All posts in “Wannacrypt”

It’s time to take your medicine and stop WannaCry ransomware in its tracks

Hackers attacked a hospital system with ransomware and demanded $17,000 in bitcoin payment. 

This was not part of the potentially deadly Global WannaCry Ransomware attack that slammed Britain’s National Health Services (NHS) on Friday. It took place over a year ago, and the target was Hollywood Presbyterian Medical Center in Los Angeles.

Like the NHS, Hollywood Presbyterian chose to pay the ransom so they could quickly regain control of their antiquated systems.

Ransomware attacks have been on the rise for more than a year and, according to Jonathan Penn, Avast Security’s director of strategy, WannaCry could be “just one wave in a very long series.”

So far, Avast, a security solutions company, has detected and prevented almost a quarter of a million WannaCry ransomware attacks around the world. 

If companies, people and governmental agencies like the NHS knew that ransomware was exploding last year, why weren’t they preparing themselves? It’s like the ground floor of a 28-story high-rise is on fire and, instead of putting out the flames, we just keep taking the elevator up to another unaffected floor.

There are many excuses businesses and government agencies use to avoid upgrading their software. But the dramatic rise of ransomware attacks means it’s time for them to take their medicine and figure out a way to get it done. Otherwise, these attacks will just keep spreading with organizations paying ransoms that are cheaper than upgrades, until they’re not.

Microsoft and most security experts will tell you that the surest way to prevent a ransomware attack is to keep your Windows system up-to-date and fully patched, run security software, and avoid opening email from unknown parties and opening unknown links. 

Those running Windows 10 can’t even avoid updates (they can postpone for a week or so, but that’s it). However, most people and businesses aren’t running Windows 10. They’re on older platforms like Windows 7, which Microsoft will only patch through 2020. 

This latest attack could be ‘just one wave in a very long series.’

A shocking 7% are still on Windows XP, a 16-year-old operating system Microsoft stopped supporting years ago (but patched just for this attack). Anecdotal information indicates that businesses and governmental agencies around the world are the primary culprits here. Late last year, Citrix reported that the majority of NHS hospitals were still running Windows XP on at least some of their systems.

Penn isn’t surprised that the NHS hasn’t upgraded more quickly. “The health service in Britain is government-run. So, they need to make quite a significant case, go up the chain or take budget from somewhere else.”

However, it’s more than just money and bureaucracy that’s keeping businesses and governments from retiring old hardware and software.

Think about what it takes to update your own computer — or even your smartphone. It’s a pain in the neck, especially if functionality changes (and many people simply don’t let devices update). “Now multiply that times a thousand for business,” said Penn.

Businesses and government agencies often have customized software and disparate systems that need to communicate. Patches and OS updates can’t roll out willy nilly; they must be tested. That takes time and money and so do the potential ancillary updates that are often required.

“It’s just a hamster wheel of expense for a lot of these people,” said Penn.

Many simply decide to not upgrade, especially if all systems are still functioning.

“It’s just a hamster wheel of expense for a lot of these people,” said Penn.

What they’re doing, essentially, is a risk assessment. Changing things incurs cost and maybe lost business or even the ability to serve constituents. But the risk equation is tilting dramatically in the other direction.

Penn told me that the risk ramsomware poses is getting larger and will not go away. More worrisome is that the effectiveness of the WannaCry ransomware attack will probably lead to more attacks.

And the risks are widespread. 

Sources within the U.S. Federal Government tell Mashable that, so far, the impact on government systems hasn’t been bad and that there have been no public reports of WannaCry-related issues. 

However, the U.S. health care system may not be so lucky.

“Our health care system is fragmented: medical records, for example, might be created and managed by a single doctor’s office or by large hospital systems,” said former U.S. Department of Health and Human Services CIO Frank Baitman via email. “Their ability to patch legacy systems and employ cybersecurity staff varies enormously. Even in large enterprises, it’s difficult to patch all computers as soon as a Zero Day vulnerability is discovered,” he wrote. A Zero Day attack has no known patch or signature.

Penn, though, believes the next logical target is the education system, which has a devil’s brew of massive amounts of private data and grossly underfunded infrastructure. “It’s low-hanging fruit,” he said. I also asked him about the electric grid’s vulnerability, but Penn wouldn’t comment. 

Even if consumers and businesses follow Penn’s advice and upgrade, patch, and install antivirus, they may not be fully protected.

Shortly after news of the Hollywood Presbyterian attack broke, Security Architect Kevin Beaumont detailed the powerful ransomware behind it. Called Locky, it was reportedly infecting thousands of systems a minute. More terrifying, Beaumont wrote that having fully up-to-date systems didn’t seem to matter:

Having your endpoints fully Windows and Office patched, antivirus software installed, behind a firewall and with Malwarebytes Anti-Ransomware (in beta) likely wouldn’t have protected you if you allowed users to open macros and didn’t have application whitelisting correctly configured.

MessageLabs, Google Mail, Office 365 and hosted Exchange all delivered the Word documents.

Penn acknowledge that so-called Zero Day attacks are a reality.

“No one is going to claim that, if you do XY and Z you will never get any kind of attack, because there are these things called Zero-day attacks. They can be successful against systems with all these protections. It depends on nature of exploit,” he said.

Https%3a%2f%2fvdist.aws.mashable.com%2fcms%2f2017%2f5%2f96d34c79 4d0b 0b85%2fthumb%2f00001

Microsoft says WannaCry ransomware attack is a wake-up call for governments

A programmer shows a sample of a ransomware cyberattack on a laptop in Taipei on May 13.
A programmer shows a sample of a ransomware cyberattack on a laptop in Taipei on May 13.

Image: B. TONGO/EPA/REX/Shutterstock

A global ransomware attack hit thousands of Windows-based computers late last week, locking users’ files and demanding Bitcoin payment to unlock them. 

The attack, called WannaCry (or WannaCrypt), is a lesson to both the IT industry and consumers, Microsoft’s President and Chief Legal Officer Brad Smith argued in a blog post Sunday. But most of all, it is a wake-up call for governments, whose stockpiling of software vulnerabilities can be as dangerous as getting their missiles stolen. 

According to Smith, all Windows computers that are fully updated are safe from the attack, and Microsoft has been “working around the clock since Friday to help all our customers who have been affected by this incident.”

And while the attack shows how important it is for users and companies to keep their computers updated — as well as tech companies such as Microsoft to promptly release security updates and make sure their users get them — a big part of the responsibility lies, Smith argues, on government agencies which should rethink the practice of keeping zero-day software exploits secret. 

“An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen”

“This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. (…) We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen,” wrote Smith. 

The exploit that WannaCry is based on is called “EternalBlue” and comes from a trove of exploits stolen from the NSA and released on the web by a group of hackers called the Shadow Brokers. Just like the recent Vault 7 WikiLeaks data dump — a massive collection of CIA hacking tools, released to the public — the NSA exploits showed that government agencies aren’t able to prevent their cyber weapons from leaking to the public. 

“The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world,” wrote Smith.   

Meanwhile — despite a temporary “kill switch” measure developed by a couple of young experts —  a second wave of the attack is expected to occur Monday, as many companies’ employees arrive at work and start turning on their computers. 

Https%3a%2f%2fvdist.aws.mashable.com%2fcms%2f2017%2f5%2f32349bf5 5c12 0ceb%2fthumb%2f00001