Sourced from two separate articles,
and with an endnote by Lasha Darkmoon
“On Hackers, Bitcoin and the End Days.”
Cyber security experts rushed to restore systems on Saturday after an unprecedented global wave of cyberattacks that struck targets ranging from Russia’s banks to British hospitals and a French carmaker’s factories.
The hunt was on for the culprits behind the assault, which was being described as the biggest cyber ransom attack ever. State agencies and major companies around the world were left reeling by the attacks which blocked access to files and demanded ransom money, forcing them to shut down their computer systems.
“The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits,” said Europol, Europe’s policing agency.
The attacks, which experts said affected dozens of countries, used a technique known as ransomware that locks users’ files unless they pay the attackers a designated sum in the virtual Bitcoin currency.
Mikko Hypponen, chief research officer at the Helsinki-based cyber security company F-Secure, told AFP that the attack was “the biggest ransomware outbreak in history”, saying that 130,000 systems in more than 100 countries had been affected.
He said that Russia and India were hit particularly hard, in large part because the older Windows XP operating software is still widely used in the countries.
The attacks apparently exploited a flaw exposed in documents leaked from the US National Security Agency (NSA).
The attacks hit a whole range of organisations and businesses worldwide.
French carmaker Renault was forced to stop production at sites in France and Slovenia, saying the measure was aimed at stopping the virus from spreading.
In the United States, package delivery group FedEx acknowledged it had been hit by malware and said it was “implementing remediation steps as quickly as possible.”
Russia’s interior ministry said that some of its computers had been hit by a “virus attack” and that efforts were underway to destroy it.
The country’s central bank said the banking system was hit, and the railway system also reported attempted breaches.
The central bank’s IT attack monitoring centre “detected mass distribution of harmful software” but no “instances of compromise”, it said.
Russia’s largest bank Sberbank said its systems “detected in time attempts to penetrate bank infrastructure”.
Germany’s Deutsche Bahn computers were also impacted, with the rail operator reporting that station display panels were affected.
In a statement, computer security group Kaspersky Labs said it was “trying to determine whether it is possible to decrypt data locked in the attack — with the aim of developing a decryption tool as soon as possible.”
On Saturday, a cyber security researcher told AFP he had accidentally discovered a “kill switch” that could prevent the spread of the ransomware.
The researcher, tweeting as @MalwareTechBlog, said that the discovery was accidental, but that registering a domain name used by the malware stops it from spreading. Computers already affected will not be helped by the solution.
But @MalwareTechBlog warned that the “crisis isn’t over” as those behind it “can always change the code and try again”.
The malware’s name is WCry, but analysts were also using variants such as WannaCry.
Message to users: ‘Oops’
Britain’s National Cyber Security Centre and its National Crime Agency were looking into the UK incidents, which disrupted care at National Health Service facilities, forcing ambulances to divert and hospitals to postpone operations.
Pictures on social media showed screens of NHS computers with images demanding payment of $300 (230 pounds, 275 euros) in Bitcoin, saying: “Ooops, your files have been encrypted!”
It demands payment in three days or the price is doubled, and if none is received in seven days the files will be deleted, according to the screen message.
“Ransomware becomes particularly nasty when it infects institutions like hospitals, where it can put people’s lives in danger,” said Kroustek, the Avast analyst.
A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the NSA, Kaspersky said.
Although Microsoft released a security patch for the flaw earlier this year, many systems have yet to be updated, researchers said.
“Unlike most other attacks, this malware is spreading primarily by direct infection from machine to machine on local networks, rather than purely by email,” said Lance Cottrell, chief scientist at the US technology group Ntrepid.
Some said the attacks highlighted the need for agencies like the NSA to disclose security flaws so they can be patched.
G7 finance ministers meeting in Italy discussed the attacks and were expected to commit to stepping up international cooperation against a growing threat to their economies.
Microsoft’s president and top lawyer has sharply criticized Donald Trump’s administration for failing to do more to prevent last Friday’s massive cyber attack. Brad Smith slammed US intelligence agencies, including the CIA and National Security Agency, for ‘stockpiling’ software code that can be used by hackers.
Cybersecurity experts revealed the unknown hackers who launched the weekend’s ‘ransomware’ attacks used a vulnerability that was exposed in NSA documents leaked online. As a result, parts of the National Health Service (NHS) in Britain was battered into submission and some surgeries and hospitals were forced to close their services.
In a post on Microsoft’s blog, Smith said: ‘An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen.’
The tech giant’s president and chief legal officer says governments should ‘report vulnerabilities’ that they discover to software companies, ‘rather than stockpile, sell, or exploit them.’
US President Donald Trump ordered his homeland security adviser, Tom Bossert, to hold an emergency meeting Friday night.
The meeting was called to assess the threat posed by a global computer ransomware attack, a senior administration official said.
Senior security staff held another meeting in the White House Situation Room on Saturday.
He believes there are three areas that need improving to prevent it happening again.
Microsoft need to address the issue with updates, their customers – companies and government branches – need to take responsibility and the authorities need to be held accountable, according to the lawyer.
Smith added: ‘The governments of the world should treat this attack as a wake-up call.
‘They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world.
‘We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.
‘This is one reason we called in February for a new Digital Geneva Convention to govern these issues, including a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them.
‘And it’s why we’ve pledged our support for defending every customer everywhere in the face of cyberattacks, regardless of their nationality.
‘This weekend, whether it’s in London, New York, Moscow, Delhi, Sao Paulo, or Beijing, we’re putting this principle into action and working with customers around the world.’
Security experts say a cyberattack that holds computer data for ransom grew out of vulnerabilities purportedly identified by the National Security Agency.
Microsoft has released fixes for vulnerabilities and related tools disclosed by TheShadowBrokers, a mysterious group that has repeatedly published alleged NSA software code.
But many companies and individuals haven’t installed the fixes yet, or are using older versions of Windows that Microsoft no longer supports and didn’t fix.
Chris Wysopal of the software security firm Veracode said criminal organizations are likely behind this, given how quickly the malware has spread.
‘For so many organizations in the same day to be hit, this is unprecedented,’ he added.
What is ransomware?
Ransomware is a type of malicious software that criminals use to attack computer systems.
Hackers often demand the victim to pay ransom money to access their files or remove harmful programs.
The aggressive attacks dupe users into clicking on a fake link – whether it’s in an email or on a fake website, causing an infection to corrupt the computer.
In some instances, adverts for pornographic website will repeatedly appear on your screen, while in others, a pop-up will state that a piece of your data will be destroyed if you don’t pay.
In the case of the NHS attack, the ransomware used was called Wanna Decryptor or ‘WannaCry’ Virus.
The WannaCry virus targets Microsoft’s widely used Windows operating system. The virus encrypts certain files on the computer and then blackmails the user for money in exchange for the access to the files. It leaves the user with only two files: Instructions on what to do next and the Wanna Decryptor program itself.
When opened the software tells users that their files have been encrypted and gives them a few days to pay up or their files will be deleted. It can quickly spread through an entire network of computers in a business or hospital, encrypting files on every PC.
How to protect yourself from ransomware
There are ways to avoid ransomware attacks, and Norton Antivirus has compiled a list of prevention methods:
1. Use reputable antivirus software and a firewall
2. Back up your computer often
3. Set up a popup blocker.
4. Be cautious about clicking links inside emails or on suspicious websites.
5. If you do receive a ransom note, disconnect from the Internet.
6. Alert authorities.
On Hackers, Bitcoin and the End Days
by Lasha Darkmoon
We are constantly being told, without any convincing evidence, that this highly skilled cyber attack has been launched by a criminal gang of hackers and not by a particular country — by a country, for example, which actually runs government courses for its hackers and trains them to the highest levels of cyber sophistication.
If there is any such country, I am not aware of it.
The good news, however, is that although roughly 100 countries have been laid low by this devastating attack, Israel has been in luck. Israel is one of the countries which appears to have been spared.
Another factor working in Israel’s favor is that the demand for bitcoin has recently soared to record levels, partly as a result of ransoms and other illegal transactions being carried out in bitcoin. And Israel, by a remarkable coincidence, is now poised to become the world’s ground zero for bitcoin exchange.
In 2011, it was possible to buy one bitcoin for as little as 30 cents. I have an old college friend, a reckless gambler from Rio, who was bold enough at that time to buy 10,000 bitcoins for 50 cents a coin. That knocked him back $5000. I think he had just sold a horse and decided, on an impulse, to invest his money in the cryptocurrency. Whenever the price of bitcoin plunged, he would buy some more. And whenever bitcoin reached another peak, he would sell. Bitcoin has been volatile, experiencing the most violent fluctuations. On 29 November 2013, the cost of one bitcoin rose to its all-time peak of US$1,242. On 3 March 2017, the price of a bitcoin exceeded the value of gold for the first time and surged to an all-time high.
My South American friend, who has inherited a ranch in Argentina and is about to invest a fortune in a New Zealand bolthole to escape the worse effects of radiation from a coming nuclear war, now intends to relocate to Israel in a few months. Is he Jewish? No, but he has recently acquired a Jewish wife. “She’s my second best investment,” he tells me with a wink. “After bitcoin.”
After moving to Israel, he hopes to set up a bitcoin business in the financial district. It makes no sense to me. If there’s going to be a nuclear war and rich guys are buying up boltholes in New Zealand to wait out the end days in safety, while the rest of us in Europe and America die from toxic radiation, you’d think Tel Aviv was the last place in the world to be.
When World War Three breaks out, you can be sure the towers of Tel Aviv will come toppling down before you can say Oy Veh. Yes, the whole of Israel will be toast in six minutes.