May 13, 2017 09:23 AM IST | Source: PTI moneycontrol
Cyber extortionists tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.
A global cyberattack
leveraging hacking tools widely believed by researchers to have been developed
by the US National Security Agency hit international shipper FedEx, disrupted
Britain's health system and infected computers in nearly 100 countries on Friday.
Cyber extortionists
tricked victims into opening malicious malware attachments to spam emails that
appeared to contain invoices, job offers, security warnings and other
legitimate files.
The ransomware
encrypted data on the computers, demanding payments of $300 to $600 to restore
access. Security researchers said they observed some victims paying via the
digital currency bitcoin, though they did not know what percent had given in to
the extortionists.
Researchers with
security software maker Avast said they had observed 57,000 infections in 99
countries with Russia, Ukraine and Taiwan the top targets.
The most disruptive
attacks were reported in Britain, where hospitals and clinics were forced to
turn away patients after losing access to computers.
International shipper
FedEx Corp (FDX.N) said some of
its Windows computers were also infected. "We are implementing remediation
steps as quickly as possible," it said in a statement.
Still, only a small
number of U.S.-headquartered organizations were hit because the hackers appear
to have begun the campaign by targeting organizations in Europe, said Vikram
Thakur, research manager with security software maker Symantec.
By the time they
turned their attention to the United States, spam filters had identified the
new threat and flagged the ransomware-laden emails as malicious, Thakur said.
The U.S. Department of
Homeland Security said late on Friday that it was aware of reports of the
ransomware, was sharing information with domestic and foreign partners and was
ready to lend technical support.
Telecommunications
company Telefonica (TEF.MC) was among
many targets in Spain, though it said the attack was limited to some computers
on an internal network and had not affected clients or services. Portugal
Telecom and Telefonica Argentina both said they were also targeted.
Private security firms
identified the ransomware as a new variant of "WannaCry" that had the
ability to automatically spread across large networks by exploiting a known bug
in Microsoft's Windows operating system.
"Once it gets in
and starts moving across the infrastructure, there is no way to stop it,"
said Adam Meyers, a researcher with cyber security firm CrowdStrike.
The hackers, who have
not come forward to claim responsibility or otherwise been identified, likely
made it a "worm," or self spreading malware, by exploiting a piece of
NSA code known as "Eternal Blue" that was released last month by a
group known as the Shadow Brokers, researchers with several private cyber
security firms said.
"This is one of
the largest global ransomware attacks the cyber community has ever seen,"
said Rich Barger, director of threat research with Splunk, one of the firms
that linked WannaCry to the NSA.
The Shadow Brokers
released Eternal Blue as part of a trove of hacking tools that they said
belonged to the U.S. spy agency.
Microsoft on Friday
said it was pushing out automatic Windows updates to defend clients from
WannaCry. It issued a patch on March 14 to protect them from Eternal Blue."Today our engineers added detection and protection
against new malicious software known as Ransom:Win32.WannaCrypt,"
Microsoft said in a statement
. It said the company was working
with its customers to provide additional assistance.
No comments:
Post a Comment