Massive ransomware attack spreads across the globe

Jos

Jos

Posts: 3,073   +97
Staff

A new strain of ransomware is wrecking havoc all over the world, with hospitals across England and major companies in several countries reportedly affected. Security experts have identified the ransomware as a new strain of the WannaCry (also known as WanaCrypt0r and WCry) malware, and apparently its reach extends beyond the UK and Spain, into Russia, Taiwan, France, Japan, and more.

The malware leverages a Windows vulnerability known as EternalBlue that leaked last month when a group known as Shadow Brokers posted a bunch of hacking tools that allegedly belonged to the NSA. Microsoft issued a patch for the flaw in March, but apparently many organizations have failed to keep up.

Among the first reported cases are the National Health Service hospitals and facilities around England, which experienced system failures and locked machines showing a ransom message demanding $300 worth of bitcoin. The NHS says said no private patient data has been stolen but some of its hospitals have postponed all non-urgent activity and new patients are being diverted to nearby healthcare facilities.

The malware has also hobbled the large telecom company Telefonica in Spain, as well as the natural gas company Gas Natural, and the electrical company Iberdrola.

Over in the US, FedEx has also confirmed it is experiencing “interference” with some of their Windows-based systems caused by malware. The company is reportedly shutting down its PCs and taking its ESX servers offline while it tries to deal with the ransomware.

"The impact of this global ransomware outbreak using NSA leaked tools demonstrates how susceptible our physical world is, not a country or a region but ALL OF US individually and collectively," Ralph Echemendia, a cyber security specialist known as the "The Ethical Hacker" told TechSpot. "This incident is just one of many that will continue to shape the way we evolve. The opposite of Physical is Virtual, but most don’t realize that virtual still means real. This is a very real and substantial attack on trust. Can we trust companies and governments to keep us safe. The answer is no."

It’s still unclear who is behind the attack but we’ll report when more information comes up.

Ransomware image credit: BBC

Permalink to story.

https://www.techspot.com/news/69300-massive-ransomware-attack-spreads-across-globe.html

 
Ok, ok, I get it. The government can't keep any of us safe. But who to contact to keep one secure? Who... You gonna... Call?
 
RedGuard said:
Ok, ok, I get it. The government can't keep any of us safe. But who to contact to keep one secure? Who... You gonna... Call?
Click to expand...

In matters of cyberspace: No one.

In matters of the physical: Well, this thread is about guns now.
 
Win7Dev said:
For all those IT people that don't apply updates in a timely fashion because "they don't help anyone".
Click to expand...
Applying updates is one thing. What about making regular backups? Some people just never learn, even after being bitten in the same place a number of times.
I'm sorry it's hospitals being targeted but they look like an easy mark... and it looks like a lot of their "professional IT staff" don't have enough intelligence to spell the word "IT". If they don't regularly apply updates and do backups, what the hell are they doing in the trade in 1st place???
 
  • Like
Reactions: Theinsanegamer, Hasbean, DJMIKE25 and 1 other person
Have you tried turning it off and on again?

Backups and updates are not going to help you when your staff who have access to the internet does not care or is not given security training. Allowing them to browse any site or download from anywhere is a sure fire way to have this happen. You would think people would know by now not to open attachments from people they don't know or if the subject is fishy.

As if I didn't have much faith in humanity already... this just lowers the bar even more.
 
This is a sad state of affairs when it comes to hospitals. The fact they got hit by a mass malware attack and went down raises serious questions regarding data security. They would not stand a chance if it was a targeted attack.
 
  • Like
Reactions: Theinsanegamer, Kenrick and mcborge
BACKUPS BACKUPS BACKUPS. Do I need to name all of the ways this can be done? We've had ransomware issues with a couple of clients, but had no issues completely restoring servers from backups. Sure in some cases you have downtime, but nowhere near the headaches you do if you aren't keeping up with your backups. With that said, as soon as you test your updates in whatever test environment you have, push them out.
 
  • Like
Reactions: Theinsanegamer and Cycloid Torus
Reehahs said:
This is a sad state of affairs when it comes to hospitals. The fact they got hit by a mass malware attack and went down raises serious questions regarding data security. They would not stand a chance if it was a targeted attack.
Click to expand...

I agree. If this was targeted, spare the hospitals. I could not care if Fedex cannot deliver my package or I dont have electricity for a few hours. Just imagine the downtime patients and families have to endure because of a computer problem. Hospitals dont really update their systems unless they encounter a problem.
 
  • Like
Reactions: Reehahs and DJMIKE25
mcborge said:
All three hospitals were I live got hit and I bet half their systems are still running xp, I know my local doctor's surgery still is.
Click to expand...

I cringe whenever I see stories like this and think of any clients who refuse to spend the money to upgrade their XP or vista machines. Doctors offices are difficult because of proprietary software that hasn't been updated to run on newer operating systems, but things need to change.
 
This has just made my weekend...
Been sent to the office to check all our clients Backups are ok in case any of them get it!
 
This malware targets a vulnerability in SMBv1. No need to patch systems, just disable SMBv1 altogether. SMBv2 was introduced starting with Vista so there's no valid excuse to still be using SMBv1. Windows XP or Windows Server 2000(-03) should not be used in any capacity in a networked environment, or at all for that matter. Their security is far too deprecated to say nothing of their compatibility with more modern systems.
 
merikafyeah said:
This malware targets a vulnerability in SMBv1. No need to patch systems, just disable SMBv1 altogether. SMBv2 was introduced starting with Vista so there's no valid excuse to still be using SMBv1. Windows XP or Windows Server 2000(-03) should not be used in any capacity in a networked environment, or at all for that matter. Their security is far too deprecated to say nothing of their compatibility with more modern systems.
Click to expand...
The NHS still have a lot of XP machines and probably Server 2003 as well. It's getting political here in the UK. The NHS doesn't have the money to upgrade.
 
  • Like
Reactions: Phr3d, Theinsanegamer and mcborge
DJMIKE25 said:
mcborge said:
All three hospitals were I live got hit and I bet half their systems are still running xp, I know my local doctor's surgery still is.
Click to expand...

I cringe whenever I see stories like this and think of any clients who refuse to spend the money to upgrade their XP or vista machines. Doctors offices are difficult because of proprietary software that hasn't been updated to run on newer operating systems, but things need to change.
Click to expand...
What can we do? It's a too good of an operating system.
 
Nobina said:
DJMIKE25 said:
mcborge said:
All three hospitals were I live got hit and I bet half their systems are still running xp, I know my local doctor's surgery still is.
Click to expand...

I cringe whenever I see stories like this and think of any clients who refuse to spend the money to upgrade their XP or vista machines. Doctors offices are difficult because of proprietary software that hasn't been updated to run on newer operating systems, but things need to change.
Click to expand...
What can we do? It's a too good of an operating system.
Click to expand...
Obviously not that good.
 
But for the average person, their files are not that important. If you have a drive image of the system drive and an external drive for individual files backup including the drive images, then you'll laugh at ransom popup message, and you'll restore your drive in a matter of minutes. However it's best to have that external drive usually disconnected and to have several system drive backups made over the last few months.
 
Burty117 said:
merikafyeah said:
This malware targets a vulnerability in SMBv1. No need to patch systems, just disable SMBv1 altogether. SMBv2 was introduced starting with Vista so there's no valid excuse to still be using SMBv1. Windows XP or Windows Server 2000(-03) should not be used in any capacity in a networked environment, or at all for that matter. Their security is far too deprecated to say nothing of their compatibility with more modern systems.
Click to expand...
The NHS still have a lot of XP machines and probably Server 2003 as well. It's getting political here in the UK. The NHS doesn't have the money to upgrade.
Click to expand...
It seems Microsoft has caved to the bad rep and has actually released a patch for Windows XP and Server 2003: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

In other news, this attack has subsided a bit thanks to a discovered killswitch: https://www.ncsc.gov.uk/blog-post/finding-kill-switch-stop-spread-ransomware-0
 
  • Like
Reactions: Per Hansson
You must log in or register to reply here.

Similar threads

A
Ransomware operations made more than $1 billion in 2023
Replies
1
Views
140
brucek
brucek
midian182
LockBit website seized, operations disrupted in joint international law enforcement operation
Replies
4
Views
190
erickmendes
erickmendes
Shawn Knight
IBM says their latest AI-enhanced storage platform can identify ransomware in under a...
Replies
4
Views
171
wiyosaya
wiyosaya

Latest posts

Back