Attack has missed us
THE federal government is working to find out whether a massive global malware attack has affected Australia.
Computer systems at companies and hospitals across the world were attacked on Friday, apparently as part of an extortion plot. There are no confirmed reports Australian organisations have been hit.
“We are continuing to monitor the situation and stand ready to deal with any threat,” a spokesman for Prime Minister Malcolm Turnbull said yesterday.
HACKING tools developed by the US National Security Agency are believed to have been used in a global cyber attack that disrupted Britain’s health system, hit inter-national shipper FedEx, and infected computers in nearly 100 countries.
Cyber extortionists tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.
The ransomware encrypted data on the computers, demanding payments of $400 to $800 to restore access.
Security researchers say they observed some victims paying via the digital currency bitcoin, though they did not know how many had given in to the extortionists.
Researchers with security software maker Avast say they had observed 57,000 infections in 99 countries with Russia, Ukraine and Taiwan the top targets. The most disruptive attacks were reported in Britain, where hospitals were forced to turn away patients after losing computer access.
International shipper FedEx Corp said some of its Windows computers were also infected.
“We are implementing remediation steps as quickly as possible,” it said in a statement.
Only a small number of USheadquartered organisations were hit because the hackers appear to have begun the campaign by targeting those in Europe, said Vikram Thakur, research manager with security software maker Symantec. By the time they turned their attention to the US, spam filters had flagged the ransomware-laden emails as malicious, he said.
The US Department of Homeland Security said it was aware of reports of the ransomware, was sharing information with domestic partners and was ready to lend technical support.
Telecommunications company Telefonica was among many targets in Spain while Portugal Telecom and Telefonica Argentina also said they were targeted.
Private security firms identified the ransomware as a new variant of “WannaCry” that had the ability to automatically spread across large networks by exploiting a known bug in Microsoft’s Windows operating system.
“Once it gets in and starts moving across the infrastructure, there is no way to stop it,” said Adam Meyers, a researcher with cyber security firm CrowdStrike.
The hackers, who have not come forward to claim responsibility, likely made it a “worm,” or self-spreading malware, by exploiting a piece of NSA code known as “Eternal Blue” that was released last month by a group known as the Shadow Brokers, cyber security researchers said.
“This is one of the largest global ransomware attacks the cyber community has ever seen,” said Rich Barger, director of threat research with Splunk, one of the firms that linked WannaCry to the NSA.