wannacry
Latest
India wants a discount on Windows to reduce its cyberattack risk
In light of the recent WannaCry and "NotPetya" global ransomware attacks, India is looking to strike a deal with Microsoft that would reduce the cost of its Windows 10 operating system by more than 75 percent. The country's cyber security coordinator, Gulshan Rai, told Reuters that the company has "in principle agreed."
US hit by cyberattack that targeted Ukraine and Russia
Yesterday, a number of Ukrainian and Russian companies and state agencies reported being hit by a cyberattack, the results of which ranged from flight delays at Boryspil airport to a shutdown of Chernobyl nuclear power plant's automatic radiation monitoring system. And while those two countries took the brunt of it, the virus at the root of the attack quickly spread throughout Europe and to Asia, Australia and the US.
WannaCry ransomware causes Honda plant to shut down
WannaCry isn't done yet. Honda Motor Co. had to shut down its Sayama plant on Monday after finding the ransomware in its computer network. The plant's production resumed on Tuesday.
US: North Korea's been hacking everyone since 2009
US authorities believe the North Korean government has been using an army of hackers called "Hidden Cobra" to deploy cyber attacks over the past eight years. That's according to the Technical Alert formally issued by the Homeland Security and the FBI, which contains the details and tools NK's cyber army has been using to infiltrate the media, financial, aerospace and critical infrastructure sectors in the US and around the globe. The government agencies issued the alert after tracing the IP addresses of a malware variant used to manage NK's DDoS attacks to North Korean computers. While other players can spoof their IPs to frame NK, the US is encouraging cyber analysts to be on the lookout, warning them that the Asian country will continue to use cyber operations to advance its government's military and strategic objectives.
If hacking back becomes law, what could possibly go wrong?
Representative Tom Graves, R-Ga., thinks that when anyone gets hacked -- individuals or companies -- they should be able to "fight back" and go "hunt for hackers outside of their own networks." The Active Cyber Defense Certainty ("ACDC") Act is getting closer to being put before lawmakers, and the congressman trying to make "hacking back" easy-breezy-legal believes it would've stopped the WannaCry ransomware.
There's an easy fix for WannaCry, if you haven't rebooted yet
There's a glimmer of hope for a specific subset of victims in the WannaCry hack. Security researchers have released a fix that gets rid of the ransomware and restores a device's files, though it only works on Windows XP to Windows 7, and only on computers that have not been rebooted since the infection.
WannaCry cousin uses your computer to mine Bitcoins
WannaCry might have wreaked havoc all over the globe, but it apparently has a cousin that's been far more effective in earning money for its creators. While looking into the WannaCry attacks, security firm Proofpoint has discovered the existence of another threat called Adylkuzz that also uses NSA's leaked hacking tools EternalBlue and DoublePulsar that exploit Windows vulnerabilities. Unlike the ransomware that takes over its victims' computers in an attempt to extort money, Adylkuzz has a much quieter existence. It's a small program that lurks in your PC, using its resources to mine for a cryptocurrency called Monero.
NSA would have to disclose its cyber exploit policies under new bill
It wasn't long after last week's devastating international ransomware attack before details surfaced about how the hackers found the exploit to target: It was stolen from the NSA, which stockpiles the digital vulnerabilities. Now, Democratic Senator Brian Schatz (HI) has introduced a bill that would create policy regulating how and when federal agencies would disclose known attack vectors.
'Shadow Brokers' threaten to release more hacking tools in June
An exploit that the "WannaCry" malware used to encrypt computers worldwide first appeared in a leak from "The Shadow Brokers," a group that claims to have stolen a number of tools from the NSA. Now the Shadow Brokers are back with a new blog post threatening more leaks. Through an intentionally sloppy writing style, the group taunts not only TheEquationGroup (read: NSA), but also Microsoft and its blog post blaming spy agencies, claiming that Microsoft is simply upset the NSA didn't pay to hold its vulnerability.
Pirated Windows led to WannaCry's spread in China and Russia
WannaCry, the notorious ransomware demanding up to $300 worth of Bitcoins to unlock victims' computers, hit systems all around the globe over the weekend. According to Finnish cybersecurity company F-Secure, though, Russia and China were affected the most, and it could be due to the rampant use of pirated software in those countries. Microsoft issued a patch for the vulnerability the attackers used as an entry point back in March and even fixed it for XP, which it long stopped supporting. However, pirated systems can't install those patches, so computers running illegal software remained vulnerable.
'WannaCry' ransomware showed traces of North Korean code
For all the damage the "WannaCry" ransomware has done, there's still one looming, unanswered question: who's behind it? At last, there might be a clue. Google researcher Neel Mehta has noticed that an early version of WannaCry's code shares similarities with a February 2015 sample from the Lazarus Group, a North Korea-linked outfit blamed for both the Sony Pictures hack as well as the Bangladesh Bank heist. The code changed between then and now, but it at least raises the possibility that North Korea was involved.
The 'WannaCry' ransomware is a stark reminder of a broken system
In April, a hacking group called The Shadow Brokers dumped a cache of Windows' exploits it pilfered from the NSA. The group had decided to start leaking exploits it stole from the agency after it was unable to find a buyer for the government's hacking tools. Inside that April drop was a remote code execution vulnerability called "EternalBlue" (aka MS17-010). Fortunately, Microsoft issued a security patch that fixed EternalBlue in March. What's not so fortunate is that not everyone had applied it to their machines.
NHS Trusts ignored patch that would’ve averted malware disaster
The ransomware attack that crippled crucial NHS systems across the UK and continues to cause disruption could have easily been contained, according to NHS Digital. The body, which oversees data and IT infrastructure across the NHS, said hospitals and other arms of the service had ample time to upgrade their systems. The 'WannaCry' malware variant used a Windows exploit Microsoft patched in mid-March this year. At the end of April, NHS Digital notified staff and "more than 10,000 security and IT professionals," pointing them to a patch that would "protect their systems." It seems this advisory fell on some deaf ears, which explains why only certain NHS Trusts were affected.
Engadget Podcast Ep 39: Rip Off
On this episode hosts Dana Wollman and Terrence O'Brien talk about the massive WannaCry ransomware attack spreading across the globe and Caddyshack. Edgar Alvarez stops by to fill everyone in on all the drama around Fyre Festival, Instagram influencers and the FTC. Then Cherlynn Low and Devindra Hardawar check in from Build to give us the low down on Microsoft's plans for the future.
Microsoft blasts spy agencies for hoarding security exploits
Microsoft is hopping mad that leaked NSA exploits led to the "WannaCry" (aka "WannaCrypt") ransomware wreaking havoc on computers worldwide. Company President Brad Smith has posted a response to the attack that roasts the NSA, CIA and other intelligence agencies for hogging security vulnerabilities instead of disclosing them to be fixed. There's an "emerging pattern" of these stockpiles leaking out, he says, and they cause "widespread damage" when that happens. He goes so far as to liken it to a physical weapons leak -- it's as if the US military had "some of its Tomahawk missiles stolen."
'WannaCry' ransomware evolves despite attempts to kill it
There were predictions that the fast-spreading "WannaCry " (aka "WannaCrypt") ransomware would quickly evolve to get around its domain-based kill switch, and, well... the predictions were right. Security researchers have discovered variants of the Windows malware that either have different kill switches (easy to stop by purchasing the web domain) or don't have a kill switch at all. MalwareTech's initial findings might have stopped the original WannaCry in its tracks, but that was really just a speed bump for malicious coders.
Microsoft patches Windows XP to fight 'WannaCrypt' attacks (updated)
Microsoft officially ended its support for most Windows XP computers back in 2014, but today it's delivering one more public patch for the 16-year-old OS. As described in a post on its Windows Security blog, it's taking this "highly unusual" step after customers worldwide including England's National Health Service suffered a hit from "WannaCrypt" ransomware. Microsoft patched all of its currently supported systems to fix the flaw back in March, but now there's an update available for unsupported systems too, including Windows XP, Windows 8 and Windows Server 2003, which you can grab here (note: if that link isn't working then there are direct download links available in the Security blog post). Of course, for home users, if you're still running one of those old operating systems then yes, you should patch immediately -- and follow up with an upgrade to something current. If you're running a vulnerable system and can't install the patch for some reason, Microsoft has two pieces of advice: Disable SMBv1 with the steps documented at Microsoft Knowledge Base Article 2696547 and as recommended previously. Consider adding a rule on your router or firewall to block incoming SMB traffic on port 445 Update: Microsoft legal chief Brad Smith has written a blog post that both calls for more help from customers (read: update more often) and chastises intelligence agencies for hoarding security exploits. They don't understand the risk to the public if the exploits leak, Smith says -- it's as if someone stole a batch of Tomahawk missiles. We wouldn't count on the NSA or other agencies heeding the call, but Microsoft clearly wants to make its frustrations heard.
'WannaCry' ransomware attack spreads worldwide (update)
England's healthcare system came under a withering cyberattack Friday morning, with "at least 25" hospitals across the country falling prey to ransomware that locked doctors and employees out of critical systems and networks. It's now clear that this is not a (relatively) isolated attack but rather a single front in a massive digital assault. Update 2 (5/13): In response to infections like the ones that crippled parts of the NHS system, Microsoft is releasing a patch for unsupported systems including Windows XP, Windows 8 and Windows Server 2003.
NHS hospitals in England hit by a widespread cyberattack (updated)
Various NHS Trusts are currently battling with what appears to be a large-scale cyberattack affecting IT systems across the country. According to reports, hospitals and GP surgeries are falling victim to a widespread ransomware attack, causing them to shut down their computer networks. The East and North Hertfordshire NHS Trust was one of the first to acknowledge the problem and switch off its systems, warning locals that they will have trouble getting through on the phone and asking them not to visit accident and emergency unless absolutely necessary. Update: The attack has continued to spread and is now affecting systems around the world. Update 2 (5/13): In response to infections like the ones that crippled parts of the NHS system, Microsoft is releasing a patch for unsupported systems including Windows XP, Windows 8 and Windows Server 2003.
