.

NEW BREED OF RANSOMWARE

Although cyber extortion cases have been rising for several years, they have to date affected small-to-mid sized organisations, disrupting services provided by hospitals, police departments, public transportation systems and utilities in the United States and Europe. “Seeing a large telco like Telefonica get hit is going to get everybody worried. Now ransomware is affecting larger companies with more sophisticated security operations,” Chris Wysopal, chief technology officer with cyber security firm Veracode, said.

The news is also likely to embolden cyber extortionists when selecting targets, Chris Camacho, chief strategy officer with cyber intelligence firm Flashpoint, said.

“Now that the cyber criminals know they can hit the big guys, they will start to target big corporations. And some of them may not be well prepared for such attacks,” Camacho said.

In Spain, some big firms took pre-emptive steps to thwart ransomware attacks following a warning from Spain’s National Cryptology Centre of “a massive ransomware attack.”

Iberdrola and Gas Natural, along with Vodafone’s unit in Spain, asked staff to turn off computers or cut off internet access in case they had been compromised, representatives from the firms said.

In Spain, the attacks did not disrupt the provision of services or networks operations of the victims, the government said in a statement.
 

war is best form of peace

Alfrescian
Loyal
https://www.theguardian.com/technol...tch-to-stop-spread-of-ransomware-cyber-attack

'Accidental hero' finds kill switch to stop spread of ransomware cyber-attack

Spread of malware curtailed by expert who simply registered a domain name for a few dollars, giving many across world time to protect against attack

Cyber-attack hits dozens of countries – live updates
Massive ransomware cyber-attack hits 74 countries around the world

The spread of WannaCry ransomware wreaked havoc on organizations including the UK’s National Health Service (NHS).
The spread of WannaCry ransomware wreaked havoc on organizations including the UK’s National Health Service (NHS). Photograph: Carl Court/Getty Images

Share on Facebook
Share on Twitter
Share via Email

Olivia Solon in San Francisco
@oliviasolon
email

Saturday 13 May 2017 05.11 BST
First published on Saturday 13 May 2017 02.41 BST

An “accidental hero” has halted the global spread of the WannaCry ransomware, reportedly by spending a few dollars on registering a domain name hidden in the malware.

The ransomware has wreaked havoc on organizations including FedEx and Telefonica, as well as the UK’s National Health Service (NHS), where operations were cancelled, x-rays, test results and patient records became unavailable and phones did not work.
Massive ransomware cyber-attack hits 74 countries around the world
Read more

However, a UK cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and activated a “kill switch” in the malicious software.

The switch was hardcoded into the malware in case the creator wanted to stop it spreading. This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading.

“I saw it wasn’t registered and thought, ‘I think I’ll have that’,” he is reported as saying. The purchase cost him $10.69. Immediately, the domain name was registering thousands of connections every second.

“They get the accidental hero award of the day,” said Proofpoint’s Ryan Kalember. “They didn’t realize how much it probably slowed down the spread of this ransomware.”

The time that @malwaretechblog registered the domain was too late to help Europe and Asia, where many organizations were affected. But it gave people in the US more time to develop immunity to the attack by patching their systems before they were infected, said Kalember.
Cyber-attack hits 74 countries with UK hospitals among targets – live updates
Read more

The kill switch won’t help anyone whose computer is already infected with the ransomware, and and it’s possible that there are other variances of the malware with different kill switches that will continue to spread.

The malware was made available online on 14 April through a dump by a group called Shadow Brokers, which claimed last year to have stolen a cache of “cyber weapons” from the National Security Agency (NSA).

Ransomware is a type of malware that encrypts a user’s data, then demands payment in exchange for unlocking the data. This attack was caused by a bug called “WanaCrypt0r 2.0” or WannaCry, that exploits a vulnerability in Windows. Microsoft released a patch (a software update that fixes the problem) for the flaw in March, but computers that have not installed the security update remain vulnerable.

MalwareTech (@MalwareTechBlog)

I will confess that I was unaware registering the domain would stop the malware until after i registered it, so initially it was accidental.
May 13, 2017

The ransomware demands users pay $300 worth of cryptocurrency Bitcoin to retrieve their files, though it warns that the “payment will be raised” after a certain amount of time. Translations of the ransom message in 28 languages are included. The malware spreads through email.

“This was eminently predictable in lots of ways,” said Ryan Kalember from cybersecurity firm Proofpoint. “As soon as the Shadow Brokers dump came out everyone [in the security industry] realized that a lot of people wouldn’t be able to install a patch, especially if they used an operating system like Windows XP [which many NHS computers still use], for which there is no patch.”

Security researchers with Kaspersky Lab have recorded more than 45,000 attacks in 74 countries, including the UK, Russia, Ukraine, India, China, Italy, and Egypt. In Spain, major companies including telecommunications firm Telefónica were infected.

By Friday evening, the ransomware had spread to the United States and South America, though Europe and Russia remained the hardest hit, according to security researchers Malware Hunter Team. The Russian interior ministry says about 1,000 computers have been affected.
 

war is best form of peace

Alfrescian
Loyal
So did any one got hacked and asked for ransom? I heard people KPKB.


Those who get affected is global level and sure KPKB.

http://www.straitstimes.com/world/europe/unprecedented-cyberattacks-wreak-global-havoc


Unprecedented cyberattacks wreak global havoc

In this posed picture photograph, a woman points to the website of the NHS: East and North Hertfordshire notifying users of a problem in its network, in London on May 12, 2017.
In this posed picture photograph, a woman points to the website of the NHS: East and North Hertfordshire notifying users of a problem in its network, in London on May 12, 2017. PHOTO: AFP
Published
1 hour ago
Updated
42 min ago

LONDON (AFP) - Cyber security experts rushed to restore systems on Saturday (May 13) after an unprecedented global wave of cyberattacks that struck targets ranging from Russia's banks to British hospitals and a French carmaker's factories.

The hunt was on for the culprits behind the assault, which was being described as the biggest cyber ransom attack ever.

State agencies and major companies around the world were left reeling by the attacks which blocked access to files and demanded ransom money, forcing them to shut down their computer systems.

"The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits," said Europol, Europe's policing agency.
Get The Straits Times
newsletters in your inbox
Sign Up

The attacks, which experts said affected dozens of countries, used a technique known as ransomware that locks users' files unless they pay the attackers a designated sum in the virtual Bitcoin currency.

Mikko Hypponen, chief research officer at the Helsinki-based cyber security company F-Secure, told AFP that the attack was "the biggest ransomware outbreak in history", saying that 130,000 systems in more than 100 countries had been affected.

He said that Russia and India were hit particularly hard, in large part because the older Windows XP operating software is still widely used in the countries.

The attacks apparently exploited a flaw exposed in documents leaked from the US National Security Agency (NSA).

Swedish engineering firm Sandvik said on Saturday computers handling both administration and production were hit in a number of countries where the company operates, with some production forced to stop.

“In some cases the effects were small, in others they were a little larger,” Head of External Communications Par Altan said. “In some cases, certain production has been affected. Certain, but far from all of it.” Altan would not say which countries had been affected or give further details on the impact on production.

He said Sandvik was now assessing the situation.

The attacks hit a whole range of organisations and businesses worldwide.
Related Stories:
13-42547561.1_42547620_-_13_05_2017_-_file_russia_finance_sberbamk.jpg
A general view of the Sberbank building in Moscow, Russia, on March 24, 2015.
Russian banks, ministries hit by mass cyber attack
11a-40549099_-_14_11_2016_-_citi15.jpg
The wave of cyberattacks causing havoc across the globe.
Europol says cyberattack is of 'unprecedented level'
6a-42546920_-_13_05_2017_-_taiwan_cyber_attack.jpg
More than 45,000 attacks have been recorded in as many as 74 countries.
What we know and don't know about the global cyber attack
UK hospitals hit by large-scale cyber attack
UK hospitals hit by large-scale cyber attack
British government in the dark over who was behind cyber attack on country's health system
5-41912618_-_15_03_2017_-_renault-diesel_.jpg
French carmaker Renault is assessing the cyber attack situation to try to find a solution.
Renault, Nissan latest to be hit by global cyber attack
cyber.jpg
A fast-moving wave of cyber attacks swept the globe on Friday, apparently exploiting a flaw exposed in documents leaked from the US National Security Agency.
No government agencies or critical information infrastructure in Singapore affected by global cyber attacks
42526052_-_11_05_2017_-_baltics-cyber_.jpg
A global cyber attack has affected about 100 countries, hitting international shipper FedEx and disrupting Britain’s health system.
Researcher finds 'kill switch' for cyber attack ransomware
42540633_-_13_05_2017_-_britain-health-cyber_attack.jpg
A woman points to an online British health service notice, telling users about a problem in its network.
What is the 'ransomware' WannaCry worm?
42034503_-_25_03_2017_-_usa-trump_surveillance-nunes.jpg
The National Security Agency (NSA) data centre in Bluffdale, Utah.
Global cyber attack fuels concern about US vulnerability disclosures
6a-42546920_-_13_05_2017_-_taiwan_cyber_attack.jpg
More than 45,000 attacks have been recorded in as many as 74 countries.
What we know and don't know about the global cyber attack
Spanish companies hit by ransomware cyber attack
Spanish companies hit by ransomware cyber attack
British hospitals, Spanish firms hit by cyber attacks
42540395_-_13_05_2017_-_britain_nhs_cyber_attack.jpg
An ambulance stands outside an NHS hospital in London, Britain, May 12, 2017.
Cyberattacks in 12 nations said to use leaked NSA hacking tool
42526054_-_11_05_2017_-_baltics-cyber_.jpg
NHS England has confirmed that hospitals across the country appear to have been simultaneously hit by a bug in their IT systems.
Global cyber attack hits hospitals and companies, threat seen fading for now

French carmaker Renault was forced to stop production at sites in France and Slovenia, saying the measure was aimed at stopping the virus from spreading.

In the United States, package delivery group FedEx acknowledged it had been hit by malware and said it was "implementing remediation steps as quickly as possible." Russia's interior ministry said that some of its computers had been hit by a "virus attack" and that efforts were underway to destroy it.

The country's central bank said the banking system was hit, and the railway system also reported attempted breaches.

The central bank's IT attack monitoring centre "detected mass distribution of harmful software" but no "instances of compromise", it said.

Russia's largest bank Sberbank said its systems "detected in time attempts to penetrate bank infrastructure".

Germany's Deutsche Bahn computers were also impacted, with the rail operator reporting that station display panels were affected.

Self-replicating 'worm'

In a statement, computer security group Kaspersky Labs said it was "trying to determine whether it is possible to decrypt data locked in the attack - with the aim of developing a decryption tool as soon as possible." On Saturday, a cyber security researcher told AFP he had accidentally discovered a "kill switch" that could prevent the spread of the ransomware.

The researcher, tweeting as @MalwareTechBlog, said that the discovery was accidental, but that registering a domain name used by the malware stops it from spreading. Computers already affected will not be helped by the solution.

But @MalwareTechBlog warned that the "crisis isn't over" as those behind it "can always change the code and try again".

The malware's name is WCry, but analysts were also using variants such as WannaCry.

Message to users: 'Oops'

Britain's National Cyber Security Centre and its National Crime Agency were looking into the UK incidents, which disrupted care at National Health Service facilities, forcing ambulances to divert and hospitals to postpone operations.

Pictures on social media showed screens of NHS computers with images demanding payment of US$300 (S$420) in Bitcoin, saying: "Ooops, your files have been encrypted!" It demands payment in three days or the price is doubled, and if none is received in seven days the files will be deleted, according to the screen message.

"Ransomware becomes particularly nasty when it infects institutions like hospitals, where it can put people's lives in danger," said Kroustek, the Avast analyst.

A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the NSA, Kaspersky said.

Although Microsoft released a security patch for the flaw earlier this year, many systems have yet to be updated, researchers said.

"Unlike most other attacks, this malware is spreading primarily by direct infection from machine to machine on local networks, rather than purely by email," said Lance Cottrell, chief scientist at the US technology group Ntrepid.

Some said the attacks highlighted the need for agencies like the NSA to disclose security flaws so they can be patched.

G7 finance ministers meeting in Italy discussed the attacks and were expected to commit to stepping up international cooperation against a growing threat to their economies.
 

war is best form of peace

Alfrescian
Loyal
So far Globally 200K Microshit Computers got hit, so Huat! The culprit demanded approx US$10K worth of Bit Coins each.

http://www.channelnewsasia.com/news...berattack-hits-200-000-victims-so-far-8846230

Growing global cyberattack hits 200,000 victims so far


The unprecedented global ransomware cyberattack has hit more than 200,000 victims in more than 150 countries, Europol executive director Rob Wainwright said Sunday.
The wave of attacks on May 12, 2007 hit Britain's health service, Russia's interior ministry and French carmaker Renault, along with many other organisations around the world AFP/DAMIEN MEYER
14 May 2017 07:36PM
(Updated: 14 May 2017 07:58PM)
Share this content

LONDON: The unprecedented global cyberattack has hit more than 200,000 victims in scores of countries, Europol said Sunday, warning that the situation could escalate when people return to work.

An international manhunt was well under way for the plotters behind what was being described as the world's biggest-ever computer ransom assault.

The indiscriminate attack, which began Friday, struck banks, hospitals and government agencies in more than 150 countries, exploiting known vulnerabilities in old Microsoft computer operating systems.

US package delivery giant FedEx, European car factories, Spanish telecoms giant Telefonica, Britain's health service and Germany's Deutsche Bahn rail network were among those hit.

Europol executive director Rob Wainwright said the situation could worsen on Monday as workers return to their offices after the weekend and log on.
Advertisement

"We've never seen anything like this," the head of the European Union's policing agency told Britain's ITV television, calling its reach "unprecedented".

"The latest count is over 200,000 victims in at least 150 countries. Many of those victims will be businesses, including large corporations.

"We're in the face of an escalating threat.

"I'm worried about how the numbers will continue to grow when people go to work and turn on their machines on Monday."

'OOOPS' MESSAGE, US$300 RANSOM

Images appear on victims' screens demanding payment of US$300 (275 euros) in the virtual currency Bitcoin, saying: "Ooops, your files have been encrypted!"

Payment is demanded within three days or the price is doubled, and if none is received within seven days the locked files will be deleted, according to the screen message.

Experts and governments alike warn against ceding to the demands and Wainwright said few victims so far have been paying up.

"Paying the ransom does not guarantee the encrypted files will be released," the US Department of Homeland Security's computer emergency response team said.

"It only guarantees that the malicious actors receive the victim's money, and in some cases, their banking information."

The culprits used a digital code believed to have been developed by the US National Security Agency -- and subsequently leaked as part of a document dump, according to researchers at the Moscow-based computer security firm Kaspersky Lab.

A hacking group called Shadow Brokers released the malware in April, claiming to have discovered the flaw from the NSA, Kaspersky said.

Europol's Wainwright said the attack was unique because the ransomware was combined with a "worm" - meaning the infection of one computer could automatically infect an entire network.

Microsoft said the situation was "painful" and that it was taking "all possible actions to protect our customers".

It issued guidance for people to protect their systems, while taking the highly unusual step of reissuing security patches first made available in March for Windows XP and other older versions of its operating system.

BANKS, TRAINS AND AUTOMOBILES

US software firm Symantec said the majority of organisations affected were in Europe.

The companies and government agencies targeted were diverse.

Europol's Wainwright said few banks in Europe had been affected, having learned through the "painful experience of being the number one target of cyber crime" the value of having the latest cyber security in place.

Russia's interior ministry said some of its computers had been hit, while the country's banking system was also attacked, although no problems were detected, as was the railway system.

French carmaker Renault was forced to stop production at sites in France, Slovenia and Romania, while FedEx said it was "implementing remediation steps as quickly as possible".

Germany's rail operator Deutsche Bahn said its station display panels were affected. Universities in China, Italy and Greece were also hit.

On Saturday, a cyber security researcher tweeting as MalwareTechBlog, said he had accidentally discovered a "kill switch" that could prevent the spread of the ransomware.

The anonymous researcher said registering a domain name used by the malware stops it from spreading, though it cannot help computers already affected.

On Sunday, the researcher warned that hackers could upgrade the virus to remove the kill switch.

"Version 1 of WannaCrypt was stoppable but version 2.0 will likely remove the flaw. You're only safe if you patch ASAP," he tweeted.

Meanwhile G7 finance ministers meeting in Italy vowed to unite against cyber crime, as it represented a growing threat to their economies and should be tackled as a priority.

The danger will be discussed at the G7 leaders' summit next month.
Source: AFP
 

JohnTan

Alfrescian (InfP)
Generous Asset
Fucking North Korea. Let's MOABed them already! SAF should send a contingent of armed troops to help USA and South Korea liberate Pyongyang!
 

war is best form of peace

Alfrescian
Loyal
Fucking North Korea. Let's MOABed them already! SAF should send a contingent of armed troops to help USA and South Korea liberate Pyongyang!

They spray VX Babay Oil at Changi Airport PAP all dead already. Dead by heart attacks. Cardiac seizure. Brain strokes. Epilepsy. Panic attacks. Suicides.

Lao Sai in their (white) pants and died.
 

war is best form of peace

Alfrescian
Loyal
https://tw.news.yahoo.com/歐洲警政署-網攻擴及150國20萬人受害-114037219.html


歐洲警政署:網攻擴及150國20萬人受害

[中央社]
中央社2017年5月14日

(中央社倫敦14日綜合外電報導)歐洲警政署(EUROPOL)署長韋恩萊特今天說,12日的網路攻擊至少波及150國,受害人數多達20萬人。以名為WannaCry的病毒所發動攻擊似漸趨緩,但周一恐有更多人受害。

路透社報導,韋恩萊特(Rob Wainwright)今天接受獨立電視台(ITV)節目訪問表示,這次攻擊獨特之處在於,勒索軟體與「蠕蟲功能」合併發威,讓病毒自動散布。

韋恩萊特說:「全球散布的規模前所未見,最新數字是蔓延至少150國,超過20萬人受害。許多企業受害,包括大公司。」

他說:「我們目前面臨的威脅升高,數字持續增加。我擔心人們週一上午上班開機時,受害數目恐將持續增加。」

稱為「WannaCry」的毀滅性病毒攻擊速度在前天深夜緩和下來。這種所謂的「勒索軟體」已經鎖住20萬台電腦,要求支付300至600美元(約新台幣9057元至18113元),才能取回資料。

網路安全公司Claroty主管麥布萊德(PatrickMcBride)表示:「暫停了,但會捲土重來。我們完全預期它會再回來。」

資安大廠賽門鐵克(Symantec)預估,截至目前,這波電腦病毒感染將耗資數千萬美元解決,大部分用於清理企業網路。1名分析師說,至今付出的贖金僅數萬美元,但他估計數字還會增加。

許多公司趕著更新微軟(Microsoft)上個月和昨天發布的修補漏洞程式,以保護Windows作業系統。WannaCry利用1個漏洞在網路上散播,它罕見又強大的特色導致昨天受害人數暴增。1060514
 

war is best form of peace

Alfrescian
Loyal
So my guess was confirmed accurate, Kim Jong Nuke fucked the Ang Moh cyber anus!


http://www.channelnewsasia.com/news...korea-group-behind-ransomware-attacks-8873808

Symantec says 'highly likely' North Korea group behind ransomware attacks
A screenshot shows a WannaCry ransomware demand, provided by cyber security firm Symantec, in Mountain View, California. (Courtesy of Symantec/Handout via REUTERS)
23 May 2017 07:20AM
(Updated: 23 May 2017 11:00AM)
Share this content

SAN FRANCISCO: Cyber security firm Symantec Corp said on Monday it was "highly likely" a hacking group affiliated with North Korea was behind the WannaCry cyber attack this month that infected more than 300,000 computers worldwide and disrupted hospitals, banks and schools across the globe.

Symantec researchers said they had found multiple instances of code that had been used both in the North Korea-linked group's previous activity and in early versions of WannaCry.

In addition, the same Internet connection was used to install an early version of WannaCry on two computers and to communicate with a tool that destroyed files at Sony Pictures Entertainment. The U.S. government and private companies have accused North Korea in the 2014 Sony attack.

North Korea has routinely denied any such role. On Monday, it called earlier reports that it might have been behind the WannaCry attack "a dirty and despicable smear campaign."

Lazarus is the name many security companies have given to the hacking group behind the Sony attack and others. By custom, Symantec does not attribute cyber campaigns directly to governments, but its researchers did not dispute the common belief that Lazarus works for North Korea.
Advertisement

In a blog post, Symantec listed numerous links between Lazarus and software the group had left behind after launching an earlier, less virulent, version of the malware in February. One was a variant of software used to wipe disks during the Sony Pictures attack, while another tool used the same internet addresses as two other pieces of malware linked to Lazarus.

At the same time, flaws in the WannaCry code, its wide spread, and its demands for payment in the electronic bitcoin before files are decrypted suggest that the hackers were not working for North Korean government objectives in this case, said Vikram Thakur, Symantec's security response technical director.

"Our confidence is very high that this is the work of people associated with the Lazarus Group, because they had to have source code access," Thakur said in an interview.

But he added: "We don't think that this is an operation run by a nation-state."

With WannaCry, Thakur said, Lazarus Group members could have been moonlighting to make extra money, or they could have left government service, or they could have been contractors without direct obligations to serve only the government.

The most effective version of WannaCry spread by using a flaw in Microsoft's Windows and a program that took advantage of it that had been used by the U.S. National Security Agency, officials said privately.

That program was among a batch leaked or stolen and then dumped online by a group calling itself The Shadow Brokers, who some in U.S. intelligence believe to be affiliated with Russia.

Analysts have been weighing in with various theories on the identity of those behind WannaCry, and some early evidence had pointed to North Korea. The Shadow Brokers endorsed that theory, perhaps to take heat off their own government backers for the disaster.

Cybersecurity company Kaspersky has said it had found several similarities between the WannaCry malware from the earlier attack and those used by Lazarus. But in an interview last week, its Asia research director, Vitaly Kamluk, said it was not conclusive evidence. "It's unusual," he said.

Beau Woods, deputy director of the Cyber Statecraft Initiative at the Atlantic Council, said that the Korean language used in some versions of the WannaCry ransom note was not that of a native speaker, making a Lazarus connection unlikely.

But Thakur said that some hackers deliberately obfuscate their language to make tracing them harder. It is also possible that the writer in question was a contractor in another country, he said.

Thakur said a less likely scenario is that Lazarus' main aim was to create chaos by distributing WannaCry.

If the hackers' main objective was to earn money on the side, that would suggest an undisciplined hacking operation run by North Korea, one that could be exploited and weakened by the country's many foes.

"The intelligence community will probably take away from this that there is a possibility of splinters in the Lazarus Group, or members who are interested in filling their own pockets, and that could help," Thakur said.

Lazarus has also been linked to attacks on banks using their SWIFT messaging network. Last year, hackers stole US$81 million from Bangladesh's central bank. Symantec said malware used in that attack was linked to Lazarus.

(Reporting by Joseph Menn, Dustin Volz, Jeremy Wagstaff and Ju-Min Park; Editing by Chris Reese, Mary Milliken and Raju Gopalakrishnan)
Source: Reuters
 

war is best form of peace

Alfrescian
Loyal
所以他们志不在发财,旨在破坏西方资本主义世界的运作.调查发现黑客的勒索收入非常少.而且,他们还同情台湾的低收入受害者,免费解锁,还道歉说我们错误估计了台湾人的收入水平,不应该敲诈这样高价!

因为他们就是共产党无产阶级斗争分子!他们不会打击穷人!自己人嘛! :d
 
Top