Massive "Wanna Cry" Cyberattack Spreading Around The World

(Found this in my drafts dated in May. Gotta watch that. The pic is new of course)

Still, no corner of the globe was immune. In addition to the well-publicized impact on Britain’s health service, Spain’s largest telephone company had been hit hard, the FedEx corporate offices in the United States reported being infected, and everything from train stations to schools to government agencies were reporting being caught up in the massive digital blackmail scheme.

The result was a global digital epidemic that unfolded in much the way security experts had been predicting for years. Many targets were being left with little choice but to pay several hundreds of dollars to recover their data.

Even more alarming, more than 24 hours after the first attack, no one seemed entirely confident in their ability to ever completely stop it.

This is the biggest attack of this kind we’ve ever seen.
— Christy Wyatt, chief executive officer of cybersecurity firm Dtex

“It’s going to continue to grow and evolve and propagate,” said Christy Wyatt, chief executive officer of cybersecurity firm Dtex. “This is the biggest attack of this kind we’ve ever seen. We’re all trying to figure out how we can contain it. But I’m afraid this is the new normal.”

Overnight, people posted photos on Twitter of computers in places such as a German railroad ticket machine displaying the ominous red sign. In Spain, telecom company Telefonica as well as the nation’s largest utility reported an outbreak. Russian officials confirmed that many organizations in that country had been affected, including its Interior Ministry and telecom company Megafon.

So far, the Department of Health Services in the United Kingdom seems to have suffered the worst of it. But Nissan also confirmed that a car plant in that country was affected.

In France, the national cybersecurity agency warned citizens that while it had not yet detected any problems in that country, they should still take precautions to protect themselves.

For many security firms, these types of attacks have become a daily occurrence, a quiet battle they are fighting in the trenches against a mounting number of bad guys. It was the size and scope of WannaCry that has pushed this pitched battle into the public spotlight.

"We are seeing firsthand how ransomware can be used to compromise more than just data privacy,” said Dean Weber, chief technology officer of security firm Mocana.

The scope of the attack triggered a furious debate about the complex web of factors that led to such widespread vulnerability. While the list of culprits was long, and getting longer by the hour, it was the U.S. National Security Agency that found itself facing the most recriminations.

Security experts were appalled that the NSA had identified the method of attack as part of its cybersurveillance efforts and then somehow failed to safeguard it. The agency was facing accusations that it let a taxpayer piece of technology meant to protect the United States and its allies fall into the wrong hands and create digital anarchy.

As a result, some were predicting the NSA could be facing a political blowback that could match or exceed the one it received following the release of the Edward Snowden documents revealing the extent of its digital spying activities.

“Losing your tools, losing what the government paid you to do, losing your cyberweapons, it’s a really tragic event that’s going to hurt the world,” said Phil Lieberman, president of cybersecurity firm Lieberman Software. “To have them fall into the hands of criminals is just awful.”

The vulnerability that the NSA originally found in Microsoft’s Windows systems was likely a goldmine in terms of the ability to conduct surveillance. It allowed an outside party almost unhindered access to a computer, where they could plant a piece of software with digital credentials and monitor activity.

Spotting this weakness and understanding how to exploit it was without a doubt a long and intensive process. But the NSA’s roadmap for what was code-named EternalBlue was hacked and published in April by a group known as the Shadow Brokers.

In April, Microsoft issued a security patch to plug the vulnerability. But as is typical, many users and organizations either ignored it, or have been slow to update their systems. Many organizations simply don’t have the resources to do so. The result is millions of machines around the world left open, a problem compounded if peopled or companies failed to regularly back up or make duplicates of their data.

The problem has become so dire that Microsoft took the extraordinary step of issuing software patches Saturday for versions of its Windows operating system that it had stopped supporting years ago.

"The widespread nature of this attack suggests that organizations are still slow to patch significant vulnerabilities like the one currently being associated with this event,” said Travis Farral, director of security strategy at Anomali and a former ExxonMobil security intelligence executive. “Considering the potential impact of these infections, ensuring that there are procedures in place for quickly patching urgent vulnerabilities and having a good business continuity plan in place to account for these types of attacks should be paramount priorities in any organization.”

With the NSA roadmap, creating the worm WannaCry wasn’t too difficult. The virus slips into a system, and once there, plants a bit of software that encrypts the information. A red screen pops up telling a user to pay $300 in Bitcoin within a certain time frame if they want to recover access to their data.

In doing so, the worm generates an encryption key. Those keys must be registered at a remote “command and control” destination on the Internet. Some groups have found that once they have identified that location, they have been able to set up an alternative version of the site that tricks the virus and prevents the encryption from happening. So far, Lieberman said there have been two waves of the virus, and both have eventually been blocked this way.

The problem is that the worm spreads itself very quickly once launched. And even if it’s stopped, a user with an encrypted machine is still stuck with few options but to pay up. Some security firms were furiously working on decryption tools, but a ticking clock on the red screen gives users only so much time to pay before the amount goes up.

“You can have as many backups as you want, but fighting a malware outbreak that infects all your Windows systems is very hard to combat,” wrote Dutch security firm Redsocks in a blog post. “Anyone can imagine the impact of all Windows computers being disabled.”

Given the diffuse nature of the attack, it’s difficult to estimate how many targets have or will pay, or what the ultimate cost may be. But some estimates are already saying a conservative target of $1 billion is not unreasonable, a stunning windfall for whatever group is behind it.

The problem now is that relaunching another version of the worm with a different destination is pretty easy for the hackers.

And that’s why security experts are worried that there’s no way to stop wave after wave of attacks being launched against the massive number of exposed systems. They worry that this is the beginning of a fight without an obvious end in sight, short of finding and arresting the people behind the assault and patching every single machine.

My take: Well that's what happened in May and you know what's happening now. The concern is that N. Korea is ideally situated to carry out these attacks without the normal repercussions other nations suffer. The implication of course being they are far from finished and the situation is far more serious due to Trump's saber-rattling with Un.