Hack attack a global threat
Unprecedented ‘ransomware’ attack seeks cash for data
LONDON — A global “ransomware” attack, unprecedented in scale, had technicians scrambling to restore Britain’s crippled hospital network Saturday and secure the computers that run factories, banks, government agencies and transport systems in many other nations.
The worldwide cyberextortion attack is so unprecedented, in fact, that Microsoft quickly changed its policy, announcing security fixes available for free for the older Windows systems still used by millions of individuals and smaller businesses.
After an emergency government meeting Saturday in London, Britain’s home secretary said one in five of 248 National Health Service groups had been hit. The onslaught forced hospitals to cancel or delay treatments for thousands of patients, even some with serious aliments like cancer.
Who perpetrated this wave of attacks remains unknown. Two security firms — Kaspersky Lab and Avast — said they identified the malicious software in more than 70 countries. Both said Russia was hit hardest.
And all this may be just a taste of what’s coming, a leading cyber security expert warned.
Computer users worldwide — and everyone else who depends on them — should assume that the next big “ransomware” attack has already been launched, and just hasn’t manifested itself yet, said Ori Eisen, who founded the Trusona cybersecurity firm in Scottsdale, Ariz.
The attack held hospitals and other entities hostage by freezing computers, encrypting data and demanding money through online bitcoin payments. But it appears to be “low-level” stuff, Eisen said Saturday, given the amount of ransom demanded — $300 at first, rising to $600 before it destroys files hours later.
He said the same thing could be done to crucial infrastructure, like nuclear power plants, dams or railway systems.
“Today, it happened to 10,000 computers,” Eisen said. “There’s no barrier to do it tomorrow to 100 million computers.”
The ransomware appeared to exploit a vulnerability in Microsoft Windows that was purportedly identified by the U.S. National Security Agency for its own intelligence-gathering purposes. The NSA tools were stolen by hackers and dumped on the internet.
A young cybersecurity researcher has been credited with helping to halt the ransomware’s spread by accidentally activating a so-called “kill switch” in the malicious software.
The 22-year-old Britain-based researcher, identified online only as MalwareTech, explained Saturday how he inadvertently discovered Friday that the software’s spread could be stopped by registering a garbled domain name. His $11 purchase of the name may have saved governments and companies around the world millions, slowing its spread before U.S.-based computers were more widely infected.