Last night the world was provided with a glimpse of the brave new world of criminal cyber attacks.
As reported by the New York Times,
Hackers exploiting malicious software stolen from the National Security Agency executed damaging cyberattacks that hit dozens of countries worldwide, forcing Britain’s public health system to send patients away, freezing computers at Russia’s Interior Ministry and wreaking havoc on tens of thousands of computers elsewhere.
The attacks amounted to a global blackmail attempt spread by the internet and underscored the vulnerabilities of the digital age.
Transmitted via email, the software locked British hospitals out of their computers and demanded ransom before users could be let back in — with a threat that data would be destroyed if the demands were not met.
“Ransomware” is usually defined as the use of malicious software by an attacker to block a person’s or organization’s access to their computers until money is paid to the attacker.
In 2015 the number of ransomware attacks varied from 23,000 to 35,000 a month, spiking to 56,000 in March of 2016.
But last night’s attack, according to security experts quoted by the NY Times, was “the digital equivalent of a perfect storm.”
The BBC reports:
Cyber-security firm Avast said it had seen 75,000 cases of the ransomware – known as WannaCry and variants of that name – around the world.
There are reports of infections in 99 countries, including Russia and China.
Among the worst hit was the National Health Service (NHS) in England and Scotland.
The BBC understands about 40 NHS organisations and some medical practices were hit, with operations and appointments cancelled.
As the NY Times adds,
The connection to the N.S.A. was particularly chilling. Starting last summer, a group calling itself the “Shadow Brokers” began to post software tools that came from the United States government’s stockpile of hacking weapons.
The attacks on Friday appeared to be the first time a cyberweapon developed by the N.S.A., funded by American taxpayers and stolen by an adversary had been unleashed by cybercriminals against patients, hospitals, businesses, governments and ordinary citizens.
According to The Guardian, the attack was halted by an “accidental hero” – a 22-year old UK cybersecurity researcher with the Twitter handle @malwaretechblog – who found a ‘kill switch’.
“I saw articles about organizations being hit,” he told the Guardian. “I found a sample of the malware behind it, and saw that it was connecting out to a specific domain, which was not registered. So I picked it up not knowing what it did at the time.”
The kill switch was hardcoded into the malware in case the creator wanted to stop it spreading. This involved a long domain name the malware makes a request to and if the request comes back and shows the domain is live, the kill switch takes effect and the malware stops spreading.
The victims of the ransomware attacks largely seem to be users of outdated Microsoft programs like Windows XP , Windows 8 and Windows Server 2003.
Microsoft announced yesterday that it is rolling out a patch to protect users with these operating systems.
The extent to the damage caused by last night’s attack, and how many paid the ransom, is still unclear.