Updated May. 15, 2017 at 6:37 a.m.

Has your network been 'patched'? Failure to do opens way for global hack

Published: 2017-05-12 16:17:00
Updated: 2017-05-15 06:37:52

Ransomware attack: 'Ooops ..." Ransomware attack: 'Ooops, your files have been encrypted." (SecureList graphic) Image 1 of 2 · Next Image…

On The Web


A massive global "ransomware" attack on Friday hit corporate and government networks across 74 countries on Friday. And a security firm points out the attacks could have been prevented if companies had "patched," or updated their networks to guard against the onslaught being called "Wanna Cry."

Ransomware attack - in ChineseRansom demands for payments in order to unlock encrypted files were made in multiple languages, including Chinese.

Here's an update on the global attack's impact from The Associated Press as of Monday morning:

  • EUROPEAN UNION — Europol's European Cybercrime Centre, known as EC3, said the attack "is at an unprecedented level and will require a complex international investigation to identify the culprits."
  • BRITAIN — Britain's home secretary said the "ransomware" attack hit one in five of 248 National Health Service groups, forcing hospitals to cancel or delay treatments for thousands of patients — even some with serious aliments like cancer.
  • GERMANY — The national railway said Saturday departure and arrival display screens at its train stations were affected, but there was no impact on actual train services. Deutsche Bahn said it deployed extra staff to help customers.
  • RUSSIA — Two security firms — Kaspersky Lab and Avast — said Russia was hit hardest by the attack. The Russian Interior Ministry, which runs the country's police, confirmed it was among those that fell victim to the "ransomware," which typically flashes a message demanding payment to release the user's data. Spokeswoman Irina Volk was quoted by the Interfax news agency Saturday as saying the problem had been "localized" and that no information was compromised. Russia's health ministry said its attacks were "effectively repelled."
  • UNITED STATES — In the U.S., FedEx Corp. reported that its Windows computers were "experiencing interference" from malware, but wouldn't say if it had been hit by ransomware. Other impacts in the U.S. were not readily apparent.
  • TURKEY — The head of Turkey's Information and Communication Technologies Authority or BTK says the nation was among those affected by the ransomware attack. Omer Fatih Sayan said the country's cyber security center is continuing operations against the malicious software.
  • FRANCE — French carmaker Renault's assembly plant in Slovenia halted production after it was targeted. Radio Slovenia said Saturday the Revoz factory in the southeastern town of Novo Mesto stopped working Friday evening to stop the malware from spreading.
  • BRAZIL — The South American nation's social security system had to disconnect its computers and cancel public access. The state-owned oil company Petrobras and Brazil's Foreign Ministry also disconnected computers as a precautionary measure, and court systems went down, too.
  • SPAIN — The attack hit Spain's Telefonica, a global broadband and telecommunications company.

Bitcoin payments

The hackers also demanded payment in electronic, or crypto currency, known as Bitcoin, SecureList says in a blog with information from Kaspersky Lab.

"Our analysis indicates the attack, dubbed 'WannaCry', is initiated through an SMBv2 remote code execution in Microsoft Windows," says SecureList, which is recognized internationally for its work in tracking such hacks.

"This exploit (codenamed “EternalBlue”) has been made available on the internet through the Shadowbrokers dump on April 14th, 2017 and patched by Microsoft on March 14," the firm ads.

"Unfortunately, it appears that many organizations have not yet installed the patch."

Indeed.

Media paid major attention to the "dump," but apparently not everyone got or heeded the warning.

[NOTE: SAS in Cary suffered a network outage on Friday but denied being hacked.]

As of Friday afternoon, some 45,000 attacks had been reported. Among those hardest hits with demands for payment was the U.K. health system.

"It was not immediately clear who was behind the attacks, but the acts deeply alarmed cybersecurity experts and underscored the enormous vulnerabilities faced by disjointed networks of computer systems around the world," The New York Times added.

And the attack could be even larger.

"It’s important to note that our visibility may be limited and incomplete and the range of targets and victims is likely much, much higher."

It's also very international in scope, detailing the attack in multiple languages, the report points out:

"Bulgarian, Chinese (simplified), Chinese (traditional), Croatian, Czech, Danish, Dutch, English, Filipino, Finnish, French, German, Greek, Indonesian, Italian, Japanese, Korean, Latvian, Norwegian, Polish, Portuguese, Romanian, Russian, Slovak, Spanish, Swedish, Turkish, Vietnamese."

The attack: What victims were told

Here's what the hackers said had happened and what they demanded, according to SecureList, in English:

  • What Happened to My Computer?

Your important files are encrypted.
Many of your documents, photos, videos, databases and other files are no longer accessible because they have been encrypted. Maybe you are busy looking for a way to
recover your files, but do not waste your time. Nobody can recover your files without our decryption service.

  • Can I Recover My Files?

Sure. We guarantee that you can recover all your files safely and easily. But you have not so enough time.
You can decrypt some of your files for free. Try now by clicking .
But if you want to decrypt all your files, you need to pay.
You only have 3 days to submit the payment. After that the price will be doubled.
Also, if you don't pay in 7 days, you won't be able to recover your files forever.
We will have free events for users who are so poor that they couldn't pay in 6 months.

  • How Do I Pay?

Payment is accepted in Bitcoin only. For more information, click .
Please check the current price of Bitcoin and buy some bitcoins. For more information, click .
And send the correct amount to the address specified in this window.
After your payment, click . Best time to check: 9:00am - 11:00am GMT from Monday to Friday.
Once the payment is checked, you can start decrypting your files immediately.

  • Contact

If you need our assistance, send a message by clicking .

We strongly recommend you to not remove this software, and disable your anti-virus for a while, until you pay and the payment gets processed. If your anti-virus gets
updated and removes this software automatically, it will not be able to recover your files even if you pay!

Read the report, which includes information about remediation, at:

https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in-widespread-attacks-all-over-the-world

WRAL TechWire any time: Twitter, Facebook

Copyright 2017 WRAL TechWire. All rights reserved.
The Skinny

The Skinny

WRAL TechWire Publisher and Editor Rick Smith dishes out tidbits from the local technology sector. Read more articles…

Please Log In to add a comment.

Latest for Insiders