Fort Meade, FL, United States

National Security Agency

www.nsa.gov/
Fort Meade, FL, United States
SEARCH FILTERS
Time filter
Source Type

News Article | May 13, 2017
Site: www.bbc.co.uk

A cyber-attack that hit organisations worldwide including the UK's National Health Service was "unprecedented", Europe's police agency says. Europol also warned a "complex international investigation" was required "to identify the culprits". Ransomware encrypted data on at least 75,000 computers in 99 countries on Friday. Payments were demanded for access to be restored. European countries, including Russia, were among the worst hit. Although the spread of the malware - known as WannaCry and variants of that name - appears to have slowed, the threat is not yet over. Europol said its cyber-crime team, EC3, was working closely with affected countries to "mitigate the threat and assist victims". In the UK, a total of 48 National Health trusts were hit by Friday's cyber-attack, of which all but six are now back to normal, according to the Home Secretary Amber Rudd. The attack left hospitals and doctors unable to access patient data, and led to the cancellation of operations and medical appointments. Some reports say Russia has seen more infections than any other country. Banks, the state-owned railways and a mobile phone network were hit. Russia's interior ministry said 1,000 of its computers had been infected but the virus was swiftly dealt with and no sensitive data was compromised. In Germany, the federal railway operator said electronic boards had been disrupted; people tweeted photos of a ticket machine. France's carmaker Renault was forced to stop production at a number of sites. Coincidentally, finance ministers from the G7 group of leading industrial countries had been meeting on Friday to discuss the threat of cyber-attacks. They pledged to work more closely on spotting vulnerabilities and assessing security measures. 'I was the victim of a ransom attack' Who has been hit by the NHS cyber attack? The malware spread quickly on Friday, with medical staff in the UK reportedly seeing computers go down "one by one". NHS staff shared screenshots of the WannaCry programme, which demanded a payment of $300 (£230) in virtual currency Bitcoin to unlock the files for each computer. The infections seem to be deployed via a worm - a program that spreads by itself between computers. Most other malicious programs rely on humans to spread by tricking them into clicking on an attachment harbouring the attack code. By contrast, once WannaCry is inside an organisation it will hunt down vulnerable machines and infect them too. It is not clear who is behind the attack, but the tools used to carry it out are believed to have been developed by the US National Security Agency (NSA) to exploit a weakness found in Microsoft's Windows system. This exploit - known as EternalBlue - was stolen by a group of hackers known as The Shadow Brokers, who made it freely available in April, saying it was a "protest" about US President Donald Trump. A patch for the vulnerability was released by Microsoft in March, which would have automatically protected those computers with Windows Update enabled. Microsoft said on Friday it would roll out the update to users of older operating systems "that no longer receive mainstream support", such Windows XP (which the NHS still largely uses), Windows 8 and Windows Server 2003. The number of infections seems to be slowing after a "kill switch" appears to have been accidentally triggered by a UK-based cyber-security researcher tweeting as @MalwareTechBlog. But in a BBC interview, he warned that it was only a temporary fix. "It is very important that people patch their systems now because there will be another one coming and it will not be stoppable by us," he said. The security researcher known online as MalwareTech was analysing the code behind the malware on Friday night when he made his discovery. He first noticed that the malware was trying to contact an unusual web address but this address was not connected to a website, because nobody had registered it. So, every time the malware tried to contact the mysterious website, it failed - and then set about doing its damage. MalwareTech decided to spend £8.50 ($11) and claim the web address. By owning the web address, he could also access analytical data. But he later realised that registering the web address had also stopped the malware trying to spread itself. "It was actually partly accidental," he told the BBC. Have you or your company been affected by the cyber-attack? Email us at haveyoursay@bbc.co.uk You can also contact us in the following ways:


News Article | May 13, 2017
Site: phys.org

The researcher, tweeting as @MalwareTechBlog, said the discovery was accidental, but that registering a domain name used by the malware stops it from spreading. "Essentially they relied on a domain not being registered and by registering it, we stopped their malware spreading," @MalwareTechBlog told AFP in a private message on Twitter. The researcher warned however that people "need to update their systems ASAP" to avoid attack. "The crisis isn't over, they can always change the code and try again," @MalwareTechBlog said. Friday's wave of cyberattacks, which affected dozens of countries, apparently exploited a flaw exposed in documents leaked from the US National Security Agency. The attacks used a technique known as ransomware that locks users' files unless they pay the attackers a designated sum in the virtual currency Bitcoin. Affected by the onslaught were computer networks at hospitals in Britain, Russia's interior ministry, the Spanish telecom giant Telefonica and the US delivery firm FedEx and many other organisations. French carmaker Renault also announced it was attacked. A spokeswoman said the company was "doing what is needed to counter this attack." "I will confess that I was unaware registering the domain would stop the malware until after I registered it, so initially it was accidental," @MalwareTechBlog tweeted. Unfortunately however, computers already affected will not be helped by the solution. "So long as the domain isn't revoked, this particular strain will no longer cause harm, but patch your systems ASAP as they will try again." The malware's name is WCry, but analysts were also using variants such as WannaCry. Forcepoint Security Labs said in a Friday statement that the attack had "global scope" and was affecting networks in Australia, Belgium, France, Germany, Italy and Mexico. In the United States, FedEx acknowledged it had been hit by malware and was "implementing remediation steps as quickly as possible." Also badly hit was Britain's National Health Service, which declared a "major incident" after the attack, which forced some hospitals to divert ambulances and scrap operations. Pictures posted on social media showed screens of NHS computers with images demanding payment of $300 (275 euros) in Bitcoin, saying: "Ooops, your files have been encrypted!" It demands payment in three days or the price is doubled, and if none is received in seven days, the files will be deleted, according to the screen message. A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the NSA, according to Kaspersky Lab, a Russian cybersecurity provider. Kaspersky researcher Costin Raiu cited 45,000 attacks in 74 countries as of Friday evening.


News Article | May 12, 2017
Site: www.latimes.com

Cybersecurity researchers said a malicious program that disabled computers at Britain's National Health Service, Russia's Interior Ministry and companies and homes across dozens of countries Friday originated with the National Security Agency. Earlier this year, a hacking group calling itself Shadow Brokers published online what it described as stolen NSA documents. They were filled with information that hacking experts said could be used to secretly take over and pluck data from laptops, smartphones and even smart TVs. Friday’s attack appeared to target computers running Microsoft Windows and took advantage of a flaw in the operating system. Microsoft released a patch for the bug in March, but users who didn’t update their systems remained susceptible to having their files locked up until they made a ransom payment to attackers. To cybersecurity experts, Friday’s incident showed exactly why technology companies such as Microsoft, Google and Apple are so defensive about the idea of backdoors into their services and devices. Law enforcement agencies may want a way into highly secure gadgets and apps to further their investigations — such as when the FBI pressed Apple last year to hack into the iPhone used by a gunman in the San Bernardino terror attack. But the companies have repeatedly pointed out that there’s no safe way to build an entry point just for trusted government organizations. Though the NSA hasn’t confirmed it was hacked, the purported leak of its tools shows that even supposedly secret vulnerabilities can get into the wrong hands. “It goes back to the mafia expression,” said John Bambenek, threat research manager at Fidelis Cybersecurity. “The only way to keep a secret is for three people to know it and two of them to be dead.” Bambenek and other researchers have called for the U.S. government to be more forthcoming with its hacking methods. Government agencies, they acknowledge, need to be able to engage in online espionage and warfare. But when flaws the agencies discover pose a threat to the nation’s businesses and consumers, they should be forced to help secure systems. “Intelligence agencies like hoarding secrets,” Bambenek said. “But at some point, their mission isn’t hoarding secrets. It’s protecting national security. You’re rarely the first person to find [a flaw to exploit] and you’re not going to be the only one to know about it very long.” Microsoft issued a fix for the vulnerability that hackers capitalized upon Friday before the Shadow Brokers leak occurred, which experts have speculated suggests the NSA may have tipped the company off about the impending leak. But that sort of disclosure remains rare and too narrow, Bambenek said. "There’s a broad community beyond the software company [with the flaw] that could help protect” consumers, he said. “There was no disclosure made to us.” In addition to homes and government agencies, Friday’s attack hit companies including delivery giant Fedex and Spain’s biggest telecom firm, Telefonica. Researchers believe computers were infected after users opened a link in a phishing email. Bambenek said a message that was purportedly sent to workers at Telefonica carried a subject line referencing a wire transfer and asked them to check a website for more details. That link — when launched on a Windows computer suffering from the vulnerability discovered by the NSA — unleashed the program that rendered files inaccessible. As recently as last week, about 1.7 million computers connected to the Internet were susceptible to such an attack, said Sean Dillon, senior security analyst at security software start-up RiskSense. Even if not all of them were hit Friday, many could fall victim in the coming days to similar attacks. The supposed NSA leaks included four other infection methods. “This obviously was a well-planned and well-coordinated attack,” Dillon said. “This probably is just the beginning.” Nobody has claimed responsibility for carrying out the attack. The big LAX terminal shuffle will let JetBlue create a lobby with (almost?) no lines Amazon hopes to dominate yet another market — furniture Wells Fargo may have created 1.4 million more unauthorized accounts than we thought, attorneys say 5:50 p.m.: This article was updated to add comments from John Bambenek and Sean Dillon. 3:35 p.m.: This article was updated with examples of companies hit by the attack. This article was originally published at 3:10 p.m.


News Article | May 13, 2017
Site: www.techtimes.com

A massive ransomware attack targeted around 100 countries around the world. Perhaps one of the most affected is Britain's National Health Service (NHA), where many hospitals struggled to keep up without their computers. Friday, May 12, saw a cyberattack of global proportions when a ransomware popped up in computers across the globe. Multiple companies, organizations, and hospitals were unprepared to receive a message with a timer, stating that their files would be lost if they fail to pay before the clock runs out. The ransomware is said to be taken from a program developed by the U.S. National Security Agency. The hardest hit in Friday's attack were UK hospitals that had to revert to using pens, paper, and the staff's own mobile phones to tend to their patients. Hospitals in UK started having problems with their computers early in the afternoon, when staff started getting notices to unplug network cables and phones and were told of the possibility of having all their data wiped out unless they pay $300 to $600 in bitcoins. Because of the cyberattack, citizens were advised to avoid going to local hospitals except for emergencies, as even ambulance schedules were in disarray, and hospital schedules were in chaos. NHA released statements regarding the incident, confirming multiple reports of the attack and stating that the NHA was not specifically targeted but was targeted along with other companies. Further, they state that they do not have the evidence that patient data was affected in the attack. In another statement that was more direct, NHS Incident Director Dr. Anne Rainsberry reassured patients that in cases of emergency, hospital staff will still be able to provide their services normally and that hospital staff will be ready to provide for their needs. "More widely we ask people to use the NHS wisely while we deal with this major incident which is still ongoing," said Dr. Rainsberry in the statement. Reports are now surfacing that perhaps the attack could have been prevented, at least in the NHA, if only they installed updates to their security system. As it turns out, the NHS currently uses outdated Windows XP and failed to upgrade to a newer version or even install the Microsoft-released patches that could have prevented the attack or at least lessened its effect. Instead, the simple update that could have prevented the attack left them vulnerable to security breaches. Just before 2016 ended, the FDA set new guidelines for cybersecurity when it comes to medical devices. The guidelines focused on working with hospitals and medical manufacturers to ensure the safety and security of their patients' data. Even before this latest cyberattack, hospitals have been victimized by hackers in the past. Such is the case with a hospital in California, where they had to pay hackers $17,000 just to gain access to their own records. No group has yet to claim responsibility for the attack, but the widespread nature of this proves just how vulnerable computer systems can be, that not even hospital records are safe. © 2017 Tech Times, All rights reserved. Do not reproduce without permission.


Patent
University of Maryland University College and National Security Agency | Date: 2016-07-20

Physical superconducting qubits are controlled according to an encoded qubit scheme, where a pair of physical superconducting qubits constitute an encoded qubit that can be controlled without the use of a microwave signal. For example, a quantum computing system has at least one encoded qubit and a controller. Each encoded qubit has a pair of physical superconducting qubits capable of being selectively coupled together. Each physical qubit has a respective tunable frequency. The controller controls a state of each of the pair of physical qubits to perform a quantum computation without using microwave control signals. Rather, the controller uses DC-based voltage or flux pulses.


News Article | May 13, 2017
Site: hosted2.ap.org

(AP) — Teams of technicians worked "round the clock" Saturday to restore hospital computer systems in Britain and check bank or transport services in other nations after a global cyberattack hit dozens of countries and crippled the U.K.'s health system. The worldwide attack was so unprecedented that Microsoft quickly changed its policy and announced that it will make security fixes available for free for older Windows systems, which are still used by millions of individuals and smaller businesses. In Russia, where a wide array of systems came under attack, officials said services had been restored or the virus contained. The extortion attack, which locked up computers and held users' files for ransom, is believed to be the biggest of its kind ever recorded, disrupting services in nations as diverse as the U.S., Russia, Ukraine, Spain and India. Europol, the European Union's police agency, said the onslaught was at "an unprecedented level and will require a complex international investigation to identify the culprits." The ransomware appeared to exploit a vulnerability in Microsoft Windows that was purportedly identified by the U.S. National Security Agency for its own intelligence-gathering purposes and was later leaked to the internet. Before Friday's attack, Microsoft had made fixes for older systems, such as 2001's Windows XP, available only to mostly larger organizations that paid extra for extended technical support. Microsoft says now it will make the fixes free for everyone. It was not yet known who perpetrated Friday's attacks. Two security firms — Kaspersky Lab and Avast — said they had identified the malicious software behind the attack in over 70 countries, although both said the attack had hit Russia the hardest. In Britain, the National Cyber Security Center said it is "working round the clock" with experts to restore vital health services. British Home Secretary Amber Rudd — who was chairing a government emergency security meeting Saturday in response to the attack — said 45 public health organizations were hit, though she stressed that no patient data had been stolen. The attack froze computers at hospitals across the country, with some canceling all routine procedures. Patients were asked not to go to hospitals unless it was an emergency and even some key services like chemotherapy were canceled. Security officials in Britain urged organizations to protect themselves from ransomware by updating their security software fixes, running anti-virus software and backing up data elsewhere. The Russian Interior Ministry, which runs the country's police, confirmed it was among those that fell victim to the ransomware, which typically flashes a message demanding a payment to release the user's own data. Ministry spokeswoman Irina Volk was quoted by the Interfax news agency Saturday as saying the problem had been "localized" and that no information was compromised. But the ministry's website still carried a banner on Saturday afternoon saying that technical work was continuing. A spokesman for the Russian Health Ministry, Nikita Odintsov, said on Twitter that the cyberattacks on his ministry were "effectively repelled." "When we say that the health ministry was attacked you should understand that it wasn't the main server, it was local computers ... actually nothing serious or deadly happened yet," German Klimenko, a presidential adviser, said on Russian state television. Russian cellular phone operators Megafon and MTS said some of their computers were hit and the Russian national railway system said although it was attacked, rail operations were unaffected. Russia's central bank said Saturday that no incidents had "compromising the data resources" of Russian banks, state news agency Tass reported. French carmaker Renault's assembly plant in Slovenia halted production after it was targeted in the global cyberattack. Radio Slovenia said Saturday the Revoz factory in the southeastern town of Novo Mesto stopped working Friday evening to stop the malware from spreading — and was working with the central office in France to resolve the problem. Krishna Chinthapalli, a doctor at Britain's National Hospital for Neurology & Neurosurgery who wrote a paper on cybersecurity for the British Medical Journal, said many British hospitals still use Windows XP software, introduced in 2001. Security experts said the attack appeared to be caused by a self-replicating piece of software that enters companies when employees click on email attachments, then spreads quickly internally from computer to computer when employees share documents. The security holes it exploits were disclosed several weeks ago by TheShadowBrokers, a mysterious group that has published what it says are hacking tools used by the NSA. Shortly after that disclosure, Microsoft announced that it had already issued software "patches," or fixes, for those holes — but many users haven't yet installed the fixes or are using older versions of Windows. In the U.S., FedEx Corp. reported that its Windows computers were "experiencing interference" from malware, but wouldn't say if it had been hit by ransomware. Elsewhere in Europe, the attack hit companies including Spain's Telefonica, a global broadband and telecommunications company. Germany's national railway said Saturday departure and arrival display screens at its train stations were affected, but there was no impact on actual train services. Deutsche Bahn said it deployed extra staff to busy stations to help customers, and recommended that they check its website or app for information on their connections. Other European organizations hit by the massive cyberattack included soccer clubs in Norway and Sweden, with IF Odd, a 132-year-old Norwegian soccer club, saying its online ticketing facility was down.


News Article | May 13, 2017
Site: phys.org

The extortion attack, which locked up computers and held users' files for ransom, is believed to be the biggest of its kind ever recorded, disrupting services in nations as diverse as the U.S., Russia, Ukraine, Spain and India. Europol, the European Union's police agency, said the onslaught was at "an unprecedented level and will require a complex international investigation to identify the culprits." The ransomware appeared to exploit a vulnerability in Microsoft Windows that was purportedly identified by the U.S. National Security Agency for its own intelligence-gathering purposes and was later leaked to the internet. It was not yet known who perpetrated Friday's attacks. Two security firms—Kaspersky Lab and Avast—said they had identified the malicious software behind the attack in over 70 countries, although both said the attack had hit Russia the hardest. The Russian Interior Ministry, which runs the country's police, confirmed it was among those that fell victim to the ransomware, which typically flashes a message demanding a payment to release the user's own data. Spokeswoman Irina Volk was quoted by the Interfax news agency Saturday as saying the problem had been "localized" and that no information was compromised. A spokesman for the Russian Health Ministry, Nikita Odintsov, said on Twitter that the cyberattacks on his ministry were "effectively repelled." Russia's central bank said Saturday it had seen no incidents "compromising the data resources of bank institutions," state news agency Tass reported. The national railway system said although it was attacked, rail operations were unaffected. French carmaker Renault's assembly plant in Slovenia halted production after it was targeted in the global cyberattack. Radio Slovenia said Saturday the Revoz factory in the southeastern town of Novo Mesto stopped working on Friday evening to stop the malware from spreading. The radio said the factory is working with the central office in France to resolve the problem. In Britain, the National Cyber Security Center says it is "working round the clock" with experts to restore vital health services. British Home Secretary Amber Rudd—who was chairing a government emergency security meeting Saturday in response to the attack—said 45 public health organizations were hit, though she stressed that no patient data had been stolen. The attack froze computers at hospitals across the country, with some canceling all routine procedures. Patients were asked not to go to hospitals unless it was an emergency and even some key services like chemotherapy were canceled. British media had reported last year that most public health organizations were using an outdated version of Microsoft Windows that was not equipped with security updates. Krishna Chinthapalli, a doctor at Britain's National Hospital for Neurology & Neurosurgery who wrote a paper on cybersecurity for the British Medical Journal, said many British hospitals still use Windows XP software, introduced in 2001. Security experts said the attack appeared to be caused by a self-replicating piece of software that enters companies and organizations when employees click on email attachments, then spreads quickly internally from computer to computer when employees share documents. The security holes it exploits were disclosed several weeks ago by TheShadowBrokers, a mysterious group that has published what it says are hacking tools used by the NSA as part of its intelligence-gathering. Shortly after that disclosure, Microsoft announced that it had already issued software "patches," or fixes, for those holes—but many users haven't yet installed the fixes or are using older versions of Windows. In the U.S., FedEx Corp. reported that its Windows computers were "experiencing interference" from malware, but wouldn't say if it had been hit by ransomware. Elsewhere in Europe, the attack hit companies including Spain's Telefonica, a global broadband and telecommunications company. Germany's national railway said Saturday that departure and arrival display screens at its train stations were affected, but there was no impact on actual train services. Deutsche Bahn said it deployed extra staff to busy stations to provide customer information, and recommended that passengers check its website or app for information on their connections. Other European organizations hit by the massive cyberattack included soccer clubs in Norway and Sweden, with IF Odd, a 132-year-old Norwegian soccer club, saying its online ticketing facility was down. Security officials in Britain urged organizations to protect themselves from ransomware by updating their security software fixes, running anti-virus software and backing up data elsewhere. Explore further: Dozens of countries hit by huge cyberextortion attack


News Article | May 13, 2017
Site: hosted2.ap.org

The Latest: Expert: This attack minor compared to next one (AP) — The Latest on the global cyberattack (all times local): A cybersecurity expert says the biggest cyberextortion attack in history is going to be dwarfed by the next big ransomware attack. Ori Eisen of the firm Trusona says the attack Friday that held hospitals, factories and government agencies hostage around the world appears to be "low-level" stuff, given the ransom demands. But he says the same thing could be done to crucial infrastructure, like nuclear power plants, dams or railway systems. Eisen says "this is child's play, what happened. This is not the serious stuff yet. What if the same thing happened to 10 nuclear power plants, and they would shut down all the electricity to the grid? What if the same exact thing happened to a water dam or to a bridge?" Eisen says the internet itself is diseased and these attacks will continue until some serious restructuring is done. He says "today, it happened to 10,000 computers ... there's no barrier to do it tomorrow to 100 million computers." A young cybersecurity researcher has been credited with helping to halt the spread of the global ransomware cyberattack by accidentally activating a so-called "kill switch" in the malicious software. The Guardian newspaper reported Saturday that the 22-year-old Britain-based researcher, identified online only as MalwareTech, found that the software's spread could be stopped by registering a garbled domain name. The paper quoted the researcher as saying: "This is not over. The attackers will realize how we stopped it, they'll change the code and then they'll start again." He urged Windows users to update their systems and reboot. The worldwide cyberextortion attack has been called "unprecedented" by Europol, which is investigating who is behind it. The worldwide cyberextortion attack has prompted Microsoft to take the unusual step of making security fixes available for older Windows system. Before this, Microsoft had made fixes for older systems, such as 2001's Windows XP, available only to mostly larger organizations that pay extra for extended support. But millions of individuals and smaller businesses still had such systems. Microsoft says now it will make the fixes free for everyone. Friday's attack was based on a Windows vulnerability that was purportedly identified by the U.S. National Security Agency and was later leaked to the internet. Microsoft released fixes for the vulnerability in March, but computers that didn't run the update were subject to the ransom attack. Once inside an organization's network, the malware behind the attack spread rapidly using this vulnerability. Radio Slovenia says French carmaker Renault's assembly plant in Slovenia has halted production after it was targeted in the global cyberattack. The radio report says the Revoz factory in the southeastern town of Novo Mesto stopped working on Friday evening to stop the malware from spreading. Renault representative Nevenka Basek Zildzovic confirmed that "some troubles occurred with some parts of IT system at Revoz." She says productionwas suspended during the night, and added that "production remains halted today too." The head of Slovenia's cyber emergency team, Gorazd Bozic, says seven individuals have also been targeted but no state institutions. Union members at French carmaker Renault say the global cyberattack has forced it to halt production at sites in France in an effort to stop the malware from spreading. The two unionists spoke on condition of anonymity because of the sensitiveness of the issue. They say the factory of Renault factory at Sandouville, in northwestern France, was one of the sites affected. The consequences for the company remained unclear. Renault officials were not immediately available for comment. The European Union's police agency, Europol, says it is working with countries hit by the global ransomware cyberattack to rein in the threat and help victims. In a statement Saturday, Europol's European Cybercrime Centre, known as EC3, said the attack "is at an unprecedented level and will require a complex international investigation to identify the culprits." EC3 says its Joint Cybercrime Action Taskforce, made up of experts in high-tech crime, "is specially designed to assist in such investigations and will play an important role in supporting the investigation." The attack, which locked up computers and held users' files for ransom, was believed the biggest of its kind ever recorded. Germany's national railway says that it was among the organizations affected by the global cyberattack but there was no impact on train services. Deutsche Bahn says that departure and arrival display screens at its stations were hit Friday night by the attack. The company said it deployed extra staff to busy stations to provide customer information, and recommended that passengers check its website or app for information on their connections. The railway said that there was no impact on actual train services. The head of Turkey's Information and Communication Technologies Authority or BTK says the nation was among those affected by the ransomware attack. Omer Fatih Sayan said the country's cyber security center is continuing operations against the malicious software. The Computer Emergency Response Team of Turkey tweeted that the "wannacry ransomware" is spread over Server Message Block flaws. The team asked users to update antivirus applications and not open suspicious phishing emails. The effects of the attack on Turkey are unclear. Citing a written statement by BTK, Turkey's official Anadolu news agency said the cyberattack affected 74 countries, "including Turkey in a small way." Britain's National Cyber Security Center says teams are working "round the clock" to restore hospital computer systems after a global cyberattack that hit dozens of countries forced British hospitals to cancel and delay treatment for patients. The attack, which locked up computers and held users' files for ransom, was believed the biggest of its kind ever recorded. Several cybersecurity firms said they had identified the malicious software behind the attack, which has apparently hit Russia the hardest. British Home Secretary Amber Rudd said Saturday that 45 public health organizations were hit, but she stressed that no patient data had been stolen. Germany's national railway says departure and arrival display screens at its stations were affected Friday night, but there was no impact on train services.


News Article | May 13, 2017
Site: hosted2.ap.org

(AP) — A global "ransomware" cyberattack, unprecedented in scale, had technicians scrambling to restore Britain's crippled hospital network Saturday and secure the computers that run factories, banks, government agencies and transport systems in many other nations. The worldwide effort to extort cash from computer users is so unprecedented that Microsoft quickly changed its policy, announcing security fixes available for free for the older Windows systems still used by millions of individuals and smaller businesses. After an emergency government meeting Saturday in London, Britain's home secretary said one in five of 248 National Health Service groups had been hit. The onslaught forced hospitals to cancel or delay treatments for thousands of patients, even some with serious aliments like cancer. Home Secretary Amber Rudd said 48 NHS trusts were affected and all but six were now back to normal. The U.K.'s National Cyber Security Center said it is "working round the clock" to restore vital health services. Security officials in Britain urged organizations to protect themselves by updating their security software fixes, running anti-virus software and backing up data elsewhere. Who perpetrated this wave of attacks remains unknown. Two security firms — Kaspersky Lab and Avast — said they identified the malicious software in more than 70 countries. Both said Russia was hit hardest. "This is obviously by far the worst ransomware outbreak we've seen in, I think, forever," said Lawrence Abrams, a New York-based malware expert who runs BleepingComputer.com. And all this may be just a taste of what's coming, a leading cyber security expert warned. Computer users worldwide — and everyone else who depends on them — should assume that the next big "ransomware" attack has already been launched, and just hasn't manifested itself yet, Ori Eisen, who founded the Trusona cybersecurity firm in Scottsdale, Arizona, told The Associated Press. The attack held hospitals and other entities hostage by freezing computers, encrypting data and demanding money through online bitcoin payments. But it appears to be "low-level" stuff, Eisen said Saturday, given the amount of ransom demanded — $300 at first, rising to $600 before it destroys files hours later. He said the same thing could be done to crucial infrastructure, like nuclear power plants, dams or railway systems. "This is child's play, what happened. This is not the serious stuff yet. What if the same thing happened to 10 nuclear power plants, and they would shut down all the electricity to the grid? What if the same exact thing happened to a water dam or to a bridge?" he asked. "Today, it happened to 10,000 computers," Eisen said. "There's no barrier to do it tomorrow to 100 million computers." This is already believed to be the biggest online extortion attack ever recorded, disrupting services in nations as diverse as the U.S., Ukraine, Brazil, Spain and India. Europol, the European Union's police agency, said the onslaught was at "an unprecedented level and will require a complex international investigation to identify the culprits." The ransomware appeared to exploit a vulnerability in Microsoft Windows that was purportedly identified by the U.S. National Security Agency for its own intelligence-gathering purposes. The NSA tools were stolen by hackers and dumped on the internet. A young cybersecurity researcher has been credited with helping to halt the ransomware's spread by accidentally activating a so-called "kill switch" in the malicious software. The 22-year-old Britain-based researcher, identified online only as MalwareTech, explained Saturday how he inadvertently discovered Friday that the software's spread could be stopped by registering a garbled domain name. His $11 purchase of the name may have saved governments and companies around the world millions, slowing its spread before U.S.-based computers were more widely infected. In the U.S., FedEx Corp. reported that its Windows computers were "experiencing interference" from malware, but wouldn't say if it had been hit by ransomware. Other impacts in the U.S. were not readily apparent on Saturday. The kill switch couldn't help those already infected, however. Short of paying, options for these individuals and companies are usually limited to recovering data files from a backup, if available, or living without them. Security experts said it appeared to be caused by a self-replicating piece of software that enters companies when employees click on email attachments, then spreads quickly as employees share documents. The security holes it exploits were disclosed weeks ago by TheShadowBrokers, a mysterious group that published what it said are hacking tools used by the NSA. Microsoft swiftly announced that it had already issued software "patches" to fix those holes, but many users haven't yet installed updates or still use older versions of Windows. Before Friday's attack, Microsoft had made fixes for older systems, such as 2001's Windows XP, available only to mostly larger organizations that paid extra for extended technical support. Microsoft says now it will make the fixes free for everyone. Krishna Chinthapalli, a doctor at Britain's National Hospital for Neurology & Neurosurgery who wrote a paper on cybersecurity for the British Medical Journal, said many British hospitals still use Windows XP software, introduced in 2001. In Brazil, the social security system had to disconnect its computers and cancel public access. The state-owned oil company Petrobras and Brazil's Foreign Ministry also disconnected computers as a precautionary measure, and court systems went down, too. In Russia, government agencies insisted that all attacks had been resolved. Russian Interior Ministry, which runs the national police, said the problem had been "localized" with no information compromised. Russia's health ministry said its attacks were "effectively repelled." "When we say that the health ministry was attacked, you should understand that it wasn't the main server, it was local computers ... actually nothing serious or deadly happened yet," German Klimenko, a presidential adviser, said on Russian state television. Russian cellular phone operators Megafon and MTS were hit. The national railway said it was attacked but operations were unaffected. Russia's central bank said Saturday that no incidents were "compromising the data resources" of Russian banks. Germany's national railway said Saturday departure and arrival display screens at its train stations were affected, but there was no impact on actual train services. Deutsche Bahn said it deployed extra staff to help customers. French carmaker Renault's assembly plant in Slovenia halted production after it was targeted. Radio Slovenia said Saturday the Revoz factory in the southeastern town of Novo Mesto stopped working Friday evening to stop the malware from spreading. Elsewhere in Europe, the attack hit Spain's Telefonica, a global broadband and telecommunications company, and knocked ticketing offline for Norway's IF Odd, a 132-year-old soccer club. Heintz reported from Moscow and Breed from Raleigh, N.C.


Grant
Agency: NSF | Branch: Interagency Agreement | Program: | Phase: FED CYBER SERV: SCHLAR FOR SER | Award Amount: 2.50M | Year: 2016

None

Loading National Security Agency collaborators
Loading National Security Agency collaborators