At least 74 countries affected in 'biggest ever' cyber attack

Sunday, 14 May, 2017

The U.K.'s National Cyber Security Center was "working round the clock" to restore vital health services, while urging people to update security software fixes, run anti-virus software and back up their data elsewhere.

However, in order to ensure as many systems as possible are protected against WannaCrypt ransomware and other attacks, Microsoft has made security patches for Windows XP and other operating systems broadly available to download. "The intelligence community should develop strong procedures that when such tools leak, the immediately give relevant information to software developers and security vendors so protections can be developed before attacks are seen in the wild", said Bambanek.

The attacks used a technique known as ransomware that locks users' files unless they pay the attackers a designated sum in the virtual currency Bitcoin. Cybersecurity experts say they are still trying to determine who is behind the WannaCry ransomware.

But we're still likely to be living with less virulent variants of WannaCry for some time. But these worm attacks became harder to pull off as computer owners and software makers shored up their defenses.

The majority of the attacks targeted Russia, Ukraine and Taiwan.

The ransomware was initially found spreading through attachments in email phishing campaigns.

Computer users worldwide - and everyone else who depends on them - should assume that the next big "ransomware" attack has already been launched, and just hasn't manifested itself yet, Ori Eisen, who founded the Trusona cybersecurity firm in Scottsdale, Arizona, told The Associated Press. This particular strain, WannaCry, exploits a vulnerability in Windows that many systems have not yet patched. In light of Friday's attacks, Microsoft announced that it's making the fixes free to all.

"Malware that penetrates the perimeter and then spreads inside the network tends to be quite successful", said Johannes Ullrich, director of the Internet Storm Center at the SANS Institute.

Pictures posted on social media showed screens of NHS computers with images demanding payment of Dollars 300 (275 euros) in Bitcoin, saying: "Ooops, your files have been encrypted!"

Cybersecurity firm Avast said it tracked more than 75,000 ransomware attacks in 99 countries Friday.

"We are on a downward slope, the infections are extremely few, because the malware is not able to connect to the registered domain", said Vikram Thakur, principal research manager at Symantec.

The ransomware, which has spread globally, has been infecting computers by exploiting a Windows vulnerability involving the Server Message Block protocol, a file-sharing feature. "So this attack is raising one of these fundamental issues that we talk about in the security world, about whether NSA surveillance protects people or creates unexpected damage that does more harm than good".

Computers infected with WannaCry will have their data encrypted, and display a ransom note demanding $300 or $600 in bitcoin to free the files.

The damage might have been temporarily contained.

The 22-year-old Britain-based researcher, identified online only as MalwareTech, explained Saturday how he inadvertently discovered Friday that the software's spread could be stopped by registering a garbled domain name. In past ransomware attacks, some victims have paid, only to find the key they are given doesn't work, while others have found their files are corrupted and can't be properly restored, he said.

The management of National Information Technology Development Agency (NITDA) would like to bring to the attention of Nigerians on the recent cyber-attack that is affecting computers across the world - the ransomeware attack. Once inside an organization's network, the malware behind the attack spread rapidly using this vulnerability.

Companies are often slow to apply these fixes, called patches, because of worries that any software change could break some other program, possibly shutting down critical operations.

"This is obviously by far the worst ransomware outbreak we've seen in, I think, forever", said Lawrence Abrams, a New York-based malware expert who runs BleepingComputer.com. "Part of what an organization needs to understand and assess is what those two risks are". A spokesman for Telefonica said the hack affected some employees at its headquarters, but the Spanish phone company is attacked frequently and the impact of Friday's incident wasn't major. And while other attackers might use the same flaw, such attacks will be steadily less successful as organizations patch it.

Citing the far-reaching potential impact on customers, Microsoft took the unusual step of offering a custom support security update for users with versions of Windows that are no longer supported. Before, Microsoft had made such fixes available only to mostly larger organizations that pay extra for extended support, yet millions of individuals and smaller businesses still had such systems.

However, MalwareTech added, the kill switch that was activated doesn't prevent the actors responsible for the ransomware from removing the domain check in their code and re-launching an attack, "so it's incredibly important that any unpatched systems are patched as quickly as possible".