Conditions behind cyberattack may be hard to mimic

Kristi Paul
May 15, 2017

Hospitals across England have canceled appointments and turned away patients after suffering an apparent cyberattack.

A security guard stands outside the Telefonica headquarters in Madrid, Spain, Friday, May 12, 2017.

Here's what happened: Unknown attackers deployed a virus targeting Microsoft servers running the file sharing protocol Server Message Block (SMB).

What's worse, those responsible were able to borrow a weaponized "exploit", apparently created by the U.S. National Security Agency, to launch the attack in the first place.

People outside a Megafon mobile phone shop in Moscow, Russia, on Saturday, May 13, 2017. A top Russian mobile operator said Friday it had come under cyberattacks that appeared similar to those that have crippled some United Kingdom ho.

FILE - This April 12, 2016 file photo shows the Microsoft logo in Issy-les-Moulineaux, outside Paris, France.

The NHS confirmed this afternoon that 16 of its organisation had been hit by a ransomware attack, after numerous trusts had confirmed they were experiencing "significant problems" with IT and telephone networks.

"We are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003", says Microsoft.

For instance, the Conficker virus, which first appeared in 2008 and can disable system security features, also spreads through vulnerabilities in internal file sharing.

A cyberattack that is forcing computer owners to pay hundreds of dollars in ransom to unlock their files has hit nearly every corner of the world.

Cybersecurity experts said that the malware arrived through "phishing" attacks in which recipients of emails were tricked into opening phony links.

Microsoft had made fixes for older systems, such as 2001's Windows XP, available only to mostly larger organizations, including Britain's National Health Service, that paid extra for extended technical support. Experts say it will be hard for them to replicate the conditions that allowed the so-called WannaCry ransomware to proliferate across the globe.

Nachreiner also recommended organizations invest in advanced malware protection, and build up a multi-layered defense to cyber attacks. "It's one of the first times we've seen a large worldwide global campaign", said Chris Camacho, chief strategy officer for Flashpoint, a cyber-intelligence company. It may have saved governments and companies millions of dollars and slowed the outbreak before US -based computers were more widely infected. The ransomware will persist on systems already infected.

Affected users can restore their files from backups, if they have them, or pay the ransom; otherwise they risk losing their data entirely.

In light of Friday's attacks, Microsoft announced that it's making the fixes free to all.

"It's impacting overseas among those who have outdated software or pirated software", the senior intelligence official said. (Intelligence officials wouldn't comment on the authenticity of the claims.) The tools appeared stolen by hackers, who dumped them on the internet.

There is a high probability that Russian-language cybercriminals were behind the attack, said Aleks Gostev, chief cybersecurity expert for Kaspersky Labs.

"The impact on the US seems to be negligible - very tiny impact, very few victims", the senior intelligence official told ABC News on Saturday. "Because they could have done something ages ago to get this problem fixed, and they didn't do it".

Other reports by VideoGamingPros

Discuss This Article

FOLLOW OUR NEWSPAPER