"Worst-Ever Recorded" Ransomware Attack Strikes Over 57,000 Users Worldwide, Using NSA-Leaked Tools

Tyler Durden's picture

The ransomware has been identifed as WannaCry

* * *

Update 4: According to experts tracking and analyzing the worm and its spread, this could be one of the worst-ever recorded attacks of its kind. The security researcher who tweets and blogs as MalwareTech told The Intercept “I’ve never seen anything like this with ransomware," and "the last worm of this degree I can remember is Conficker.” Conficker was a notorious Windows worm first spotted in 2008; it went on to infect over nine million computers in nearly 200 countries. As The Intercept details,

Today’s WannaCry attack appears to use an NSA exploit codenamed ETERNALBLUE, a software weapon that would have allowed the spy agency’s hackers to break into any of millions of Windows computers by exploiting a flaw in how certain version of Windows implemented a network protocol commonly used to share files and to print. Even though Microsoft fixed the ETERNALBLUE vulnerability in a March software update, the safety provided there relied on computer users keeping their systems current with the most recent updates. Clearly, as has always been the case, many people (including in governments) are not installing updates. Before, there would have been some solace in knowing that only enemies of the NSA would have to fear having ETERNALBLUE used against them–but from the moment the agency lost control of its own exploit last summer, there’s been no such assurance.

 

Today shows exactly what’s at stake when government hackers can’t keep their virtual weapons locked up.

 

As security researcher Matthew Hickey, who tracked the leaked NSA tools last month, put it, “I am actually surprised that a weaponized malware of this nature didn’t spread sooner.”

Update 3: Microsoft  has issued a statement, confirming the status the vulnerability:

Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt.

 

In March, we provided a security update which provides additional protections against this potential attack.

 

Those who are running our free antivirus software and have Windows updates enabled, are protected. We are working with customers to provide additional assistance.

Update 2: Security firm Kaspersky Lab has recorded more than 45,000 attacks in 74 countries in the past 10 hours. Seventy-four countries around the globe have been affected, with the number of victims still growing, according to Kaspersky Lab. According to Avast, over 57,000 attacks have been detected worldwide, the company said, adding that it "quickly escalated into a massive spreading."

According to Avast, the ransomware has also targeted Russia, Ukraine and Taiwan. The virus is apparently the upgraded version of the ransomware that first appeared in February. Believed to be affecting only Windows operated computers, it changes the affected file extension names to ".WNCRY." It then drops ransom notes to a user in a text file, demanding $300 worth of bitcoins to be paid to unlock the infected files within a certain period of time.

While the victim's wallpaper is being changed, affected users also see a countdown timer to remind them of the limited time they have to pay the ransom. If they fail to pay, their data will be deleted, cybercriminals warn. According to the New York Times, citing security experts, the ransomware exploits a "vulnerability that was discovered and developed by the National Security Agency (NSA)." The hacking tool was leaked by a group calling itself the Shadow Brokers, the report said, adding, that it has been distributing the stolen NSA hacking tools online since last year.

Predictably, Edward Snowden - who has been warning about just such an eventuality - chimed in on Twitter, saying "Whoa: @NSAGov decision to build attack tools targeting US software now threatens the lives of hospital patients."
 

*  *  *

Update 1: In a shocking revelation, The FT reports that hackers responsible for the wave of cyber attacks that struck organisations across the globe used tools stolen from the US National Security Agency.

A hacking tool known as “eternal blue”, developed by US spies has been weaponised by the hackers to super-charge an existing form of ransomware known as WannaCry, three senior cyber security analysts said. Their reading of events was confirmed by western security officials who are still scrambling to contain the spread of the attack. The NSA’s eternal blue exploit allows the malware to spread through file-sharing protocols set up across organisations, many of which span the globe.

As Sam Coates summed up...

*  *  *

We earlier reported in the disturbing fact that hospitals across the United Kingdom had gone dark due to a massive cyber-attack...

Hospitals across the UK have been hit by what appears to be a major, nationwide cyber-attack, resulting in the loss of phonelines and computers, with many hospitals going "dark" and some diverting all but emergency patients elsewhere. At some hospitals patients are being told not to come to A&E with all non-urgent operations cancelled, the BBC reports.

 

The UK National Health Service said: “We’re aware that a number of trusts that have reported potential issues to the CareCERT team. We believe it to be ransomware.” It added that trusts and hospitals in London, Blackburn, Nottingham, Cumbria and Hertfordshire have been affected and are reporting IT failures, in some cases meaning there is no way of operating phones or computers.

 

At Lister Hospital in Stevenage, the telephone and computer system has been fully disabled in an attempt to fend off the attack.

 

NHS England says it is aware of the issue and is looking into it.

UK Prime Minister Theresa May confirms today's massive cyber hit on NHS is part of wider international attack and there is no evidence patient data has been compromised.

The situation has got significantly worse as The BBC reports the ransomware attack has gone global.

 

Screenshots of a well known program that locks computers and demands a payment in Bitcoin have been shared online by parties claiming to be affected.

It is not yet clear whether the attacks are all connected. One cyber-security researcher tweeted that he had detected 36,000 instances of the ransomware, called WannaCry and variants of that name.

"This is huge," he said.

There have been reports of infections in the UK, US, China, Russia, Spain, Italy, Vietnam, Taiwan and others.

The BBB details a number of Spanish firms were among the apparent victims elsewhere in Europe.

Telecoms giant Telefonica said in a statement that it was aware of a "cybersecurity incident" but that clients and services had not been affected.

 

Power firm Iberdrola and utility provider Gas Natural were also reported to have suffered from the outbreak.

 

There were reports that staff at the firms were told to turn off their computers.

In Italy, one user shared images appearing to show a university computer lab with machines locked by the same program.

Bitcoin wallets seemingly associated with the ransomware were reported to have already started filling up with cash.

"This is a major cyber attack, impacting organisations across Europe at a scale I've never seen before," said security architect Kevin Beaumont.

According to security firm Check Point, the version of the ransomware that appeared today is a new variant.

"Even so, it's spreading fast," said Aatish Pattni, head of threat prevention for northern Europe.

Several experts monitoring the situation have linked the attacks to vulnerabilities released by a group known as The Shadow Brokers, which recently claimed to have dumped hacking tools stolen from the NSA.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Snaffew's picture

just keep the wording to your posts in code, and they won't even know what we are thinking.

logicalman's picture

Fundamental privacy rules???

In your dreams.

JohninMK's picture

Just released for the oldtimers out there.

Microsoft is releasing a MS17-010 update especially for WinXP and out of support version of Windows!

Snaffew's picture

you just know that the main news sources will be pumping this story all weekend long...come monday, the software security companies will all have a nice pop imo.  CHKP,FEYE, etc.

Eddielaidler's picture

Sheeple hear nothing but Trump goop 24/7.

Sid Davis's picture

I wonder what product liability lawyers would say about Microsoft deliberately leaving a back door opened into the Windows operating system. Sounds like some lawyer will be running an ad on TV for those wanting to join a class action lawsuit.

Bill Gates in my opinion has always been a leftist scumbag.

Dr. Acula's picture

I wonder about this too:

http://www.techrepublic.com/article/is-the-intel-management-engine-a-bac...

"Various sources report that Intel's latest x86 chips contain a secret backdoor"

 

stormsailor's picture

i always thought intel putted from the rough

. . . _ _ _ . . .'s picture

Actually, this has been known for some time. Bill Gates likened it to a TV dinner with some of the compartments left empty, for future use.

PrometeyBezkrilov's picture

"used tools stolen from the US National Security Agency......"

Somehow I doubt theat they were "stolen".

wisehiney's picture

Now that they cannot surf and fuck around on the internet, maybe some of those hospital employees will try to clean the place for a change.

stant's picture

Planes start calling out of the sky it be all over. Long analog systems

Robert Trip's picture

Long on carrier pigeons, combustible paper and invisible ink.

The internet as an information highway is dead .

Good geeks versus bad geeks and this is the result.

Chaos.

HoserF16's picture

CIA, NSA and Mossad, are working overtime....

 

alfaafla's picture

Old news. 

Encountered this 3 years ago. Was around 500 USD of bitcoin then. 

 

moorewasthebestbond's picture

Somebody has some 'splainin' to do.

 

How exactly did these ELECTRONIC MUNITIONS fall into unfriendly hands?

Insurrexion's picture

The cyber-attacks will continue until the capitulation phase.

silverserfer's picture

Payment in  bicoin only!   LOL

allgoodmen's picture

I need to pay the ransom, but the ransomware encrypted my Bitcoin wallet

Robert Trip's picture

Their geeks... 1

Our geeks... 0

Stan522's picture

It probably is our geeks.....

fattail's picture

So the recent ramp in the value of bitcoin was just the smart money front running the sudden demand from the NSA's ransomware?

s2man's picture

No problem.  Just restore your file from backups.

Oooh.  You didn't back up your files?  It must suck to be you.

JethroBodien's picture

Network admins around the globe going to be burning the midnight oil on this one.  Cost of this likely to run into the billions.

Truly Inspiration's picture

So is it the test for the upcoming financial collapse? Just imagine that suddenly all banks get infected by such a virus. Allows them to blame the financial crash to hackers - lol

WillyGroper's picture

i was thinking it's a diversion for the banking system going...poof.

gonna happen on a friday.

falak pema's picture

The West has now become the hub of the NEW BARBARIANS...

Think about that...

The Silk road tries to put China back on track using the lessons of the West, whereas the US is now bent on destroying its past legacy of Jeffersonian idealism; the inceptional dream of pursuit of... in order to ensure that the US cabal fucks up the world.

Some about turn since Lafayette and Washington formed the liberal alliance based on Enlightenment.

The Duck is the rancid extraction of the US's fall into the sons of imperial dictat of the house of Atreus based on "for us or against us" mantra that knows no historical RULES nor ethics.

Post Columbian about turn, of magnitude that will make 1453 fall of Constantinople look like a resurgent nightmare.

Asian pivot! 

Incorporated by inference's picture

Doesn't it just break your heart. The carnage. Indeed

Galieo's picture

Now our law will get off it's ass and take this serious.  Once they do catch someone doing this, they will be drug down the street.

Snaffew's picture

they are going to drag our own government agencies down the street?  That'll be the day!

cherry picker's picture

Sue the NSA, CIA.  This will finally put them out of business.

VWAndy's picture

 Its a good thing they cant hack our cars or anything important.

  How does that saying go? If you got nothing then you dont have anything to worry about.

chosen's picture

If you got nothing, you got nothing to lose.

Joebloinvestor's picture

Shit gets out of the lab at the CDC to.

DarthNecr0sis's picture

Ooooh! My inner Tyler is giggling like a little school girl!

Joebloinvestor's picture

Shit gets out of the lab at the CDC and Dugway to.

ExYank's picture

This is great news for me. I work in this arena. Outside of the US. Going to be a profitable week!

Benito_Camela's picture

Now watch the shyster (((central banks))) use their leverage with the various LEAs in the US and EU to crack down on bitcoin like it's nobody's business. 

chosen's picture

"Researchers say it is spreading through a Microsoft (MSFT, Tech30) Windows exploit called "EternalBlue," which Microsoft released a patch for in March."

If imbeciles are not going to use Windows Update, then they should expect to be attacked.  I read yesterday about another serious vulnerability, and downloaded the patch yesterday.  Stay awake.

 

Berspankme's picture

"but you have not so enough time" is definitely a chinese/chinglish expression. Heard it many times when I lived there

Boxed Merlot's picture

...definitely a chinese/chinglish expression....

So, what you're saying is it's the CIA? I mean, they're the ones that have the ability to assign whatever they want to who(m)ever "they" want. Right?

Yeah, thought so.

jmo.

Montana Cowboy's picture

If the neighbor kid burglarizes our home and commits crimes with our gun that he stole, we get in trouble under a variety of laws which vary from state to state. So why isn't the NSA civilly and criminally liable for all this? If they develop this weapon, they are responsible to keep it locked up and secured. You can smell it coming already. Some lowly clerk at the NSA is going to be the fall guy.

samsara's picture

I don't think you can bring suit against them

Christophe2's picture

Well, even if you can bring the suit, you can't win it 'coz the NSA is protecting us against the Russians and can't (bother) explaining any more, since doing so might tip off the Ruskies!

Congress will surely find that this incident was due to lack of funds at the NSA, which they will fix in the next budget.  Successful lawsuits form sheeple?  I don't think so.

Silver Savior's picture

*Yawn* I would just buy a new computer. You can get them very cheap anywhere. Just back up some info on the back of an envelope and it's all good. lol. Let the obsolete computer fry who cares. lol. 

Back in the day when I lugged around a laptop it got the blue screen of death one day and I just got a new one. 

mc888's picture

That's what they do in the corporate world. If someone is dumb enough (and there's always somebody - usually in upper management) to infect the whole LAN, they just chuck 'em and get new ones.

All they really need to do is swap out the hard disk for a new one with a fresh image on it. But it's faster to just roll up a cart full of shiny new PC's and pass 'em out to the users.