“One NSA tool, an exploit of Microsoft Windows called EternalBlue, is being used as one method for rapidly spreading a ransomware variant called WannaCry across the world.”
Forbes — Friday May 12 2017
May 12 2017 — A massive cyberattack that infects computers with ransomware is crippling major institutions and companies in scores of countries. Follow us on Twitter: @INTEL_TODAY
RELATED POST: Acts of War in Cyberspace
RELATED POST: Inside the Intrigue of ‘Russia’s Cyberattacks’
RELATED POST: CYBER AWARENESS CHALLENGE: Take the US DoD TEST!
UPDATE (May 12 2018) — In December 2017, the United States, United Kingdom and Australia formally asserted that North Korea was behind the attack.
North Korea denied being responsible for the cyberattack.
Marcus Hutchins — who managed to temporarily stop the WannaCry ransomware attack — was arrested in Las Vegas in August 2017.
US Prosecutors allege that Hutchins assisted in the creation and spread of a piece of banking malware known as Kronos in 2014 and 2015. The charges are not related to WannaCry.
Hutchins denied any wrongdoing and pleaded not guilty to the charges against him on August 2017. He is out on bail pending trial and remains in Los Angeles.
END of UPDATE
On Friday (May 12 2017), a major cyberattack hit nearly 100 nations at hospitals, telecommunications firms and other companies. The virus infects computer files and then demands bitcoins to unblock them.
The attack appeared to exploit a vulnerability purportedly identified for use by the U.S. National Security Agency and later leaked to the internet.
The attack hit Britain’s health service, forcing affected hospitals to close wards and emergency rooms.
In a matter of hours, 75,000 cases of the ransomware – known as WannaCry and variants of that name – were reported around the world.
There have been reports of infections in 99 countries, including the UK, US, China, Russia, Ukraine, Spain, Italy and Taiwan. It is reported that the attack has hit Russia hardest.
How to Accidentally Stop a Global Cyber Attacks
Here is the amazing story of Marcus Hutchins, the man who singlehandedly stopped the virus.
“I woke up at around 10 AM. (The person was actually on vacation!) There were a few of your usual posts about various organisations being hit with ransomware, but nothing significant…yet.
I ended up going out to lunch with a friend, meanwhile the WannaCrypt ransomware campaign had entered full swing.
When I returned home at about 2:30, the threat sharing platform was flooded with posts about various NHS systems all across the country being hit
I was quickly able to get a sample of the malware. Upon running the sample in my analysis environment I instantly noticed it queried an unregistered domain, which I promptly registered.
ProofPoint researcher Darien Huss [realized] that our registration of the domain had actually stopped the ransomware and prevent the spread.
So why did our sinkhole cause an international ransomware epidemic to stop?
The reason which was suggested is that the domain is a “kill switch” in case something goes wrong, but I now believe it to be a badly thought out anti-analysis.
I believe they were trying to query an intentionally unregistered domain which would appear registered in certain sandbox environments, then once they see the domain responding, they know they’re in a sandbox the malware exits to prevent further analysis.” (Read the full story here)
Europol also warned a “complex international investigation” was required “to identify the culprits”.
Europol said its cyber-crime team, EC3, was working closely with similar teams in the affected countries to “mitigate the threat and assist victims”.
In the UK, the head of the cyber security agency said experts were “working around the clock” to restore the systems of some 45 NHS organisations in England and Scotland that were hit by the attack.
Massive ‘Ransomeware’ Cyber Attack Worldwide
Cyberattack cripples institutions, companies around the world
One Year Ago — Cyberattack Cripples Institutions Around The World