More disruptions feared from cyber attack; Microsoft slams govt secrecy

WASHINGTON/FRANKFURT, (Reuters) – Officials across the globe scrambled over the weekend to catch the culprits behind a massive ransomware worm that disrupted operations at car factories, hospitals, shops and schools, while Microsoft yesterday pinned blame on the U.S. government for not disclosing more software vulnerabilities.

Cyber security experts said the spread of the worm dubbed WannaCry – “ransomware” that locked up more than 200,000 computers in more than 150 countries – had slowed but that the respite might only be brief amid fears it could cause new havoc today when employees return to work.

New versions of the worm are expected, they said, and the extent – and economic cost – of the damage from Friday’s attack were unclear.

In a blog post late yesterday, Microsoft President Brad Smith appeared to tacitly acknowledge what researchers had already widely concluded: The ransomware attack leveraged a hacking tool, built by the U.S. National Security Agency, that leaked online in April.

He also poured fuel on a long-running debate over how government intelligence services should balance their desire to keep software flaws secret – in order to conduct espionage and cyber warfare – against sharing those flaws with technology companies to better secure the internet.

“This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem,” Smith wrote. He added that governments around the world should “treat this attack as a wake-up call” and “consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”

The NSA and White House did not immediately respond to requests for comment about the Microsoft statement.

U.S. President Donald Trump on Friday night ordered his homeland security adviser, Tom Bossert, to convene an “emergency meeting” to assess the threat posed by the global attack, a senior administration official told Reuters.

Senior U.S. security officials held another meeting in the White House Situation Room on Saturday, and the FBI and the National Security Agency were working to help mitigate damage and identify the perpetrators of the massive cyber attack, said the official, who spoke on condition of anonymity to discuss internal deliberations.

The investigations into the attack were in the early stages, however, and attribution for cyber attacks is notoriously difficult.

The original attack lost momentum late on Friday after a security researcher took control of a server connected to the outbreak, which crippled a feature that caused the malware to rapidly spread across infected networks.

Infected computers appear to largely be out-of-date devices that organizations deemed not worth the price of upgrading or, in some cases, machines involved in manufacturing or hospital functions that proved too difficult to patch without possibly disrupting crucial operations, security experts said.

Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm to spread across networks, a rare and powerful feature that caused infections to surge on Friday.

Code for exploiting that bug, which is known as “Eternal Blue,” was released on the internet last month by a hacking group known as the Shadow Brokers.

The head of the European Union police agency said on Sunday the cyber assault hit 200,000 victims in at least 150 countries and that number would grow when people return to work on Monday.

Monday was expected to be a busy day, especially in Asia which may not have seen the worst of the impact yet, as companies and organizations turned on their computers.

“Expect to hear a lot more about this tomorrow morning when users are back in their offices and might fall for phishing emails” or other as yet unconfirmed ways the worm may propagate, said Christian Karam, a Singapore-based security researcher.

Targets both large and small have been hit.

Renault said on Saturday it had halted manufacturing at plants in Sandouville, France, and Romania to prevent the spread of ransomware in its systems.

Among the other victims is a Nissan manufacturing plant in Sunderland, northeast England, hundreds of hospitals and clinics in the British National Health Service, German rail operator Deutsche Bahn and International shipper FedEx Corp

A Jakarta hospital said on Sunday that the cyber attack had infected 400 computers, disrupting the registration of patients and finding records. The hospital said it expected big queues on Monday when about 500 people were due to register.

Account addresses hard-coded into the malicious WannaCry software code appear to show the attackers had received just under $32,500 in anonymous bitcoin currency as of 1100 GMT (7 a.m. EDT) on Sunday, but that amount could rise as more victims rush to pay ransoms of $300 or more to regain access to their computers, just one day before the threatened deadline expires.

The threat receded over the weekend after a British-based researcher, who declined to give his name but tweets under the profile @MalwareTechBlog, said he stumbled on a way to at least temporarily limit the worm’s spread by registering a web address to which he noticed the malware was trying to connect.

Security experts said his move bought precious time for organizations seeking to block the attacks.

Researchers remained on high alert for new variants that could lead to a fresh wave of infections. Researchers from three security firms dismissed initial reports on Saturday that a new version of WannaCry/WannaCrypt had emerged, saying this was based on a rushed analysis of code data that proved erroneous.

The MalwareTech researcher warned on Twitter on Sunday: “Version 1 of WannaCrypt was stoppable but version 2.0 will likely remove the flaw. You’re only safe if you patch ASAP.”

Comments  

Pope ends Latin American trip with warning about political corruption

LIMA,  (Reuters) – Pope Francis celebrated an open air Mass for more than 1 million people yesterday, ending a trip to Chile and Peru marked by tough talk on political corruption but a backlash over what many see as his insufficient resolve to tackle sexual abuse in the Church.

Guatemala businessman, wanted on graft charges, seeks U.S. asylum

GUATEMALA CITY,  (Reuters) – Former Guatemalan presidential candidate Manuel Baldizon, who is wanted on graft charges, has sought asylum in the United States after he was arrested while trying to enter the country, authorities from both nations said.

With 25,339 murders in 2017, Mexico suffers record homicide tally

MEXICO CITY,  (Reuters) – There were more than 25,000 murders across drug-ravaged Mexico in 2017, the highest annual tally since modern records began, government data showed.

“Billionaire bonanza” driving huge global inequality – Oxfamc

LONDON,  (Thomson Reuters Foundation) – Four out of every five dollars of wealth generated in 2017 ended up in the pockets of the richest one percent, while the poorest half of humanity got nothing, a report published by Oxfam found yesterday.

A proud moment for T&T: President-elect Paula Mae-Weekes

(Trinidad Express) It is official! Retired judge Paula-Mae Weekes is now the President-elect of Trinidad and Tobago.

Your browser is out-of-date!

Update your browser to view this website correctly.

We built stabroeknews.com using new technology. This makes our website faster, more feature rich and easier to use for 95% of our readers.
Unfortunately, your browser does not support some of these technologies. Click the button below and choose a modern browser to receive our intended user experience.

Update my browser now

×