Seven hospitals affected by cyber attack still in need of support

Share

"It's a big priority of mine that we protect the financial infrastructure", he said.

The relatively new group now has the unenviable task of cleaning up the NSA's mess, and protecting systems in the USA from further attacks.

A security guard stands outside the Telefonica headquarters in Madrid, Spain, Friday, May 12, 2017.

In the US, the Computer Emergency Readiness Team, or CERT, says it has "received multiple reports of ransomware infections in several countries around the world". Dozens of countries were hit with a huge cyberextortion.

By SYLVIA HUI, ALLEN G.

LONDON (AP) - Employees booting up computers at work Monday could see red as they discover they're victims of a global "ransomware" cyberattack that has created chaos in 150 countries and could wreak even greater havoc as more malicious variations appear. On top of that, copycat versions of the malicious software have already started to spread.

Experts advise users not to pay, as it would only encourage the attackers.

The researcher, tweeting as @MalwareTechBlog, said registering a domain name used by the malware stops it from spreading, though it can not help computers already affected.

Computers around the globe were hacked beginning on Friday using a security flaw in Microsoft's Windows XP operating system, an older version that was no longer given mainstream tech support by the USA giant.

The virus spread quickly because the culprits used a digital code believed to have been developed by the US National Security Agency - and subsequently leaked as part of a document dump, according to researchers at the Moscow-based computer security firm Kaspersky Lab.

The attack held users hostage by freezing their computers, popping up a red screen with the words, "Oops, your files have been encrypted!" and demanding money through online bitcoin payment - $300 at first, rising to $600 before it destroys files hours later.

Microsoft had "patched", or fixed it, in updates of recent versions of Windows since March, but many users did not apply the software fix. Normally, such patches are reserved for organizations willing to pay for extended support.

It was a jarring reminder of a stubborn reality facing security experts: Companies and other organizations collectively spent $73 billion on cybersecurity measures in 2016, according to the research firm IDC.

The identity of the Shadow Brokers is not known, though many security researchers say they believe they are in Russian Federation, which is a major source of ransomware and was one of the countries hit first and hardest by WannaCry.

Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm to spread across networks, a rare and powerful feature that caused infections to surge on Friday.

Mrs Bibby, who lives in Thornton, Lancashire, said: 'I've been trying to get an appointment since Friday but I keep being told to call back. But computers and networks that hadn't updated their systems were still at risk.

A United Kingdom security researcher has told the BBC how he "accidentally" halted the spread of the malicious ransomware that has affected hundreds of organisations, including the UK's NHS. That cheap move redirected the attacks to MalwareTech's server, which operates as a "sinkhole" to keep malware from escaping.

That quick thinking may have saved governments and companies millions of dollars and slowed the outbreak before USA -based computers were more widely infected.

He also warned hackers could upgrade the virus to remove the "kill switch" that helped to stop it.

Once inside an organization, WannaCry uses a Windows vulnerability purportedly identified by the NSA and later leaked to the internet.

Dr Helen Mackie, chief of medical services at the hospital, urged patients to take their medication with them, warning doctors could have problems accessing their records. But some experts have argued this attack could have been vastly mitigated if the NSA told Microsoft sooner.

Share