Ransomware attack striking thousands more computers; Putin blames U.S.

(National Sentinel) Cyberwar: The ransomware attack that began and spread rapidly on Friday is continuing to encircle the globe, with thousands more computers affected on Monday as Russian President Vladimir Putin puts the blame on the United States.

Hackers using malware they stole from the National Security Agency hit dozens of countries on Friday in a massive ransomware attack that some cyber analysts believe was a sort of dry run in advance of a much larger assault, we reported last week.

Putin, in China for a state-to-state visit, said his country had “nothing to do” with the attacks as he laid the blame squarely on the U.S.

“Malware created by intelligence agencies can backfire on its creators,” said Putin, as reported by The Telegraph. He also noted that world leaders needed to discuss cyber security at a “serious political level” and said the U.S. has backed away from signing a cyber security agreement with Russia.

The paper added:

Authorities fear a second wave of the “WannaCry” ransomware could hit systems as people return to work and switch on their computers on Monday morning.

Japanese computer experts said around 2,000 PCs had been affected while the Chinese news agency Xinhua reported that almost 30,000 had been hit.

At present no one knows who is responsible for the attacks, but cyber experts are nearly universal in their opinion that this won’t be the last one. A group calling itself the Shadow Brokers leaked the stolen NSA malware.

What’s more, the attacks make it clear that computer systems the world over remain extremely vulnerable to cyber assaults, as IT system security around the world is a maintained via a patchwork of various levels that do not coordinate with each other.

“When people ask what keeps you up at night, it’s this,” Chris Camacho, the chief strategy officer at Flashpoint, a New York security firm tracking the attacks, told The New York Times.

Ransomware works by locking users out of their system, encrypting their files and then demanding a ransom – often via Bitcoin so it cannot be tracked – in order to get their computers unlocked.

The ransomware used is called WannaCry and Shadow Brokers has been dumping it and other stolen software online since last year.

Scores of countries hit in massive global ransomware attack – with NSA software

(National Sentinel) Cyberwar: Hackers using malware they stole from the National Security Agency hit dozens of countries on Friday in a massive ransomware attack that some cyber analysts believe was a sort of dry run in advance of a much larger assault.

As The New York Times reported, British hospitals appear to be the hardest hit by the attack, though by far were not the only victims. Ironically, though the malware utilized was stolen from the NSA, the United States was not among the hardest hit:

Corporate computer systems in many other countries — including FedEx of the United States, one of the world’s leading international shippers — were among those affected.

Kaspersky Lab, a Russian cybersecurity firm, said it had recorded at least 45,000 attacks in as many as 74 countries. The worst hit by far was Russia, followed by Ukraine, India and Taiwan, the company said. Users in Latin America and Africa were also struck.

At present no one knows who is responsible for the attacks, but cyber experts are nearly universal in their opinion that this won’t be the last one. A group calling itself the Shadow Brokers leaked the stolen NSA malware.

What’s more, the attacks make it clear that computer systems the world over remain extremely vulnerable to cyber assaults, as IT system security around the world is a maintained via a patchwork of various levels that do not coordinate with each other.

“When people ask what keeps you up at night, it’s this,” Chris Camacho, the chief strategy officer at Flashpoint, a New York security firm tracking the attacks, told The New York Times.

Ransomware works by locking users out of their system, encrypting their files and then demanding a ransom – often via Bitcoin so it cannot be tracked – in order to get their computers unlocked.

The ransomware used is called WannaCry and Shadow Brokers has been dumping it and other stolen software online since last year.

The malware was particularly effective against Microsoft systems. The company issued a patch in March but it was not universally installed by users around the world.

“It’s one of the first times we’ve seen a large international global campaign,” Camacho said, as reported by the Washington Post.

“There is going to be a lot more of these attacks,” he said. “We’ll see copycats, and not just for ransomware, but other attacks.”

Ironically, the attacks came a day after President Donald J. Trump signed an executive order requiring federal agencies to strengthen cyber security.

“The President will hold heads of executive departments and agencies (agency heads) accountable for managing cybersecurity risk to their enterprises,” the order states.

“In addition, because risk management decisions made by agency heads can affect the risk to the executive branch as a whole, and to national security, it is also the policy of the United States to manage cybersecurity risk as an executive branch enterprise.”