NEW Major Cyberattack Infects Computers in 99 Countries

Elizabeth Williams
May 14, 2017

The ransomware is known as WannaCry, and many outlets are reporting that it took advantage of a vulnerability in Windows that Microsoft patched earlier this year.

The most disruptive attacks were reported in Britain, where hospitals and clinics were forced to turn away patients after losing access to computers on Friday.

Tens of thousands of Windows computers were affected including some in Canada.

China's information security watchdog said "a portion" of Windows systems users in the country were infected, according to a notice posted on the official Weibo page of the Beijing branch of the Public Security Bureau on Saturday. The western MI resident said he noticed the authors of the malware had left in a feature known as a kill switch.

A young cybersecurity researcher has been credited with helping to halt the spread of the global ransomware attack by accidentally activating a so-called "kill switch" in the malicious software. It's not uncommon for them to use aliases, either to protect themselves from retaliatory attacks or for privacy.

The 22-year-old Britain-based researcher, identified online only as MalwareTech, explained Saturday that he spotted a hidden web address in the "WannaCrypt" code and made it official by registering its domain name.

The worldwide cyberextortion attack has been called "unprecedented" by Europol, which is investigating who is behind it. Several cybersecurity firms said they had identified the malicious software behind the attack, which has apparently hit Russian Federation the hardest.

These hackers "have caused enormous amounts of disruption- probably the biggest ransomware cyberattack in history", said Graham Cluley, a veteran of the anti-virus industry in Oxford, England.

Microsoft released fixes for the vulnerability in March, but computers that didn't run the update were subject to the ransom attack.

Friday's attack was based on a Windows vulnerability that was purportedly identified by the U.S. National Security Agency and was later leaked to the internet.

A malware tracking map showed "WannaCry" infections were widespread. Portugal Telecom and Telefonica Argentina both said they were also targeted.

Pope cheered in Fatima to honor children who urged peace
By 1919, two of the children, Jacinta and Francisco, who were canonized today by Pope Francis, had died from influenza. When composing her memoirs in 1941, dos Santos wrote of "three secrets" the children were told by the Virgin Mary.

Amtrak Engineer Charged In Deadly Philadelphia Crash Following Judge's Order
The NTSB investigation found that Bostian was distracted by radio conversations about other trains being hit with projectiles. Criminal charges have been filed against the engineer of the Amtrak train that crashed May 12, 2015 killing eight passengers.

Ravens' John Harbaugh Defends Orioles In Growing Rivalry With Red Sox
So Harbaugh's comments on the heated baseball feud between the Baltimore Orioles and Boston Red Sox won't go over very well. Red Sox: Knuckleballer Steven Wright will have surgery to fix cartilage in his left knee and miss the rest of the season.

French carmaker Renault SA halted production at some factories to stop the virus from spreading, a spokesman said Saturday, while Nissan Motor Co.'s United Kingdom auto plant in Sunderland, in northeast England, was affected without causing any major impact on business, an official said.

It turned out that the ransomware code was written to connect to an unregistered domain and "if the connection is not successful it ransoms the system, if it is successful, the malware exits".

Britain's National Health Service says hospitals across the country have been hit by a "ransomware" cyberattack but there is no evidence that patient data has been accessed.

Britain's home secretary says about one in five National Health Service trusts have been hit by the global ransomware cyberattack, and that all but six are now back to normal.

The U.K.'s National Cyber Security Center was "working round the clock" to restore vital health services, while urging people to update security software fixes, run anti-virus software and back up their data elsewhere.

And all this may be just a taste of what's coming, a cyber security expert warned. This attack, according to reports, has so far affected over 99 countries and 100,000 machines.

The attacks used a technique known as ransomware that locks users' files unless they pay the attackers a designated sum in the virtual currency Bitcoin. "The recent attack is at an unprecedented level and will require a complex worldwide investigation to identify the culprits", it said in a statement.

"I think these hackers have to recognize that these authorities will come after them with a vengeance", Gazeley said.

But he also said he's concerned the authors of the malware could re-release it - perhaps in the next few days or weeks - without a kill switch or with a better one, or that copycats could mimic the attack.

"I was quickly able to get a sample of the malware with the help of Kafeine, a good friend and fellow researcher". His action couldn't help those already infected, however. Short of paying, options for these individuals and companies are usually limited to recovering data files from a backup, if available, or living without them.

Security experts said the attack appeared to be caused by a self-replicating piece of software that enters companies and organizations when employees click on email attachments, then spreads quickly internally from computer to computer when employees share documents and other files.

Other reports by VgToday

Discuss This Article