Coordination Center

Beijing, China

Coordination Center

Beijing, China
SEARCH FILTERS
Time filter
Source Type

News Article | May 15, 2017
Site: hosted2.ap.org

The Latest: IT expert modest about stopping cyberattack (AP) — The latest on the global extortion cyberattack that hit dozens of countries (all times local): The IT expert who helped stop the spread of the WannaCry cyberattack says he believes the fight against the infection is "done and dusted." Twenty-two-year-old Marcus Hutchins, who works for Los Angeles-based cybersecurity firm Kryptos Logic, says although he was the person who registered a domain name that took down the virus, hundreds of others helped in the effort In his first face-to-face interview, Hutchins said Monday hundreds of computer experts worked throughout the weekend to fight the virus, which paralyzed computers in some 150 countries. Hutchins told The Associated Press he doesn't consider himself a hero but fights malware because "it's the right thing to do." Security researchers are looking at possible connections between the global "ransomware" attack and North Korea, though one firm cautions that the connection is "weak." The security company Kaspersky Lab says portions of the "WannaCry" ransomware use the same code as malware previously distributed by Lazarus, a group behind the 2014 Sony hack blamed on North Korea. But it's possible the code was simply copied from the Lazarus malware without any other direct connection. Another security company, Symantec, has also found similarities between WannaCry and Lazarus tools, but says "they so far only represent weak connections. We are continuing to investigate for stronger connections." WannaCry has paralyzed computers running factories, banks, government agencies and transport systems in some 150 countries. A law enforcement official says investigators believe additional companies in the United States have been affected by the global "ransomware" software cyberattack but have not yet come forward to report the attacks. The official spoke to The Associated Press on condition of anonymity because the official was not authorized to speak publicly about an ongoing investigation. The official says that investigators have obtained some of the phishing emails and are analyzing them for "bread crumbs" that may lead them to the attackers. Authorities have been encouraging affected companies to contact law enforcement and not pay the ransom. While the attack that emerged Friday hitting companies and governments around the world ebbed in intensity Monday, experts warned that new versions of the virus could emerge. Investigators fear the ransomware can be re-released without a kill switch that allowed researchers to interrupt the malware's initial spread. President Donald Trump's homeland security adviser says that so far, no U.S. federal systems have been affected by the global cyberattack. Tom Bossert says the U.S. government has been closely monitoring the attack, which has affected an estimated 300,000 machines in 150 countries. He noted a few U.S. businesses, including Fed Ex, were affected. Computers across the world were locked up Friday and users' files held for ransom when dozens of countries were hit in a cyber-extortion attack that targeted hospitals, companies and government agencies. Cybersecurity experts say the unknown hackers who launched the "ransomware" attacks used a hole in Microsoft software that was discovered by the National Security Agency and exposed when NSA documents were leaked online. Neither the FBI or NSA would comment Monday. Investigators looking to catch the perpetrators of the global "ransomware" attack will be looking for digital clues, including monitoring the bitcoin accounts used to collect ransom payments. It'll be tough, but not impossible. Security experts say that bitcoin is often believed to be anonymous, but the transactions are highly traceable. What's not known is who's behind a particular account. But the bitcoin money often has to be converted into real-world currency at some point. Steve Grobman of the security company McAfee says forensics experts will also be looking for clues in the structure of the malware, including how it was written and how it was run. He says the malware was sophisticated, helping to rule out pranksters and lower-level thieves. The cyberattack that emerged Friday has paralyzed computers running factories, banks, government agencies and transport systems around the world. Interpol's cybercrime unit, based in Singapore, said it is working on information provided by the private Kaspersky Lab to assist investigations in the countries affected. Europol has said the same. But neither agency has actual enforcement capabilities, instead acting more as information clearinghouses and organizers in the complex world of international law enforcement, where police from different countries rarely have a language in common — and few speak the languages of computer programming. Costin Raiu, head of Kaspersky's global research and analysis, whose group has two analysts directly embedded with Interpol, said a main pitfall will be sharing intelligence in real time, and then being able to follow the accumulated evidence to a suspect. Raiu said investigators are scouring the Tor darknet to trace the command and control servers. The attackers are believed to be relatively new at the ransomware business, he said. "The attack appears to be slowing down anyway. What we are afraid of are copycats," he said. Germany's interior ministry says software companies need to do their own homework, rather than blame governments for security breaches. Microsoft's top lawyer, Brad Smith, had criticized governments Sunday for "hoarding" vulnerabilities and urged authorities to report security problems to IT firms "rather than stockpile, sell, or exploit them." Interior ministry spokesman Tobias Plate said "someone who doesn't do their homework trying to make others responsible for not pointing out this homework needs to be done seems to me to mix up cause and effect." Plate told reporters in Berlin on Monday that the German government had published a new cybersecurity strategy last year that includes a proposal to hold IT companies liable for security flaws. German rail company Deutsche Bahn's platform displays were hit by the global "ransomware" cyberattack. Tom Bossert, a homeland security adviser to U.S. President Donald Trump, says the recent global cyberattack is something that "for right now, we've got under control" in the United States. Bossert tells ABC's "Good Morning America" that the malware is an "extremely serious threat" that could inspire copycat attacks. But Microsoft's security patch released in March should protect U.S. networks for those who install it. Micrsoft's top lawyer has criticized U.S. intelligence for "stockpiling" software code that can aid hackers. Cybersecurity experts say the unknown hackers behind the latest attacks used a vulnerability exposed in U.S. government documents leaked online. Bossert said "criminals" are responsible, not the U.S. government. Bossert says the U.S. hasn't ruled out involvement by a foreign government, but that the recent ransom demands suggest a criminal network. Indian authorities were on high alert for news of malfunctioning computers Monday, after experts estimated 5 percent of affected computers were in the country. The Computer Emergency Response Team of India issued a red-colored "critical alert" — it's highest alarm level — and urged computer users to update their systems and use protective software. But few major problems were reported. The head of the government response team told Press Trust of India news agency that "everything seems to be normal, so far. No reports have come in" detailing cyberattacks in the country. The Kaspersky Lab, a security solutions firm, had estimated that up to 5 percent of computers affected globally could be in India. The country is considered vulnerable thanks to a large number of computers running on older Microsoft operating systems. Britain's health service says most hospitals hit by the global "ransomware" attack are back up and running, but seven are still experiencing IT disruption and canceling appointments. About a fifth of NHS trusts — the regional bodies that run hospitals and clinics — were hit by the attack on Friday, leading to thousands of canceled appointments and operations. Health officials say seven of the 47 affected are still having IT problems and have asked for "extra support" from the National Health Service. Barts Health, which runs five London hospitals, says it is still sending some ambulances to other hospitals and has canceled some surgeries and outpatient appointments. Ciaran Martin, chief executive of the U.K.'s National Cyber Security Centre, has warned that more computers could be infected Monday as doctors' practices re-opened after the weekend. In France, auto manufacturer Renault said one of its plants, which employs 3,500 people in Douai, northern France, wasn't reopening Monday as technicians continued to deal with the aftermath of the global cyberattack. The company described the temporary halt in production as a "preventative step." The company gave no details on the degree to which the plant was affected by the malware. Renault said all of its other plants in France were open Monday. The problem with its home page wasn't ransomware after all, Osaka city hall said. The site is now back up but the real cause of the problem is not yet clear, said spokesman Hajime Nishikawa. Kyodo News said one personal computer was affected at one office at East Japan Railway Co., but train services were not affected. A Japanese nonprofit says computers at 600 locations had been hit in the global "ransomware" cyberattack. Nissan Motor Co. confirmed Monday some units had been targeted, but there was no major impact on its business. Hitachi spokeswoman Yuko Tainiuchi said emails were slow or not getting delivered, and files could not be opened. The company believes the problems are related to the ransomware attack, although no ransom is being demanded. They were installing software to fix the problems. The Japan Computer Emergency Response Team Coordination Center said 2,000 computers in Japan were reported affected so far, citing an affiliate foreign security organization that it cannot identify. At least one hospital was affected, according to police. The city of Osaka said its home page went blank, although problems had not been detected otherwise. South Korea has been mostly spared from the global cyber chaos that crippled scores of governments and companies in 150 countries. Director Shin Dae Kyu at the state-run Korea Internet & Security Agency who monitors the private sector said Monday that five companies have reported they were targeted by a global "ransomware" cyberattack. While some companies did not report damages to the government, South Korea was yet to see crippling damages, he said. The most public damage was on the country's largest movie chain. CJ CGV Co. was restoring its advertising servers at dozens of its movie theaters after the attack left the company unable to display trailers of upcoming movies. Its movie ticket systems were unaffected. Another government security official said no government systems were affected. Global cyber chaos is spreading Monday as companies boot up computers at work following the weekend's worldwide "ransomware" cyberattack. The extortion scheme has created chaos in 150 countries and could wreak even greater havoc as more malicious variations appear. The initial attack, known as "WannaCry," paralyzed computers running Britain's hospital network, Germany's national railway and scores of other companies and government agencies around the world. As a loose global network of cybersecurity experts fought the ransomware hackers, in China, state media said more than 29,000 institutions had been infected along with hundreds of thousands of devices. The Japan Computer Emergency Response Team Coordination Center, a nonprofit providing support for computer attacks, said 2,000 computers at 600 locations in Japan were reported affected so far.


News Article | May 15, 2017
Site: hosted2.ap.org

Log in, look out: Cyber chaos spreads with workweek's start (AP) — Global cyber chaos was spreading Monday as companies booted up computers at work following the weekend's worldwide "ransomware" cyberattack. The extortion scheme created chaos in 150 countries and could wreak even greater havoc as more malicious variations appear. The initial attack, known as "WannaCry," paralyzed computers running Britain's hospital network, Germany's national railway and scores of other companies and government agencies around the world. As a loose global network of cybersecurity experts fought the ransomware hackers, Chinese state media said 29,372 institutions there had been infected along with hundreds of thousands of devices. The Japan Computer Emergency Response Team Coordination Center, a nonprofit providing support for computer attacks, said 2,000 computers at 600 locations in Japan were reported affected so far. Government agencies said they were unaffected. Companies like Hitachi and Nissan Motor Co. reported problems they said had not seriously affected their business operations. In China, universities and other educational institutions were among the hardest hit, about 15 percent of the internet protocol addresses attacked, according to the official Xinhua News Agency. That may be because schools tend to have old computers and be slow about updates of operating systems and security, said Fang Xingdong, founder of ChinaLabs, an internet strategy think tank. Railway stations, mail delivery, gas stations, hospitals, office buildings, shopping malls and government services also were affected, Xinhua said, citing the Threat Intelligence Center of Qihoo 360, a Chinese internet security services company. Elsewhere in Asia, officials in Japan and South Korea said they believed security updates had helped ward off the worst of the impact. The most public damage in South Korea was to cinema chain CJ CGV Co. It was restoring its advertising servers at dozens of theaters after the attack left the company unable to display trailers of upcoming movies. The attack was disrupting computers that run factories, banks, government agencies and transport systems in scores of countries, including Russia, Ukraine, Brazil, Spain, India and Japan, among others. Russia's Interior Ministry and companies including Spain's Telefonica, FedEx Corp. in the U.S. and French carmaker Renault all reported troubles. Experts were urging organizations and companies to immediately update older Microsoft operating systems, such as Windows XP, with a patch released by Microsoft Corp. to limit vulnerability to a more powerful version of the malware — or to future versions that can't be stopped. Paying the ransom will not ensure any fix, said Eiichi Moriya, a cyber security expert and professor at Meiji University. "You are dealing with a criminal," he said. "It's like after a robber enters your home. You can change the locks but what has happened cannot be undone. If someone kidnaps your child, you may pay your ransom but there is no guarantee your child will return." New variants of the rapidly replicating worm were discovered Sunday and one did not include the so-called kill switch that allowed researchers to interrupt its spread Friday by diverting it to a dead end on the internet. Ryan Kalember, senior vice president at Proofpoint Inc. which helped stop its spread, said the version without a kill switch could spread. It was benign because it contained a flaw that prevented it from taking over computers and demanding ransom to unlock files but other more malicious ones will likely pop up. "We haven't fully dodged this bullet at all until we're patched against the vulnerability itself," Kalember said. The attack held users hostage by freezing their computers, popping up a red screen with the words, "Oops, your files have been encrypted!" and demanding money through online bitcoin payment — $300 at first, rising to $600 before it destroys files hours later. Just one person in an organization who clicked on an infected attachment or bad link, would lead to all computers in a network becoming infected, said Vikram Thakur, technical director of Symantec Security Response. "That's what makes this more troubling than ransomware was a week ago," Thakur said. The attack has hit more than 200,000 victims across the world since Friday and is seen as an "escalating threat," said Rob Wainwright, the head of Europol, Europe's policing agency. "The numbers are still going up," Wainwright said. Microsoft's top lawyer is laying some of the blame at the feet of the U.S. government. Brad Smith criticized U.S. intelligence agencies, including the CIA and National Security Agency, for "stockpiling" software code that can be used by hackers. Cybersecurity experts say the unknown hackers who launched this weekend's "ransomware" attacks used a vulnerability that was exposed in NSA documents leaked online. It was too early to say who was behind the onslaught, which struck 100,000 organizations, and what their motivation was, aside from the obvious demand for money. So far, not many people have paid the ransom demanded by the malware, Europol spokesman Jan Op Gen Oorth told The Associated Press. Researchers who helped prevent the spread of the malware and cybersecurity firms worked around the clock during the weekend to monitor the situation and install a software patch to block the worm from infecting more computers in corporations across the U.S., Europe and Asia. "Right now, just about every IT department has been working all weekend rolling this out," said Dan Wire, spokesman at Fireeye Security. Installing the Microsoft patch is one way to secure computers against the virus. The other is to disable a type of software that connects computers to printers and faxes, which the virus exploits, O'Leary added. Microsoft distributed a patch two months ago that could have forestalled much of the attack, but in many organizations it was likely lost among the blizzard of updates and patches that large corporations and governments strain to manage. AP researcher Yu Bing and news assistant Liu Zheng in Beijing; Youkyung Lee in Seoul and Kelvin Chan in Hong Kong contributed to this report.


News Article | May 15, 2017
Site: hosted2.ap.org

The Latest: Renault plant closed because of cyberattack (AP) — The latest on the global extortion cyberattack that hit dozens of countries (all times local): In France, auto manufacturer Renault said one of its plants, which employs 3,500 people in Douai, northern France, wasn't reopening Monday as technicians continued to deal with the aftermath of the global cyberattack. The company described the temporary halt in production as a "preventative step." The company gave no details on the degree to which the plant was affected by the malware. Renault said all of its other plants in France were open Monday. The problem with its home page wasn't ransomware after all, Osaka city hall said. The site is now back up but the real cause of the problem is not yet clear, said spokesman Hajime Nishikawa. Kyodo News said one personal computer was affected at one office at East Japan Railway Co., but train services were not affected. A Japanese nonprofit says computers at 600 locations had been hit in the global "ransomware" cyberattack. Nissan Motor Co. confirmed Monday some units had been targeted, but there was no major impact on its business. Hitachi spokeswoman Yuko Tainiuchi said emails were slow or not getting delivered, and files could not be opened. The company believes the problems are related to the ransomware attack, although no ransom is being demanded. They were installing software to fix the problems. The Japan Computer Emergency Response Team Coordination Center said 2,000 computers in Japan were reported affected so far, citing an affiliate foreign security organization that it cannot identify. At least one hospital was affected, according to police. The city of Osaka said its home page went blank, although problems had not been detected otherwise. South Korea has been mostly spared from the global cyber chaos that crippled scores of governments and companies in 150 countries. Director Shin Dae Kyu at the state-run Korea Internet & Security Agency who monitors the private sector said Monday that five companies have reported they were targeted by a global "ransomware" cyberattack. While some companies did not report damages to the government, South Korea was yet to see crippling damages, he said. The most public damage was on the country's largest movie chain. CJ CGV Co. was restoring its advertising servers at dozens of its movie theaters after the attack left the company unable to display trailers of upcoming movies. Its movie ticket systems were unaffected. Another government security official said no government systems were affected. Global cyber chaos is spreading Monday as companies boot up computers at work following the weekend's worldwide "ransomware" cyberattack. The extortion scheme has created chaos in 150 countries and could wreak even greater havoc as more malicious variations appear. The initial attack, known as "WannaCry," paralyzed computers running Britain's hospital network, Germany's national railway and scores of other companies and government agencies around the world. As a loose global network of cybersecurity experts fought the ransomware hackers, in China, state media said more than 29,000 institutions had been infected along with hundreds of thousands of devices. The Japan Computer Emergency Response Team Coordination Center, a nonprofit providing support for computer attacks, said 2,000 computers at 600 locations in Japan were reported affected so far.


News Article | May 15, 2017
Site: hosted2.ap.org

The Latest: Japan Inc. sees no major impact from ransomware TOKYO (AP) — The latest on the global extortion cyberattack that hit dozens of countries (all times local): The problem with its home page wasn't ransomware after all, Osaka city hall said. The site is now back up but the real cause of the problem is not yet clear, said spokesman Hajime Nishikawa. Kyodo News said one personal computer was affected at one office at East Japan Railway Co., but train services were not affected. A Japanese nonprofit says computers at 600 locations had been hit in the global "ransomware" cyberattack. Nissan Motor Co. confirmed Monday some units had been targeted, but there was no major impact on its business. Hitachi spokeswoman Yuko Tainiuchi said emails were slow or not getting delivered, and files could not be opened. The company believes the problems are related to the ransomware attack, although no ransom is being demanded. They were installing software to fix the problems. The Japan Computer Emergency Response Team Coordination Center said 2,000 computers in Japan were reported affected so far, citing an affiliate foreign security organization that it cannot identify. At least one hospital was affected, according to police. The city of Osaka said its home page went blank, although problems had not been detected otherwise. South Korea has been mostly spared from the global cyber chaos that crippled scores of governments and companies in 150 countries. Director Shin Dae Kyu at the state-run Korea Internet & Security Agency who monitors the private sector said Monday that five companies have reported they were targeted by a global "ransomware" cyberattack. While some companies did not report damages to the government, South Korea was yet to see crippling damages, he said. The most public damage was on the country's largest movie chain. CJ CGV Co. was restoring its advertising servers at dozens of its movie theaters after the attack left the company unable to display trailers of upcoming movies. Its movie ticket systems were unaffected. Another government security official said no government systems were affected. Global cyber chaos is spreading Monday as companies boot up computers at work following the weekend's worldwide "ransomware" cyberattack. The extortion scheme has created chaos in 150 countries and could wreak even greater havoc as more malicious variations appear. The initial attack, known as "WannaCry," paralyzed computers running Britain's hospital network, Germany's national railway and scores of other companies and government agencies around the world. As a loose global network of cybersecurity experts fought the ransomware hackers, in China, state media said more than 29,000 institutions had been infected along with hundreds of thousands of devices. The Japan Computer Emergency Response Team Coordination Center, a nonprofit providing support for computer attacks, said 2,000 computers at 600 locations in Japan were reported affected so far.


News Article | May 15, 2017
Site: hosted2.ap.org

Essential News from The Associated Press A patient takes a nap on her wheelchair as she waits with others at the registration desk at Dharmais Cancer Hospital in Jakarta, Indonesia, Monday, May 15, 2017. Global cyber chaos was spreading Monday as companies booted up computers at work following the weekend's worldwide "ransomware" cyberattack. The extortion scheme created chaos in 150 countries and could wreak even greater havoc as more malicious variations appear. (AP Photo/Dita Alangkara) A patient takes a nap on her wheelchair as she waits with others at the registration desk at Dharmais Cancer Hospital in Jakarta, Indonesia, Monday, May 15, 2017. Global cyber chaos was spreading Monday as companies booted up computers at work following the weekend's worldwide "ransomware" cyberattack. The extortion scheme created chaos in 150 countries and could wreak even greater havoc as more malicious variations appear. (AP Photo/Dita Alangkara) Patients wait at the registration desks at Dharmais Cancer Hospital in Jakarta, Indonesia, Monday, May 15, 2017. Global cyber chaos was spreading Monday as companies booted up computers at work following the weekend's worldwide "ransomware" cyberattack. The extortion scheme created chaos in 150 countries and could wreak even greater havoc as more malicious variations appear. (AP Photo/Dita Alangkara) A screenshot of the warning screen from a purported ransomware attack, as captured by a computer user in Taiwan, is seen on laptop in Beijing, Saturday, May 13, 2017. Dozens of countries were hit with a huge cyberextortion attack Friday that locked up computers and held users' files for ransom at a multitude of hospitals, companies and government agencies. (AP Photo/Mark Schiefelbein) People walk in front of the headquarters building of Hitachi Ltd., center, in Tokyo, Monday, May 15, 2017. The global "ransomware" cyberattack hit computers at 600 locations in Japan, but appeared to cause no major problems as Japanese started their workday Monday even as the attack caused chaos elsewhere. Hitachi spokeswoman said emails were slow or not getting delivered, and files could not be opened. The company believes the problems are related to the ransomware attack, although no ransom appears to have been demanded so far. They were installing software to fix the problems. (AP Photo/Shizuo Kambayashi) FILE - In this May 11, 2017 file photo, the emblem of a Nissan car is seen at its showroom in Tokyo. Japan has fallen victim of a global "ransomware" cyberattack that has created chaos in 150 countries. Nissan Motor Co. confirmed Monday, May 15, 2017, some units had been targeted, but there was no major impact on its business. (AP Photo/Eugene Hoshiko, File) TOKYO (AP) — The worldwide "ransomware" cyberattack wreaked havoc in hospitals, schools and offices across the globe on Monday. Asia reported thousands of new cases but no large-scale breakdowns as workers started the week by booting up their computers. The full extent of the damage from the cyberattack felt in 150 countries was unclear and could worsen if more malicious variations of the online extortion scheme appear. The initial attack, known as "WannaCry," paralyzed computers running Britain's hospital network, Germany's national railway and scores of other companies and government agencies around the world. As a loose global network of cybersecurity experts fought the ransomware, the attack was disrupting computers that run factories, banks, government agencies and transport systems in scores of countries, including Russia, Ukraine, Brazil, Spain, India and Japan, among others. Among those hit were Russia's Interior Ministry and companies including Spain's Telefonica and FedEx Corp. in the U.S. Chinese state media said 29,372 institutions there had been infected along with hundreds of thousands of devices. The Japan Computer Emergency Response Team Coordination Center, a nonprofit group providing support in computer attacks, said 2,000 computers at 600 locations in Japan were reported affected. Companies including Hitachi and Nissan Motor Co. reported problems but said they said had not seriously affected their business operations. Auto manufacturer Renault said one of its plants, which employs 3,500 people in Douai, northern France, wasn't reopening Monday as technicians dealt with the cyberattack's aftermath. The temporary halt in production was a "preventative step," Renault said, giving no details on how badly the plant was affected by the malware. In China, universities and other educational institutions were among the hardest hit, possibly because schools tend to have old computers and be slow to update operating systems and security, said Fang Xingdong, founder of ChinaLabs, an internet strategy think tank. On social media students complained about not being able to access their work, and people in various cities said they hadn't been able to take their driving tests over the weekend because some local traffic police systems were down. Railway stations, mail delivery, gas stations, hospitals, office buildings, shopping malls and government services also were affected, China's Xinhua News Agency said, citing the Threat Intelligence Center of Qihoo 360, a Chinese internet security services company. Elsewhere in Asia, the Indonesian government urged businesses to update computer security after the malware locked patient files on computers in two hospitals in the capital, Jakarta. Patients arriving at Dharmais Cancer Hospital had to wait several hours while staff worked with paper records. Officials in Japan and South Korea said they believed security updates had helped ward off the worst of the impact. But the South Korean cinema chain CJ CGV Co. was restoring advertising servers at dozens of theaters after the attack left the company unable to display trailers of upcoming movies. Experts urged organizations and companies to immediately update older Microsoft operating systems, such as Windows XP, with a patch released by Microsoft Corp. to limit vulnerability to a more powerful version of the malware — or to future versions that can't be stopped. Paying ransom will not ensure any fix, said Eiichi Moriya, a cybersecurity expert and professor at Meiji University. "You are dealing with a criminal," he said. "It's like after a robber enters your home. You can change the locks but what has happened cannot be undone. If someone kidnaps your child, you may pay your ransom but there is no guarantee your child will return." New variants of the rapidly replicating worm were discovered Sunday. One did not include the so-called kill switch that allowed researchers to interrupt the malware's spread Friday by diverting it to a dead end on the internet. Ryan Kalember, senior vice president at Proofpoint Inc. which helped stop its spread, said the version without a kill switch could spread. It was benign because it contained a flaw that prevented it from taking over computers and demanding ransom to unlock files but other more malicious ones will likely pop up. "We haven't fully dodged this bullet at all until we're patched against the vulnerability itself," Kalember said. The attack held users hostage by freezing their computers, popping up a red screen with the words, "Oops, your files have been encrypted!" and demanding money through online bitcoin payment — $300 at first, rising to $600 before it destroys files hours later. Just one click on an infected attachment or bad link would lead to all computers in a network becoming infected, said Vikram Thakur, technical director of Symantec Security Response. "That's what makes this more troubling than ransomware was a week ago," Thakur said. The attack has hit more than 200,000 victims across the world since Friday and is seen as an "escalating threat," said Rob Wainwright, the head of Europol, Europe's policing agency. "The numbers are still going up," Wainwright said. Microsoft's top lawyer is laying some of the blame at the feet of the U.S. government. Brad Smith criticized U.S. intelligence agencies, including the CIA and National Security Agency, for "stockpiling" software code that can be used by hackers. Cybersecurity experts say the unknown hackers who launched this weekend's "ransomware" attacks used a vulnerability that was exposed in NSA documents leaked online. It was too early to say who was behind the onslaught, which struck 100,000 organizations, and what their motivation was, aside from the obvious demand for money. So far, not many people have paid the ransom demanded by the malware, Europol spokesman Jan Op Gen Oorth told The Associated Press. Researchers who helped prevent the spread of the malware and cybersecurity firms worked around the clock over the weekend to monitor the situation and install the software patch. "Right now, just about every IT department has been working all weekend rolling this out," said Dan Wire, spokesman at Fireeye Security. Microsoft distributed the patch two months ago, which could have forestalled much of the attack, but in many organizations it was likely lost among the blizzard of updates and patches that large corporations and governments strain to manage. Watt reported from Beijing. AP researcher Yu Bing and news assistant Liu Zheng in Beijing, John Leicester in Paris, Youkyung Lee in Seoul and Kelvin Chan in Hong Kong contributed to this report. Copyright 2017 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.


News Article | May 15, 2017
Site: hosted2.ap.org

Log in, look out: Cyber chaos spreads with workweek's start (AP) — Global cyber chaos is spreading Monday as companies boot up computers at work following the weekend's worldwide "ransomware" cyberattack. The extortion scheme has created chaos in 150 countries and could wreak even greater havoc as more malicious variations appear. The initial attack, known as "WannaCry," paralyzed computers running Britain's hospital network, Germany's national railway and scores of other companies and government agencies around the world. As a loose global network of cybersecurity experts fought the ransomware hackers, Chinese state media said 29,372 institutions there had been infected along with hundreds of thousands of devices. The Japan Computer Emergency Response Team Coordination Center, a nonprofit providing support for computer attacks, said 2,000 computers at 600 locations in Japan were reported affected so far. The government found no impact among agencies, though companies like Hitachi and Nissan Motor Co. reported problems that had not seriously affected their business operations. In China, universities and other educational institutions were among the hardest hit, about 15 percent of the internet protocol addresses attacked, according to the official Xinhua News Agency. Railway stations, mail delivery, gas stations, hospitals, office buildings, shopping malls and government services were affected, the news agency said, citing the Threat Intelligence Center of Qihoo 360, a Chinese internet security services company. Officials in Japan and South Korea said they believed security updates had helped ward off the worst of the impact. The attack was disrupting computers that run factories, banks, government agencies and transport systems in Russia, Ukraine, Brazil, Spain, India and Japan, among others. Russia's Interior Ministry and companies including Spain's Telefonica, FedEx Corp. in the U.S. and French carmaker Renault all reported troubles. Experts were urging organizations and companies to update older Microsoft operating systems immediately to limit vulnerability to a more powerful version of the malware — or to future versions that can't be stopped. New variants of the rapidly replicating worm were discovered Sunday and one did not include the so-called kill switch that allowed researchers to interrupt its spread Friday by diverting it to a dead end on the internet. Ryan Kalember, senior vice president at Proofpoint Inc. which helped stop its spread, said the version without a kill switch could spread but was benign because it contained a flaw that prevented it from taking over computers and demanding ransom to unlock files. "I still expect another to pop up and be fully operational," Kalember said. "We haven't fully dodged this bullet at all until we're patched against the vulnerability itself." The attack held users hostage by freezing their computers, popping up a red screen with the words, "Oops, your files have been encrypted!" and demanding money through online bitcoin payment — $300 at first, rising to $600 before it destroys files hours later. Just one person in an organization who clicked on an infected attachment or bad link, would lead to all computers in a network becoming infected, said Vikram Thakur, technical director of Symantec Security Response. "That's what makes this more troubling than ransomware was a week ago," Thakur said. Gillian Wong reported from Beijing. Youkyung Lee in Seoul contributed to this report.


News Article | May 15, 2017
Site: hosted2.ap.org

Log in, look out: Cyber chaos spreads with workweek's start (AP) — Global cyber chaos is spreading Monday as companies boot up computers at work following the weekend's worldwide "ransomware" cyberattack. The extortion scheme has created chaos in 150 countries and could wreak even greater havoc as more malicious variations appear. The initial attack, known as "WannaCry," paralyzed computers running Britain's hospital network, Germany's national railway and scores of other companies and government agencies around the world. As a loose global network of cybersecurity experts fought the ransomware hackers, in China, state media said more than 29,000 institutions had been infected along with hundreds of thousands of devices. The Japan Computer Emergency Response Team Coordination Center, a nonprofit providing support for computer attacks, said 2,000 computers at 600 locations in Japan were reported affected so far.


News Article | May 15, 2017
Site: hosted2.ap.org

The Latest: Japan Inc. sees no major impact from ransomware (AP) — The latest on the global extortion cyberattack that hit dozens of countries (all times local): A Japanese nonprofit says has computers at 600 locations had been hit in the global "ransomware" cyberattack. Nissan Motor Co. confirmed Monday some units had been targeted, but there was no major impact on its business. Hitachi spokeswoman Yuko Tainiuchi said emails were slow or not getting delivered, and files could not be opened. The company believes the problems are related to the ransomware attack, although no ransom is being demanded. They were installing software to fix the problems. The Japan Computer Emergency Response Team Coordination Center said 2,000 computers in Japan were reported affected so far, citing an affiliate foreign security organization that it cannot identify. At least one hospital was affected, according to police. The city of Osaka said its home page went blank, although problems had not been detected otherwise. South Korea has been mostly spared from the global cyber chaos that crippled scores of governments and companies in 150 countries. Director Shin Dae Kyu at the state-run Korea Internet & Security Agency who monitors the private sector said Monday that five companies have reported they were targeted by a global "ransomware" cyberattack. While some companies did not report damages to the government, South Korea was yet to see crippling damages, he said. The most public damage was on the country's largest movie chain. CJ CGV Co. was restoring its advertising servers at dozens of its movie theaters after the attack left the company unable to display trailers of upcoming movies. Its movie ticket systems were unaffected. Another government security official said no government systems were affected. Global cyber chaos is spreading Monday as companies boot up computers at work following the weekend's worldwide "ransomware" cyberattack. The extortion scheme has created chaos in 150 countries and could wreak even greater havoc as more malicious variations appear. The initial attack, known as "WannaCry," paralyzed computers running Britain's hospital network, Germany's national railway and scores of other companies and government agencies around the world. As a loose global network of cybersecurity experts fought the ransomware hackers, in China, state media said more than 29,000 institutions had been infected along with hundreds of thousands of devices. The Japan Computer Emergency Response Team Coordination Center, a nonprofit providing support for computer attacks, said 2,000 computers at 600 locations in Japan were reported affected so far.


News Article | May 15, 2017
Site: hosted2.ap.org

(AP) — The worldwide "ransomware" cyberattack wreaked havoc in hospitals, schools and offices across the globe on Monday. Asia reported thousands of new cases but no large-scale breakdowns as workers started the week by booting up their computers. The full extent of the damage from the cyberattack felt in 150 countries was unclear and could worsen if more malicious variations of the online extortion scheme appear. The initial attack, known as "WannaCry," paralyzed computers running Britain's hospital network, Germany's national railway and scores of other companies and government agencies around the world. As a loose global network of cybersecurity experts fought the ransomware, the attack was disrupting computers that run factories, banks, government agencies and transport systems in scores of countries, including Russia, Ukraine, Brazil, Spain, India and Japan, among others. Among those hit were Russia's Interior Ministry and companies including Spain's Telefonica and FedEx Corp. in the U.S. Chinese state media said 29,372 institutions there had been infected along with hundreds of thousands of devices. The Japan Computer Emergency Response Team Coordination Center, a nonprofit group providing support in computer attacks, said 2,000 computers at 600 locations in Japan were reported affected. Companies including Hitachi and Nissan Motor Co. reported problems but said they said had not seriously affected their business operations. Auto manufacturer Renault said one of its plants, which employs 3,500 people in Douai, northern France, wasn't reopening Monday as technicians dealt with the cyberattack's aftermath. The temporary halt in production was a "preventative step," Renault said, giving no details on how badly the plant was affected by the malware. In China, universities and other educational institutions were among the hardest hit, possibly because schools tend to have old computers and be slow to update operating systems and security, said Fang Xingdong, founder of ChinaLabs, an internet strategy think tank. Railway stations, mail delivery, gas stations, hospitals, office buildings, shopping malls and government services also were affected, China's Xinhua News Agency said, citing the Threat Intelligence Center of Qihoo 360, a Chinese internet security services company. Elsewhere in Asia, the Indonesian government urged businesses to update computer security after the malware locked patient files on computers in two hospitals in the capital, Jakarta. Patients arriving at Dharmais Cancer Hospital had to wait several hours while staff worked with paper records. Officials in Japan and South Korea said they believed security updates had helped ward off the worst of the impact. But the South Korean cinema chain CJ CGV Co. was restoring advertising servers at dozens of theaters after the attack left the company unable to display trailers of upcoming movies. Experts urged organizations and companies to immediately update older Microsoft operating systems, such as Windows XP, with a patch released by Microsoft Corp. to limit vulnerability to a more powerful version of the malware — or to future versions that can't be stopped. Paying ransom will not ensure any fix, said Eiichi Moriya, a cybersecurity expert and professor at Meiji University. "You are dealing with a criminal," he said. "It's like after a robber enters your home. You can change the locks but what has happened cannot be undone. If someone kidnaps your child, you may pay your ransom but there is no guarantee your child will return." New variants of the rapidly replicating worm were discovered Sunday. One did not include the so-called kill switch that allowed researchers to interrupt the malware's spread Friday by diverting it to a dead end on the internet. Ryan Kalember, senior vice president at Proofpoint Inc. which helped stop its spread, said the version without a kill switch could spread. It was benign because it contained a flaw that prevented it from taking over computers and demanding ransom to unlock files but other more malicious ones will likely pop up. "We haven't fully dodged this bullet at all until we're patched against the vulnerability itself," Kalember said. The attack held users hostage by freezing their computers, popping up a red screen with the words, "Oops, your files have been encrypted!" and demanding money through online bitcoin payment — $300 at first, rising to $600 before it destroys files hours later. Just one click on an infected attachment or bad link would lead to all computers in a network becoming infected, said Vikram Thakur, technical director of Symantec Security Response. "That's what makes this more troubling than ransomware was a week ago," Thakur said. The attack has hit more than 200,000 victims across the world since Friday and is seen as an "escalating threat," said Rob Wainwright, the head of Europol, Europe's policing agency. "The numbers are still going up," Wainwright said. Microsoft's top lawyer is laying some of the blame at the feet of the U.S. government. Brad Smith criticized U.S. intelligence agencies, including the CIA and National Security Agency, for "stockpiling" software code that can be used by hackers. Cybersecurity experts say the unknown hackers who launched this weekend's "ransomware" attacks used a vulnerability that was exposed in NSA documents leaked online. It was too early to say who was behind the onslaught, which struck 100,000 organizations, and what their motivation was, aside from the obvious demand for money. So far, not many people have paid the ransom demanded by the malware, Europol spokesman Jan Op Gen Oorth told The Associated Press. Researchers who helped prevent the spread of the malware and cybersecurity firms worked around the clock over the weekend to monitor the situation and install the software patch. "Right now, just about every IT department has been working all weekend rolling this out," said Dan Wire, spokesman at Fireeye Security. Microsoft distributed the patch two months ago, which could have forestalled much of the attack, but in many organizations it was likely lost among the blizzard of updates and patches that large corporations and governments strain to manage. Watt reported from Beijing. AP researcher Yu Bing and news assistant Liu Zheng in Beijing, John Leicester in Paris, Youkyung Lee in Seoul and Kelvin Chan in Hong Kong contributed to this report.

Loading Coordination Center collaborators
Loading Coordination Center collaborators