Dozens of countries hit by huge cyberextortion attack

Associated Press ^ | May 12, 2017 | ANICK JESDANUN, JILL LAWLESS and ARITZ PARRA

[monkapotamus]

NEW YORK (AP) — Dozens of countries were hit with a huge cyberextortion attack Friday that locked up computers and held users’ files for ransom at a multitude of hospitals, companies and government agencies.

It was believed to the biggest attack of its kind ever recorded.

The malicious software behind the onslaught appeared to exploit a vulnerability in Microsoft Windows that was supposedly identified by the National Security Agency for its own intelligence-gathering purposes and was later leaked to the internet.

[taxcontrol]

I work in cyber security. We are already not able to keep up with customer demand. Nor can we find qualified people. I get the feeling that this is only going to make things worse for me. Good job security I guess.

[fella]

The sources of these attacks can be tracked down but the nationz wher they come from won’t go after the criminals.

[TexasRepublic]

I have not read about any Linux computers being affected.

[rarestia]

IAPP, DarkReading, and ThreatPost, among others, have this front and center. If you're on a Windows machine, be 100% certain your systems are patched!

Here's the Microsoft bulletin on this:

Security Update for Microsoft Windows SMB Server (4013389)

[BlackVeil]

Good point. This should cause people to reevaluate the dependence on windows.

[Rio]

nor Macs

[SecondAmendment]

> I have not read about any Linux computers being affected.

Ding ding ding ... we have a winner!

Windows fundamental architecture makes insecure, period.

[Socon-Econ]

The problem isn’t Windows; it’s failure to update, and clinging to, older versions that are less secure. Windows 10 has automatic updates of an anti-virus app that blocks ransomeware.

[Hostage]

I was attacked yesterday, Running Win 10 Surface Pro 3, Comcast wireless router.

So I had about 20 tabs open under Chrome and Edge (I use a bit of both) and one of the tabs starts flashing and I am locked out of all other tabs. I press on the flashing tab and a message pops up with an alert of a worm/virus intrusion.

Here is the message:

See the 'Microsoft' phone at the bottom. I called it and a person answered saying they were Microsoft. I said Ok, here's the message I am getting. The person starts talking nonstop telling me to go to the 'run' md window and trpe 'hh microsoft'.

I ask how do I know you are Microsoft? The person on the other end assures me they are Microsoft and not to worry, just enter the cmd and press enter. I do that. Then windows start popping up and things are installed on my SP3.

In the meantime, I take a snapshot of the message above and look up a Microsoft support number on the internet while listening to the person on the other end lecture me about IT and network matters, telling me my entire network an IP address is reached, damaged, compromised.

I knew I had been taken in a senior like moment. I should have been sharper, quicker, never letting it get that far.

The conversation kept meandering and I asked again "How do I know you are Microsoft?". I asked, "Where is all this leading?" "Why are you spending time 'educating me' and not telling me how I can get this all fixed?"

And this lecture continued until a minute later I was told that I would receive anti-hacking tools, for a 'cost'.

Uh-huh ... Bullsh*t.

I disconnected the SP3 from the wireless internet router and went to the router and pulled the plug.

I called Microsoft support and after paying $99, I talked to a pro who spent a good chunk of time getting all the crap that was installed off, a massive amount of intrusion files. The Microsoft Pro saw the message above with the phone number and checked it was not a Microsoft number nor the number of any affiliate. It was a scam which I had the sense to realize but should have been quicker to sense.

So here's what you do:

Have a real Microsoft support number handy. When you get some sort of lockout event and a message with a Microsoft phone number, first pull the plug on your router, then call the real Microsoft number and verify the message phone number is real or not. They won't charge for checking phone numbers.

Then start running security scans and get rid of all the crap that got downloaded. If you're still unsure, consider paying for a Microsoft Pro to get cleaned up and steer you back to safety.

[Hostage]

Oh, and Microsoft, the real Microsoft told me I was one of the lucky few for having pulled the power plug on the wireless router.

[American Quilter]

I work in cyber security. We are already not able to keep up with customer demand. Nor can we find qualified people.

Couldn't someone offer a huge amount of money to anyone who can develop software to track down and identify these criminals? Or is that naive thinking?

[heights]

I knew I shouldn’t have pressed Ctril-X-Enter.

[caww]

That bulletin is for March.... this is a new variation which has been hitting over 40 countries now.

My brother and I were discussing it this afternoon fro his work place....it’s coming in on e-mail.....so people should watch what they are clicking open carefully. They should do that anyway.....

[softengine]

Well, that is kind of right. It is a failure to patch. This is a vulnerability in SMB - server message block. It is explained in more detail in MS17-010.

Shadow Brokers released the NSA tools almost a month ago. So, affected businesses had plenty of time to patch. They chose not to, for whatever reason. As for AV 'blocking' the ransomware, I would not rely on that. Generally speaking, in terms of new malware, AV does NOT catch the dropper. And is often behind in catching the payload as well. I'm not saying don't have AV - definitely DO. But thinking that because you have it, you are good to go is a big mistake.

[eddie willers]

Hectoring people on the OS that is run on their system is like blaming the gun for someone’s death. It is who pulled the trigger that is to blame.

Attacking hospitals is beyond the pale and ought to bring with it the death penalty.

I am not kidding.

[caww]

Alert!!!!.....THIS THING IS HUGE AND BAD NEWS!

DAY THE EARTH WAS HACKED....Drudge has Good Articles on this:

BIGGEST RANSOMWARE OUTBREAK EVER... DEVELOPING...

AT LEAST 99 COUNTRIES ATTACKED...

NSA CYBER WEAPON...

HOSPITALS CRIPPLED, TELECOMMS SNARLED...

GERMAN TRAIN CHAOS...

RUSSIAN GOVT HIT...

SPEED AND SCALE STARTLES EXPERTS...

[caww]

It’s now believed to be the biggest cyber attack of its kind ever recorded.

Mikko Hypponen, chief research officer at the Helsinki-based cybersecurity company F-Secure, called the attack “the biggest ransomware outbreak in history.”

the attack appeared to be caused by a self-replicating piece of software that enters companies and organizations when employees click on email attachments, then spreads quickly internally from computer to computer when employees share documents and other files.

[caww]

FBI Gives Hollywood Hacking Victims Surprising Advice:

.. “Pay the Ransom”...

The frequency of the attacks has overwhelmed the FBI’s Los Angeles field office, which has been unable to properly investigate all of them. The FBI’s surprising advice, according to industry sources: Pay the ransom. After all, the hackers aren’t asking much more than a Cannes hotel tab. In all of the Hollywood extortion cases, the hackers demanded less than $80,000. A law enforcement source says that in California, losses would need to exceed $50,000 for the U.S. Attorney’s office to prosecute, thus keeping the FBI from pursuing most of these cases.

http://www.hollywoodreporter.com/news/fbi-gives-hollywood-hacking-victims-surprising-advice-pay-ransom-1001515

[RetiredTexasVet]

Need to see a clean out at the CIA and NSA for developing the tools in the first place and then to compound their stupidity, allowing them to be stolen and released.