Robots can see well enough to drive a car. Computers can hear our voices and respond to commands. VOA’s Arturo Martinez and Steve Baragona report that engineers are breaking through the next sensation frontier for robots: touch. Steve Baragona narrates.
…
Virgin Galactic’s Beth Moses, who received the Adler Planetarium’s “Women in Space Science Award” this year, views the opportunity for widely available space flight as a unifying endeavor for humanity. As Kane Farabaugh reports from Chicago, Moses is telling students about space flight as a way to motivate them to pursue careers like hers.
…
Two-thirds of those caught up in the past week’s global ransomware attack were running Microsoft’s Windows 7 operating system without the latest security updates, a survey for Reuters by security ratings firm BitSight found.
Researchers are struggling to try to find early traces of WannaCry, which remains an active threat in hardest-hit China and Russia, believing that identifying “patient zero” could help catch its criminal authors.
They are having more luck dissecting flaws that limited its spread.
Security experts warn that while computers at more than 300,000 internet addresses were hit by the ransomware strain, further attacks that fix weaknesses in WannaCry will follow that hit larger numbers of users, with more devastating consequences.
“Some organizations just aren’t aware of the risks; some don’t want to risk interrupting important business processes; sometimes they are short-staffed,” said Ziv Mador, vice president of security research at Israel’s SpiderLabs Trustwave.
“There are plenty of reasons people wait to patch and none of them are good,” said Mador, a former long-time security researcher for Microsoft.
WannaCry’s worm-like capacity to infect other computers on the same network with no human intervention appear tailored to Windows 7, said Paul Pratley, head of investigations & incident response at UK consulting firm MWR InfoSecurity.
Data from BitSight covering 160,000 internet-connected computers hit by WannaCry, shows that Windows 7 accounts for 67 percent of infections, although it represents less than half of the global distribution of Windows PC users.
Computers running older versions, such as Windows XP used in Britain’s NHS health system, while individually vulnerable to attack, appear incapable of spreading infections and played a far smaller role in the global attack than initially reported.
In laboratory testing, researchers at MWR and Kyptos say they have found Windows XP crashes before the virus can spread.
Windows 10, the latest version of Microsoft’s flagship operating system franchise, accounts for another 15 percent, while older versions of Windows including 8.1, 8, XP and Vista, account for the remainder, BitSight estimated.
Computer basics
Any organization which heeded strongly worded warnings from Microsoft to urgently install a security patch it labeled “critical” when it was released on March 14 on all computers on their networks are immune, experts agree.
Those hit by WannaCry also failed to heed warnings last year from Microsoft to disable a file sharing feature in Windows known as SMB, which a covert hacker group calling itself Shadow Brokers had claimed was used by NSA intelligence operatives to sneak into Windows PCs.
“Clearly people who run supported versions of Windows and patched quickly were not affected”, Trustwave’s Mador said.
Microsoft has faced criticism since 2014 for withdrawing support for older versions of Windows software such as 16-year-old Windows XP and requiring users to pay hefty annual fees instead. The British government canceled a nationwide NHS support contract with Microsoft after a year, leaving upgrades to local trusts.
Seeking to head off further criticism in the wake of the WannaCry outbreak, the U.S. software giant last weekend released a free patch for Windows XP and other older Windows versions that it previously only offered to paying customers.
Microsoft declined to comment for this story.
On Sunday, the U.S. software giant called on intelligence services to strike a better balance between their desire to keep software flaws secret – in order to conduct espionage and cyber warfare – and sharing those flaws with technology companies to better secure the internet.
Half of all internet addresses corrupted globally by WannaCry are located in China and Russia, with 30 and 20 percent respectively. Infection levels spiked again in both countries this week and remained high through Thursday, according to data supplied to Reuters by threat intelligence firm Kryptos Logic.
By contrast, the United States accounts for 7 percent of WannaCry infections while Britain, France and Germany each represent just 2 percent of worldwide attacks, Kryptos said.
Dumb and sophisticated
The ransomware mixes copycat software loaded with amateur coding mistakes and recently leaked spy tools widely believed to have been stolen from the U.S. National Security Agency, creating a vastly potent class of crimeware.
“What really makes the magnitude of this attack so much greater than any other is that the intent has changed from information stealing to business disruption”, said Samil Neino, 32, chief executive of Los Angeles-based Kryptos Logic.
Last Friday, the company’s British-based 22-year-old data breach research chief, Marcus Hutchins, created a “kill-switch”, which security experts have widely hailed as the decisive step in halting the ransomware’s rapid spread around the globe.
WannaCry appears to target mainly enterprises rather than consumers: Once it infects one machine, it silently proliferates across internal networks which can connect hundreds or thousands of machines in large firms, unlike individual consumers at home.
An unknown number of computers sit behind the 300,000 infected internet connections identified by Kryptos.
Because of the way WannaCry spreads sneakily inside organization networks, a far larger total of ransomed computers sitting behind company firewalls may be hit, possibly numbering upward of a million machines. The company is crunching data to arrive at a firmer estimate it aims to release later Thursday.
Liran Eshel, chief executive of cloud storage provider CTERA Networks, said: “The attack shows how sophisticated ransomware has become, forcing even unaffected organizations to rethink strategies.”
Security Experts Find Clues to Ransomware Worm’s Lingering Risks
Researchers from a variety of security firms say they have so far failed to find a way to decrypt files locked up by WannaCry and say chances are low anyone will succeed.
However, a bug in WannaCry code means the attackers cannot use unique bitcoin addresses to track payments, security researchers at Symantec found this week. The result: “Users unlikely to get files restored”, the company’s Security Response team tweeted.
The rapid recovery by many organizations with unpatched computers caught out by the attack may largely be attributed to back-up and retrieval procedures they had in place, enabling technicians to re-image infected machines, experts said.
While encrypting individual computers it infects, WannaCry code does not attack network data-backup systems, as more sophisticated ransomware packages typically do, security experts who have studied WannaCry code agree.
These factors help explain the mystery of why such a tiny number of victims appear to have paid ransoms into the three bitcoin accounts to which WannaCry directs victims.
Less than 300 payments worth around $83,000 had been paid into WannaCry blackmail accounts by Thursday (1800 GMT), six days after the attack began and one day before the ransomware threatens to start locking up victim computers forever.
The Verizon 2017 Data Breach Investigations Report, the most comprehensive annual survey of security breakdowns, found that it takes three months before at least half of organizations install major new software security patches.
WannaCry landed nine weeks after Microsoft’s patch arrived.
“The same things are causing the same problems. That’s what the data shows,” MWR research head Pratley said.
“We haven’t seen many organizations fall over and that’s because they did some of the security basics,” he said.
The European Union’s competition watchdog has fined Facebook 110 million euros ($122 million) for providing misleading information over its buyout of mobile messaging service WhatsApp.
The European Commission said Thursday that when Facebook informed the Commission of the 2014 buyout, it said it would be unable to “establish reliable automated matching” between Facebook and WhatsApp user accounts.
But the Commission says that in 2016, WhatsApp offered updates including the possibility of linking user phone numbers with Facebook user IDs.
Competition Commissioner Margrethe Vestager said the fine is proportionate and serves as a deterrent.
She said “the Commission must be able to take decisions about mergers’ effects on competition in full knowledge of accurate facts.”
…
When Hurricane Sandy swept over Long Island, New York, in October 2012, power was knocked out and traffic lights were inoperable. While driving in her car, Stony Brook University student Vishwaja Muppa, 21, was struck by a police car and later died. The death of Muppa, from India, was one of 53 that were blamed on the storm.
On Stony Brook’s campus, damage was limited and students who sheltered remained safe. But university officials took the hurricane’s visit as a wake-up call and planned a state-of-the-art Emergency Operations Center (EOC).
Stony Brook hired two security technology firms, VCORE Solutions and IntraLogic Solutions, to install equipment and software that would bring separate monitoring and communications systems under one roof.
“All the things we have in different silos, managed by different systems, are imported into one virtual environment,” Larry Zacarese, director of emergency management at Stony Brook, told VOA.
From the command center during Hurricane Sandy, Zacarese had little contact with other parts of the campus or local emergency responders off campus, he said. The new system shows images from cameras throughout campus and projects them on several monitors mounted across a 6½-meter-long wall.
Eyes everywhere
The system is regarded as a model and has been studied by other universities. Among the devices linked electronically are entry codes on hundreds of doors across campus, Global Positioning System units, fire alarms, video cameras and large, flat-screen television sets. The information from cameras and sensors is projected onto a large computer screen that shows the entire campus from above, including each building.
“We have a three-dimensional world overlaid on top of satellite imagery of our campus,” Zacarese said.
Software allows operators in the command center to expand each image and go into a building, checking its characteristics and the status of its sensors and alarms on each floor.
The system also allows the Emergency Operations Center to communicate in 15 ways with students across campus, utilizing social media, text messages, public address speakers and the 175 flat-screen television panels across campus. Operators can use the screens to warn students and faculty of a problem. They can use screens at all locations, or only at one site.
“If there is a fire in a chemistry lab,” Zacarese said, “we could communicate specifically to people in the chemistry building, as well as those in the immediate vicinity outside.”
Violence on campus
Zacarese said Stony Brook’s security system is vital in responding to violence and protecting those on campus. Last year, threatening messages of a “terroristic nature” appeared at a campus bus stop, he said. Using the information from cameras and other devices, police were able to identify the perpetrator and arrest him.
“In less than three hours,” Zacarese said, “we had someone in custody.”
There are more than 25,000 students enrolled at Stony Brook during a normal semester, but adding faculty and staff, campus population swells to about 50,000.
“The population size of this campus is essentially as big or bigger than some small cities,” Zacarese said.
The high-tech Emergency Operations Center can also be useful in police and fire investigations, he said, because investigators can use recorded data to find evidence and trace suspects.
…
Apple will reportedly announce an update to its lineup of laptops at its annual developer conference, known as WWDC, in June.
The report from Bloomberg suggests Apple is responding to increased competition from rival Microsoft.
According to the report, Apple will announce three new laptops: The MacBook Pro will get a quicker processor, as will the 12-inch MacBook and the 13-inch MacBook Air. The processors, according to Bloomberg, will be Intel’s newest, seventh generation chips.
Apple’s laptops account for 11 percent of the company’s annual $216 billion in sales. iPhones make up nearly two thirds of the company’s sales.
Rival Microsoft recently unveiled its own Surface Laptop as a possible competitor to MacBook Air. That device reportedly boots up quickly and has a touchscreen.
According to Bloomberg, the new MacBook Pro would share the same basic external look of the current models.
It has been seven years since Apple redesigned the MacBook Air and more than a year since the company released a new MacBook Pro. The 12-inch MacBook saw its last update last spring.
Apple will also reportedly announce an upgrade to its macOS operating system.
The WWDC will start June 5.
…
The hacker group behind the leak of cyber spying tools from the U.S. National Security Agency, which were used in last week’s “ransomware” cyberattack, says it has more code that it plans to start selling through a subscription service launching next month.
The group known as Shadow Brokers posted a statement online Tuesday saying the new data dumps could include exploits for Microsoft’s Windows 10 operating system, and for web browsers and cell phones, as well as “compromised network data from Russian, Chinese, Iranian or North Korean nukes and missile programs.”
Shadow Brokers tried unsuccessfully last year to auction off cyber tools it said were stolen from the NSA.
The WannaCry ransomware virus exploited a vulnerability in Microsoft’s older Windows XP operation system. The company had largely stopped offering support such as security updates for Windows XP, but did release a patch to protect users against the attack that demanded people pay to avoid losing their data.
There is no definitive evidence yet of who used the NSA tools to build WannaCry.
Cyber security experts say the technical evidence linking North Korea to the cyberattack is somewhat tenuous, but Pyongyang has the advanced cyber capabilities, and the motive to compensate for lost revenue due to economic sanctions, to be considered a likely suspect.
Since Friday, the WannaCry virus has infected more than 300,000 computers in 150 countries, at least temporarily paralyzing factories, banks, government agencies, hospitals and transportation systems.
On Monday analysts with the cyber security firms Symantec and Kaspersky Lab said some code in an earlier version of the WannaCry software had also appeared in programs used by the Lazarus Group, which has been identified by some industry experts as a North Korea-run hacking operation.
“Right now we’ve uncovered a couple of what we would call weak indicators or weak links between WannaCry and this group that’s been previously known as Lazarus. Lazarus was behind the attacks on Sony and the Bangladesh banks for example. But these indicators are not enough to definitively say it’s Lazarus at all,” said Symantec Researcher Eric Chien.
Bureau 121
Symantec has linked the Lazarus group to a number of cyberattacks on banks in Asia dating back years, including the digital theft of $81 million from Bangladesh’s central bank last year.
The U.S. government blamed North Korea for the hack on Sony Pictures Entertainment that leaked damaging personal information after Pyongyang threatened “merciless countermeasures” if the studio released a dark comedy movie that portrayed the assassination of Kim Jong Un. And South Korea had accused the North of attempting to breach the cyber security of its banks, broadcasters and power plants on numerous occasions.
Pyongyang is believed to have thousands of highly trained computer experts working for a cyberwarfare unit called Bureau 121, which is part of the General Bureau of Reconnaissance, an elite spy agency run by the military. There have been reports the Lazarus group is affiliated with Bureau 121. Some alleged North Korean-related cyberattacks have also been traced back to a hotel in Shenyang, China near the Korean border.
“Mostly they hack directly, but they hack other countries first and transfer (the data), so various other countries are found when we trace back, but a specific IP address located in Pyongyang can be found in the end,” said Choi Sang-myung, a senior director of the cyber security firm Hauri Inc. in Seoul.
Ransom
It is not clear if the purpose of the WannaCry malware is to extort payments or to cause widespread damage.
The WannaCry hackers have demanded ransoms from users, starting at $300 to end the cyberattack, or they threatened to destroy all data on infected computers. So far the perpetrators have raised less than $70,000 according to Tom Bossert, a homeland security adviser for U.S. President Donald Trump.
The countries most affected by WannaCry to date are Russia, Taiwan, Ukraine and India, according to Czech security firm Avast.
Suffering under increased economic sanctions for its nuclear and ballistic missile programs, it would not be surprising for North Korea to attempt to make up for lost revenue through illicit cyber theft and extortion. But the WannaCry ransomware is more advanced than anything North Korean hackers have used in the past.
“Previous ransomwares required people to click an attachment in an email or access a specific website to get infected, but this time (computers) can be infected without getting an email or access to a website, just by connecting an Internet cable,” said Choi.
FireEye Inc., another large cyber security firm, said it was also investigating but cautious about drawing a link to North Korea.
In addition to past alleged cyberattacks, North Korea had also been accused of counterfeiting $100 bills which were known as “superdollars” or “supernotes” because the fakes were nearly flawless.
Youmi Kim contributed to this report.
…
Motorized skateboards are a simple and affordable form of personal transportation while advanced battery technology considerably extended their range. Now a startup company in Germany offers a skateboard that is almost entirely printed in plastic and has wireless speed control. VOA’s George Putic reports.
…
A computer virus that exploits the same vulnerability as the global “ransomware” attack has latched on to more than 200,000 computers and begun manufacturing digital currency, experts said Tuesday.
The development adds to the dangers exposed by the WannaCry ransomware and provides another piece of evidence that a North Korea-linked hacking group may be behind the attacks.
WannaCry, developed in part with hacking techniques that were either stolen or leaked from the U.S. National Security Agency, has infected more than 300,000 computers since Friday, locking up their data and demanding a ransom payment to release it.
Researchers at security firm Proofpoint said the related attack, which installs a currency “miner” that generates digital cash, began infecting machines in late April or early May but had not been previously discovered because it allows computers to operate while creating the digital cash in the background.
Proofpoint executive Ryan Kalember said the authors may have earned more than $1 million, far more than has been generated by the WannaCry attack.
Like WannaCry, the program attacks via a flaw in Microsoft Corp’s Windows software. That hole has been patched in newer versions of Windows, though not all companies and individuals have installed the patches.
Suspected links to North Korea
Digital currencies based on a technology known as blockchain operate by enabling the creation of new currency in exchange for solving complex math problems. Digital “miners” run specially configured computers to solve the problems and generate currency, whose value fluctuates according to market demand.
Bitcoin is by far the largest such currency, but the new mining program is not aimed at Bitcoin. Rather it targeted a newer digital currency, called Monero, that experts say has been pursued recently by North Korean-linked hackers.
North Korea has attracted attention in the WannaCry case for a number of reasons, including the fact that early versions of the WannaCry code used some programming lines that had previously been spotted in attacks by Lazarus Group, a hacking group associated with North Korea.
Security researchers and U.S. intelligence officials have cautioned that such evidence is not conclusive, and the investigation is in its early stages.
In early April, security firm Kaspersky Lab said that a wing of Lazarus devoted to financial gain had installed software to mine Moreno on a server in Europe.
A new campaign to mine the same currency, using the same Windows weakness as WannaCry, could be coincidence, or it could suggest that North Korea was responsible for both the ransomware and the currency mining.
Kalember said he believes the similarities in the European case, WannaCry and the miner were “more than coincidence.”
“It’s a really strong overlap,” he said. “It’s not like you see Moreno miners all over the world.”
The North Korean mission to the United Nations could not be reached for comment, while the FBI declined to comment.
…
Thailand backed off a threat to block Facebook on Tuesday, instead providing the social media site with court orders to remove content that the government deems illegal.
Thailand made the threat last week as it wanted Facebook to block more than 130 posts it considers a threat to national security or in violation of the country’s lese majeste law, which makes insults to the monarchy punishable by up to 15 years in prison. Thailand’s military government has made prosecuting royal insults a priority since seizing power in a coup three years ago.
Takorn Tantasith, secretary-general of Thailand’s broadcast regulator, said Facebook had requested the court orders before it would take action but he expected the social media giant would comply with the government’s demands.
“Facebook have shown good cooperation with us,” Takorn told reporters.
Emails and calls seeking confirmation from Facebook were not immediately returned.
The regulator last week demanded that Facebook remove more than 130 illegal posts by Tuesday or face legal action that could shut down the site. In a change of tactic, Takorn said that Thailand had forwarded 34 court orders to Facebook so far.
“The websites that need to be taken down are not only for those that are a threat to stability but they also include other illegal websites such as porn and websites that support human-trafficking which take time to legally determine,” Takorn said.
Thai authorities try to take pre-emptive actions against material they consider illegal, having local internet service providers block access or reaching agreements with some online services such as YouTube to bar access to certain material in Thailand.
Much of that is content deemed in violation of the country’s lese majeste law, the harshest in the world. The military government has charged more than 100 people with such offenses since the coup and handed down record sentences. Many of those cases have been based on internet postings or even private messages exchanged on Facebook.
Last month, Thai authorities declared it illegal to exchange information on the internet with three prominent government critics who often write about the country’s monarchy.
Facebook, which is blocked in a number of authoritarian countries such as North Korea, has said it relies on local governments to notify the site of information it deems illegal.
“If, after careful legal review, we find that the content is illegal under local law we restrict it as appropriate and report the restriction in our Government Request Report,” Facebook has said in past statements outlining its policy.
…
Get ready for more rabbit ears, dog noses and funny hats to show up in your Facebook feed.
Facebook’s Instagram service is launching face filters in an effort to keep up with rival, Snap Inc.’s Snapchat.
“From math equations swirling around your head to furry koala ears that move and twitch, you can transform into a variety of characters that make you smile or laugh,” the company wrote on its blog.
The new features will also include the ability to manipulate video, allowing users to play them in reverse.
“Capture a fountain in motion and share a rewind of the water floating back up,” according to the blog post. “Experiment with some magic tricks of your own and defy the laws of physics wherever you are.”
Facebook, the largest social media platform, has been accused of copying features from Snapchat such as “Stories” which allows users to post pictures and videos that are erased after 24 hours.
According to Instagram, 200 million people use Stories daily.
Facebook’s stock price has been hovering around $150 this month, which is near the stock’s all-time high of $153.60.
Last week, Snap stocks cratered by 23 percent after the company posted poorer than expected quarterly results. The company says it has 166 million daily active users as of March 31.
Snap was trading at $20.42 Tuesday, down from an all-time high of $29.44.
…
Recently, one of the largest computer hacks of its kind hit companies and governments around the world. It is an example of the challenges in digital security and keeping ahead of technology. The U.S. military has developed a way to tap into the innovation and speed unique to Silicon Valley and tech startups. VOA’s Elizabeth Lee has more details on this initiative.
…
It looks like the time has finally come for residents across Africa to start using their most abundant natural power source. While building power plants and transmission lines takes years and costs much more, installing solar panels is quicker and more affordable for individual home owners, businesses and farmers. VOA’s George Putic reports.
…
A look at the software being used by extortionists to attack computer users around the globe.
…
A New Hampshire man who was injured in a house explosion is thanking Siri for saving his life.
Christopher Beaucher says he was checking on his mother’s vacant cottage in Wilmot on May 1 when he saw something suspicious and went inside.
He tells WMUR-TV that when he switched on a light, the house exploded.
“The whole place caught fire,” Beaucher said. “Part of it collapsed while I was in it during the initial explosion, so I couldn’t really tell where I was.”
Beaucher’s face and hands were badly burned. He grabbed his cellphone but was unable to dial because of his injuries. He says he somehow asked his iPhone’s voice-controlled virtual assistant Siri to call 911, believing he was going into shock.
A spokeswoman for Apple said Monday that statistics on Siri being used for emergencies weren’t available, but noted some recent emergencies in which it was used. Those include three boaters off the Florida coast in April who used the water-resistant phone when their craft capsized; a 4-year-old boy from London who used his mother’s thumb to unlock her iPhone and called Siri after she collapsed at home in March; and a man in Vancouver who collapsed, became paralyzed, and was able to use his tongue to use Siri.
Beaucher is undergoing treatment for his injuries and says he hopes to return to his job as a cook and tend to his farm.
“I’m very, very, extremely lucky to be alive,” he said.
The New Hampshire state fire marshal’s office is investigating the explosion.
…
This weekend’s global online extortion attack reinforces the need for businesses and other large organizations to update their computer operating systems and security software, cybersecurity experts said.
The attack largely infected networks that used out-of-date software, such as Windows XP, which Microsoft no longer offers technical support for.
“There’s some truth to the idea that people are always going to hack themselves,” said Dan Wire, a spokesman for security firm FireEye. “You’ve got to keep your systems updated.”
The attack that authorities say swept 150 countries this weekend is part of a growing problem of “ransomware” scams, in which people find themselves locked out of their files and presented with a demand to pay hackers to restore their access.
Hackers bait users to click on infected email links, open infected attachments or take advantage of outdated and vulnerable systems. This weekend’s virus was particularly virulent, because it could spread to all other computers on a network even if just one user clicked a bad link or attachment.
Lawrence Abrams, a New York-based blogger who runs BleepingComputer.com, says many organizations don’t install security upgrades because they’re worried about triggering bugs, or they can’t afford the downtime.
Here are five tips to make yourself a less-likely victim:
Make safe and secure backups
Once your files are encrypted, your options are limited. Recovery from backups is one of them. “Unfortunately, most people don’t have them,” Abrams says. Backups often are also out of date and missing critical information. With this attack, Abrams recommends trying to recover the “shadow volume” copies some versions of Windows have.
Some ransomware does also sometimes targets backup files, though.
You should make multiple backups — to cloud services and using physical disk drives, at regular and frequent intervals. It’s a good idea to back up files to a drive that remains entirely disconnected from your network.
Update and patch your systems
The latest ransomware was successful because of a confluence of factors. Those include a known and highly dangerous security hole in Microsoft Windows, tardy users who didn’t apply Microsoft’s March software fix, and malware designed to spread quickly once inside university, business and government networks. Updating software will take care of some vulnerability.
“Hopefully people are learning how important it is to apply these patches,” said Darien Huss, a senior security research engineer for cybersecurity firm Proofpoint, who helped stem the reach of the weekend attack. “I hope that if another attack occurs, the damage will be a lot less.”
The virus targeted computers using Windows XP, as well as Windows 7 and 8, all of which Microsoft stopped servicing years ago. Yet in an unusual step, they released a patch for those older systems because of the magnitude of the outbreak.
“There’s a lot of older Windows products out there that are `end of life’ and nobody’s bothered to take them out of service,” said Cynthia Larose, a cybersecurity expert at the law firm of Mintz Levin.
Use antivirus software
Using antivirus software will at least protect you from the most basic, well-known viruses by scanning your system against the known fingerprints of these pests. Low-end criminals take advantage of less-savvy users with such known viruses, even though malware is constantly changing and antivirus is frequently days behind detecting it.
Educate your workforce
Basic protocol such as stressing that workers shouldn’t click on questionable links or open suspicious attachments can save headaches. System administrators should ensure that employees don’t have unnecessary access to parts of the network that aren’t critical to their work. This helps limit the spread of ransomware if hackers do get into your system.
If hit, don’t wait and see
Some organizations disconnect computers as a precautionary measure. Shutting down a network can prevent the continued encryption — and possible loss — of more files. Hackers will sometimes encourage you to keep your computer on and linked to the network, but don’t be fooled.
If you’re facing a ransom demand and locked out of your files, law enforcement and cybersecurity experts discourage paying ransoms because it gives incentives to hackers and pays for their future attacks. There’s also no guarantee all files will be restored. Many organizations without updated backups may decide that regaining access to critical files, such as customer data, and avoiding public embarrassment is worth the cost.
Ryan O’Leary, vice president of WhiteHat Security’s threat research center, points out that this weekend’s hackers weren’t asking for much, usually about $300.
“If there is a silver lining to it, you’re not out a million dollars,” he said.
Still, “My answer is, never pay the ransom,” Abrams said. “But at the same time, I also know that if you’re someone who’s been affected and you’ve lost all your children’s photographs or you’ve lost all your data or you lost your thesis, sometimes $300 is worth it, you know?”
…
Europe’s police agency Europol says a global cyberattack has affected at least 100,000 organizations in 150 countries, with data networks infected by malware that locks computer files unless a ransom is paid.
Speaking to Britian’s ITV, Europol director Rob Wainwright said the healthcare sector in many countries is particularly vulnerable.
So far there has been no progress reported in efforts to determine who launched the plot.
Computer security experts have assured individual computer users who have kept their PC operating systems updated that they are relatively safe.
They advised those whose networks have been effectively shut down by the ransomware attack not to make the payment demanded — the equivalent of $300, paid in the digital currency bitcoin, delivered to a likely untraceable destination that consists merely of a lengthy string of letters and numbers.
However, the authors of the “WannaCry” ransomware attack told their victims the amount they must pay would double if they did not comply within three days of the original infection — by Monday, in most cases. And the hackers warned that they would delete all files on infected systems if no payment was received within seven days.
Avast, an international security software firm that claims it has 400 million users worldwide, said the ransomware attacks rose rapidly Saturday to a peak of 57,000 detected intrusions. Avast, which was founded in 1988 by two Czech researchers, said the largest number of attacks appeared to be aimed at Russia, Ukraine and Taiwan, but that major institutions in many other countries were affected.
‘Kill switch’ found
Computer security experts said the current attack could have been much worse but for the quick action of a young researcher in Britain who discovered a vulnerability in the ransomware itself, known as WanaCryptor 2.0.
The researcher, identified only as “MalwareTech,” found a “kill switch” within the ransomware as he studied its structure.
The “kill” function halted WanaCryptor’s ability to copy itself rapidly to all terminals in an infected system — hastening its crippling effect on a large network — once it was in contact with a secret internet address, or URL, consisting of a lengthy alphanumeric string.
The “kill” function had not been activated by whoever unleashed the ransomware, and the researcher found that the secret URL had not been registered to anyone by international internet administrators. He immediately claimed the URL for himself, spending about $11 to secure his access, and that greatly slowed the pace of infections in Britain.
Expects cautioned, however, that the criminals who pushed the ransomware to the world might be able to disable the “kill” switch in future versions of their malware.
Hackers’ key tool
WanaCryptor 2.0 is only part of the problem. It spread to so many computers so rapidly by using an exploit — software capable of burrowing unseen into Windows computer operating systems.
The exploit, known as “EternalBlue” or “MS17-010,” took advantage of a vulnerability in the Microsoft software that reportedly had been discovered and developed by the U.S. National Security Agency, which used it for surveillance activities.
NSA does not discuss its capabilities, and some computer experts say the MS17-010 exploit was developed by unknown parties using the name Equation Group (which may also be linked to NSA). Whatever its source, it was published on the internet last month by a hacker group called ShadowBrokers.
Microsoft distributed a “fix” for the software vulnerability two months ago, but not all computer users and networks worldwide had yet made that update and thus were highly vulnerable. And many computer networks, particularly those in less developed parts of the world, still use an older version of Microsoft software, Windows XP, that the company no longer updates.
The Finnish computer security firm F-Secure called the problem spreading around the world “the biggest ransomware outbreak in history.” The firm said it had warned about the exponential growth of ransomware, or crimeware, as well as the dangers of sophisticated surveillance tools used by governments.
Lesson: Update programs
With WanaCryptor and MS17-010 both “unleashed into the wild,” F-Secure said the current problem seems to have combined and magnified the worst of the dangers those programs represent.
The security firm Kaspersky Lab, based in Russia, noted that Microsoft had repaired the software problem that allows backdoor entry into its operating systems weeks before hackers published the exploit linked to the NSA, but also said: “Unfortunately it appears that many users have not yet installed the patch.”
Britain’s National Health Services first sounded the ransomware alarm Friday.
The government held an emergency meeting Saturday of its crisis response committee, known as COBRA, to assess the damage. Late in the day, Home Secretary Amber Rudd said the NHS was again “working as normal,” with 97 percent of the system’s components now fully restored.
Spanish firm Telefonica, French automaker Renault, the U.S.-based delivery service FedEx and the German railway Deutsche Bahn were among those affected.
None of the firms targeted indicated whether they had paid or would pay the hackers ransom.
Science fiction movies often contain imaginary technology. But now a real life moon rover has made it onto the big screen. Not only is it a star in a new film, but it will also play a starring role on a private mission to the moon next year. VOA’s Deborah Block has the story.
…
In what is believed to be the largest attack of its kind ever recorded, a cyberextortion attack continued causing problems Saturday, locking up computers and holding users’ files for ransom at dozens of hospitals, companies and government agencies. Businesses and computer security organizations await problems in the new workweek.
Ransomware Attack Could Herald Future Problems — Tech staffs around the world worked around the clock this weekend to protect computers and patch networks to block the computer hack whose name sounds like a pop song — “WannaCry” — as analysts warned the global ransomware attack could be just the first of a new wave of strikes by computer criminals.
Worldwide Cyberattack Spreads Further in Second Day — A cyberattack against tens of thousands of data networks in scores of countries, all infected by malware that locks computer files unless a ransom is paid, spread further in its second day Saturday, with no progress reported in efforts to determine who launched the plot.
Authorities Seek Clues On Culprits Behind Global Cyberattack — The British government said on Saturday it does not yet know who was behind a massive global cyberattack that disrupted Britain’s health care services, but Interior Minister Amber Rudd said the country’s National Crime Agency is investigating where the attacks came from.
Europol Working on Probe Into Massive Cyberattack — The European Union’s police agency, Europol, says it is working with countries hit by the global ransomware cyberattack to rein in the threat and help victims.
‘Perfect Storm’ of Conditions Helped Cyberattack Succeed — The cyberextortion attack that hit dozens of countries spread quickly and widely thanks to an unusual confluence of factors: a known and highly dangerous security hole in Microsoft Windows, tardy users who didn’t apply Microsoft’s March software fix, and a software design that allowed the malware to spread quickly once inside university, business and government networks.
Where Global Cyberattack Has Hit Hardest — A look at some of the countries and organizations hardest hit during the global cyberattack.
What Is the Digital Currency Bitcoin? — In the news now after a cyberextortion attack this weekend, bitcoin has a fuzzy history, but it’s a type of currency that allows people to buy goods and services and exchange money without involving banks, credit card issuers or other third parties.
Here is a look at some of the places hit by the global cyberattack.
European Union — Europol’s European Cybercrime Center, known as EC3, said the attack “is at an unprecedented level and will require a complex international investigation to identify the culprits.”
Britain — Britain’s home secretary said the “ransomware” attack hit one in five of 248 National Health Service groups, forcing hospitals to cancel or delay treatments for thousands of patients — even some with serious aliments like cancer.
Germany — The national railway said Saturday departure and arrival display screens at its train stations were affected, but there was no impact on actual train services. Deutsche Bahn said it deployed extra staff to help customers.
Russia — Two security firms — Kaspersky Lab and Avast — said Russia was hit hardest by the attack. The Russian Interior Ministry, which runs the country’s police, confirmed it was among those that fell victim to the “ransomware,” which typically flashes a message demanding payment to release the user’s data. Spokeswoman Irina Volk was quoted by the Interfax news agency Saturday as saying the problem had been “localized” and that no information was compromised. Russia’s health ministry said its attacks were “effectively repelled.”
United States — In the U.S., FedEx Corp. reported that its Windows computers were `”experiencing interference” from malware, but wouldn’t say if it had been hit by ransomware. Other impacts in the U.S. were not readily apparent.
Turkey — The head of Turkey’s Information and Communication Technologies Authority or BTK says the nation was among those affected by the ransomware attack. Omer Fatih Sayan said the country’s cyber security center is continuing operations against the malicious software.
France — French carmaker Renault’s assembly plant in Slovenia halted production after it was targeted. Radio Slovenia said Saturday the Revoz factory in the southeastern town of Novo Mesto stopped working Friday evening to stop the malware from spreading.
Brazil — The South American nation’s social security system had to disconnect its computers and cancel public access. The state-owned oil company Petrobras and Brazil’s Foreign Ministry also disconnected computers as a precautionary measure, and court systems went down, too.
Spain — The attack hit Spain’s Telefonica, a global broadband and telecommunications company.
…
Tech staffs around the world worked around the clock this weekend to protect computers and patch networks to block the computer hack whose name sounds like a pop song — “WannaCry” — as analysts warned the global ransomware attack could be just the first of a new wave of strikes by computer criminals.
The United States suffered relatively few effects from the ransomware that appeared on tens of thousands of computer systems across Europe and into Asia, beginning Friday. Security experts remained cautious, however, and stressed there was a continuing threat.
In contrast to reports from several European security firms, a researcher at the Tripwire company on the U.S. West Coast said late Saturday that the attack could be diminishing.
“It looks like it’s tailing off,” said Travis Smith of Tripwire.
“I hope that’s the case,” Smith added. The Oregon firm protects large enterprises and governments from computer security threats.
Ransomware attack
The code for the ransomware unleashed Friday remains freely available on the internet, experts said, so those behind the WannaCry attack — also known as WanaCryptor 2.0 and a variety of other names — could launch new strikes in coming days or weeks. Copycat attacks by other high-tech criminals also are possible.
“We are not out of the woods yet,” said Gary Davis, chief consumer security evangelist at McAfee, the global computer security software company in Santa Clara, California. “We think it’s going to be the footprint for other kinds of attacks in the future.”
The attack hit scores of countries — more than 100, by some experts’ count — and infected tens of thousands of computer networks.
Industry reports indicate Russia, Taiwan, Ukraine and Britain were among the countries hit hardest, and more hacking reports can be expected when offices reopen for the new workweek Monday or, in some parts of the world, Sunday.
One of the weapons used in the current attack is a software tool reportedly stolen from the U.S. National Security Agency and published on the internet by hackers last month.
The tool affords hackers undetected entry into many Microsoft computer operating systems, which is what they need to plant their ransomware. However, Microsoft issued patches to fix that vulnerability in its software weeks ago that could greatly reduce the chances of intrusion.
Outdated operating systems
The crippling effects of WannaCry highlight a problem that experts have long known about, and one that appears to have hit developing countries harder.
Some organizations are more vulnerable to intrusion because they use older or outdated operating systems, usually due to the cost of upgrading software or buying modern hardware needed to install better-protected operating systems. Companies like Microsoft eventually stop updating or supporting older versions of their software, so customers using those programs do not receive software patches or security upgrades.
Much of the ransomware’s spread around the world occurred without any human involvement. The WannaCry malware self-propagates, copying itself to all computers on a network automatically.
When a demand for ransom payments appears on a user’s screen — $300 at first, doubling to $600 in a few days — it’s usually too late: All files on that computer have been encrypted and are unreadable by their owners.
The hackers said they would reverse the effect of their software once they received the payments they demanded.
Microsoft patched the “hole” in the newest versions of its operating software — Windows 10 for most home users — in March, three weeks before the stolen NSA exploit software was published on the internet. Since Friday, the company dropped its refusal to update old versions of its programs and issued patches specifically written for use in Windows XP and several other systems.
Microsoft declined a request for an interview, but a statement on the company’s blog said: “Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. We are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003.”
“A lot of people in the security community were impressed with Microsoft’s speed, but it highlights an ongoing challenge we have,” said Stephen Cobb, a senior security researcher with ESET, a global security software company. “If a malicious code outbreak breaks out tomorrow, and targets unsupported operating systems, Microsoft may have to go there again.”
…
The British government said on Saturday it does not yet know who was behind a massive global cyberattack that disrupted Britain’s health care services and targeted vital computer systems in as many as 100 other countries.
British Interior Minister Amber Rudd said Britain’s National Cyber Security Center was working with the country’s health service to ensure the attack that began Friday was contained and limited.
She said Britain’s National Crime Agency was still working with her ministry to find out where the attacks came from and that the British government did not know if the attacks had been directed by a foreign government.
What appeared to be the biggest cyberextortion attack in history exploited a vulnerability in Microsoft Windows that was identified in leaked documents by the U.S. National Security Agency earlier this year.
With more than 75,000 attacks launched on Friday, cybercrime experts around the world were investigating a concentration of attacks in Russia, Ukraine, and India — countries where the use of older, unpatched versions of Microsoft Windows is widespread.
The hackers attempt to trick victims into opening malicious attachments to spam e-mails by saying they contained invoices, job offers, security warnings, and other seemingly legitimate files.
The extortionists demand payments of $300 to $600 to restore access once computers are crippled by the scam. Cybersecurity firms said criminal organizations were probably behind the attack.
Russia’s Interior Ministry, Emergencies Ministry, and biggest bank, Sberbank, were all targeted, officials said.
The Interior Ministry said on its website that around 1,000 computers had been infected, but it had localized the virus. Russia’s Investigative Committee denied reports that it was attacked.
Russia’s Health Ministry and Emergencies Ministry told Russian news agencies that they had repelled the cyberattacks, while Sberbank said its cybersecurity arrangements had prevented viruses from entering its systems.
Russia’s Central Bank said Saturday that it detected massive cyberattacks on domestic banks, but the resources of the Central Bank itself were “not compromised.”
Megafon, a top Russian mobile operator, said it had come under attacks that appeared similar to those that crippled U.K. hospitals. A spokesman said mobile communications weren’t affected but the attacks interrupted the work of its call centers.
Hospitals ‘Crippled’
Spain and the United Kingdom were hit particularly hard. Hospitals across Britain found themselves without access to their computers or phone systems. Many canceled routine procedures and asked patients not to come to the hospital unless it was an emergency.
British Prime Minister Theresa May said that, while some hospitals were crippled, there was no evidence patient data had been compromised.
Spain’s giant Telefonica telecommunications company was hit, prompting Spanish authorities to take measures to protect critical infrastructure in transportation, energy, telecommunications, and financial services.
Only a small number of U.S. organizations were hit because the hackers appear to have begun their campaign in Europe, cybersecurity firms said.
By the time the hackers turned their attention to the United States, spam filters had identified the new threat and flagged the ransomware-laden emails as malicious.
The security holes exploited by the hackers were disclosed several weeks ago by TheShadowBrokers, a mysterious group that has published what it says are hacking tools used by the White House security agency as part of U.S. intelligence-gathering.
Microsoft said it was pushing out automatic Windows updates to defend clients from the virus.
Some material for this article came from AP, BBC, AFP, Reuters, Tass and Interfax.
…
In what is believed to be the largest attack of its kind ever recorded, a cyberextortion attack struck in dozens of countries Friday, locking up computers and holding users’ files for ransom at dozens of hospitals, companies and government agencies.
Massive Cyberattack Hits Organizations Around Globe — An aggressive wave of cyberattacks has hit companies and public institutions around the globe, causing international havoc and bringing many services to a standstill. The cyberextortion attempt appeared to use stolen software developed by a U.S. spy agency.
What You Need to Know About Ransomware — What is ransomware? How does it infect your computer? How is the U.S. government’s National Security Agency involved? How to keep your computer safe.
Global Cyberattack Fuels Concern About US Vulnerability Disclosures — A global cyberattack on Friday renewed concerns about whether the U.S. National Security Agency and other countries’ intelligence services too often horde software vulnerabilities for offensive purposes, rather than quickly alerting technology companies to such flaws.
Companies Affected by Global Cyber Attack — A global cyber attack on Friday affected British hospitals, government agencies and companies, such as FedEx Corp., Telefonica SA, Portugal Telecom and Telefonica Argentina, in 99 countries, with Russia, Ukraine and Taiwan the top targets.
Don’t Click: What Is the ‘Ransomware’ WannaCry Worm? — What is so special about WannaCry?
…
Malicious software called “ransomware” has forced British hospitals to turn away patients and affected Spanish companies such as Telefonica as part of a global outbreak that has affected tens of thousands of computers.
How does it work?
WannaCry — also known as WanaCrypt0r 2.0, WannaCry and WCry — is a form of “ransomware” that locks up the files on your computer and encrypts them in a way that you cannot access them anymore.
How does it spread?
Ransomware is a program that gets into your computer, either by clicking on the wrong thing or downloading the wrong thing, and then it holds something you need to ransom.
In the case of WannaCry, the program encrypts your files and demands payment in bitcoin in order to regain access.
Security experts warn there is no guarantee that access will be granted after payment. Some ransomware that encrypts files ups the stakes after a few days, demanding more money and threatening to delete files altogether.
There are different variants of what happens: Other forms of ransomware execute programs that can lock your computer entirely, only showing a message to make payment in order to log in again. There are some that create pop-ups that are difficult or impossible to close, rendering the machine difficult or impossible to use.
Where has it spread?
British-based cyber researcher Chris Doman of AlienVault said the ransomware “looks to be targeting a wide range of countries,” with initial evidence of infections in at least two dozen nations, according to experts from three security firms.
The broad-based ransomware attack has appeared in at least eight Asian nations, a dozen countries in Europe, Turkey and the United Arab Emirates and Argentina, and appears to be sweeping around the globe, researchers said.
What is so special about WannaCry?
WannaCry is not just a ransomware program, it is also a worm.
This means that it gets into your computer and looks for other computers to try and spread itself as far and wide as possible.
Ransomware has a habit of mutating, so it changes over time in order to find different ways to access computers or to get around patches (operating system updates that often include security updates). Many security firms are already aware of WannaCry in past forms and most are looking at this one right now to see how it might be stopped.
Several cybersecurity firms said WannaCry exploits a vulnerability in Microsoft and that Microsoft patched this in March. People don’t always install updates and patches on their computers, and so this means vulnerabilities can remain open a lot longer and make things easier for hackers to get in.
It exploited a vulnerability in the Windows operating system believed to have been developed by the National Security Agency, which became public last month. It was among a large number of hacking tools and other files that a group known as the Shadow Brokers released on the internet. Shadow Brokers said that they obtained it from a secret NSA server.
The identity of Shadow Brokers is unknown, though many security experts believe the group that surfaced in 2016 is linked to the Russian government.
The NSA and Microsoft did not immediately respond to requests for comment.
…