'Accidental hero' halts ransomware attack, warns threat is not over

Remigio Civitarese
Mag 17, 2017

MalwareTech is part of a large global cybersecurity community, working independently or for security companies, who are constantly watching for attacks and working together to stop or prevent them, often sharing information via Twitter.

Investigators say a group of hackers used software that locks down all computer files.

In Russia, government agencies insisted that all attacks had been resolved. It's fairly common for members to use aliases for privacy or to protect themselves from retaliatory attacks.

Microsoft Corp. President Brad Smith, in a blog post Sunday, said the attack is a "wake-up call" for governments in the USA and elsewhere to stop stockpiling tools to exploit digital vulnerabilities.

Of course, the developers behind WannaCry could also easily rewrite their malware to continue targeting Windows PCs with the SMB flaw.

"It really would not be so hard for the actors behind this to re-release their code without a kill switch or with a better kill switch", Huss said. Britain canceled or delayed treatments for thousands of patients, even people with cancer. Home Secretary Amber Rudd said all but six of the NHS trusts back to normal Saturday.

That quick thinking may have saved governments and companies millions of dollars and slowed the outbreak before USA -based computers were more widely infected.

"It is important to understand that the way these attacks work means that compromises of machines and networks that have already occurred may not yet have been detected, and that existing infections from the malware can spread within networks", the UK's National Cyber Security Centre said in a statement.

By latest count, the attack affected 99 countries through more than 75,000 individual incidents.

"Personally, I really feel like I didn't play a huge role in everything", said Darien Huss, of the cyber-security company Proofpoint, when asked by reporters about his role in stopping a global cyber attack.

Europol, the European Union's police agency, said the onslaught was at "an unprecedented level and will require a complex worldwide investigation to identify the culprits". But he said he's anxious the authors of the malware could release a new and improved version without a kill switch, or that copycats could unleash similar attacks. Security firm Avast says the main targets of the ransomware appear to be in Russia, Ukraine and Taiwan, but notes that the ransomware includes localized translations in 28 different languages - from Bulgarian to Vietnamese.

A spokesman for the Russian Health Ministry, Nikita Odintsov, tweeted that the cyberattacks on his ministry were "effectively repelled". Short of paying, options for these individuals and companies are usually limited to recovering data files from a backup, if available, or living without them.

He also warned hackers could upgrade the virus to remove the "kill switch" that helped to stop it.

Officials and experts Sunday urged organizations and companies to update their operating systems immediately to ensure they are not vulnerable to a second, more powerful version of the software - or to future versions that can not be stopped.

Cybersecurity experts said the spread of the worm dubbed WannaCry - "ransomware" that locked up more than 200,000 computers in more than 150 countries - had slowed but that the respite might only be brief amid fears it could cause new havoc on Monday when employees return to work. Microsoft swiftly released software "patches" to fix those holes, but many users still haven't installed updates or still use older versions of Windows.

Altre relazioniGrafFiotech

Discuti questo articolo


Segui i nostri GIORNALE