TECHNOMICS
Another major cyber attack: WannaCry link suspected
Amajor global cyber attack has disrupted computers at Russia’s biggest oil company, Ukrainian banks and multinational firms with a virus similar to the ransomware that last month infected more than 300,000 computers. It included code known as “Eternal Blue,” which cyber security experts widely believe was stolen from the US National Security Agency (NSA) and was also used in the last month’s ransomware attack, which was named “WannaCry” malware.
“Cyber attacks can simply destroy us,” said Kevin Johnson, chief executive of cyber security firm Secure Ideas. “Companies are just not doing what they are supposed to do in order to fix the problem.”
The ransomware virus also crippled computers running Microsoft Corp’s Windows by encrypting hard drives and overwriting files, then demanded $300 in bitcoin payments to restore access. More than 30 victims paid into the bitcoin account associated with the attack, according to a public ledger of transactions listed on blockchain.info.
Microsoft said the virus could also flow spread through a flaw that was patched in a security update in March 2017.
“We are continuing to investigate and will take appropriate action to protect customers,” a spokesman for the company said, adding that Microsoft antivirus software detects and removes the malware.
Russia and Ukraine were most affected by the thousands of attacks, as stated according to the security software maker Kaspersky Lab, with other victims spread across countries including Britain, France, Germany, Italy, Poland and the United States. The total number of attacks was unknown.
Security experts said they expected the impact to be smaller than WannaCry since there were many computers had been patched with Windows updates in the wake of WannaCry last month to protect them against attacks using Eternal Blue code.
Still, the attack could be more dangerous than traditional strains of ransomware because it makes computers unresponsive and unable to reboot, Juniper Networks stated that in a blog post analyzing the attack. Researchers said the attack may have borrowed malware code used in earlier ransomware campaigns known as “Petya” and “Golden Eye.” Following last month’s attack, governments, security firms and industrial groups aggressively advised businesses and consumers to make sure all their computers were updated with Microsoft patches to defend against the threat present here. The US Department of Homeland Security said it was monitoring the attacks and coordinating with other countries. It also advised victims not to pay the extortion, saying that doing so does not guarantee that access will be properly restored. In a statement, the White House National Security Council said there was currently no risk to public safety. The United States was investigating the attack and determined to hold those responsible accountable, it said. The NSA did not respond to a request for comment. The spy agency has not yet publicly confirmed if whether it built Eternal Blue and other hacking tools which were leaked online by an entity known as Shadow Brokers. Several private security experts have said they believe Shadow Brokers is tied to the Russian government, and that the North Korean government was behind WannaCry. Both countries’ governments deny charges they are involved in hacking.