Support NeoGAF

[Spoiled Milk]

UPDATE: Kaspersky reporting at least 74 countries affected.

Security firm Kaspersky Lab has recorded more than 45,000 attacks in 74 countries in the past 10 hours. Most of the attacks have targeted Russia.

The ransomware, called "WannaCry," locks down all the files on an infected computer and asks the computer's administrator to pay in order to regain control of them. Researchers say it is spreading through a Microsoft (MSFT, Tech30) Windows exploit called "EternalBlue," which Microsoft released a patch for in March. A hacking group leaked the exploit in a trove of other NSA spy tools last month.

"Effected machines have six hours to pay up and every few hours the ransom goes up," said Kurt Baumgartner, the principal security researcher at Kaspersky Lab. "Most folks that have paid up appear to have paid the initial $300 in the first few hours."

Sixteen National Health Service (NHS) organizations in the UK have been hit, and some of those hospitals have canceled outpatient appointments and told people to avoid emergency departments if possible. Spanish telecom company Telefónica was also hit with the ransomware.

Spanish authorities confirmed the ransomware is spreading through the EternalBlue vulnerability and advised people to patch.
"It is going to spread far and wide within the internal systems of organizations -- this is turning into the biggest cybersecurity incident I've ever seen," UK-based security architect Kevin Beaumont said.

Kaspersky Lab says although the WannaCry ransomware can infect computers even without the vulnerability, EternalBlue is "the most significant factor" in the global outbreak.

Beaumont examined a sample of the ransomware used to target NHS and confirmed it was the same used to target Telefónica. He said companies can apply the patch released in March to all systems to prevent WannaCry infections. Although it won't do any good for machines that have already been hit.
He said it's likely the ransomware will spread to U.S. firms too. The ransomware is automatically scanning for computers it can infect whenever it loads itself onto a new machine. It can infect other computers on the same wireless network.

"It has a 'hunter' module, which seeks out PCs on internal networks," Beaumont said. "So, for example, if your laptop is infected and you went to a coffee shop, it would spread to PCs at the coffee shop. From there, to other companies."

 

[Tecnniqe]

Jesus Christ

 

[Fenderputty]

Thank Wikileaks!

 

[Xando]

Thanks Donald

 

[Spoiled Milk]

Thank Wikileaks!

Thanks Donald

Maybe NSA should responsibly report vulnerabilities.

 

[Clefargle]

Thanks Liara

 

[Beefy]

I wonder what Trump will say?

 

[ahoyhoy]

And this is why companies should not give NSA/FBI/CIA security back doors.

 

[FantasticMrFoxdie]

I wonder what Trump will say?

"Have you seen my election results!?"

 

[Spoiled Milk]

And this is why companies should not give NSA/FBI/CIA security back doors.

It was a vulnerability in older versions of windows.

 

[Tecnniqe]

"Have you seen my election results!?"

"The people have spoken! We have the best ransomware! The best!"

 

[enzo_gt]

Why do I feel like, despite the US sabotaging Iran's nuclear program, widespread astroturfing and social engineering during an important US election year, and a seeming increase in high profile institutions being hit with ransomware.. nobody is really taking cyberwarfare as serious as they seem to do in their press releases?

Or is cybersecurity just a shit show in general?

 

[Easy_D]

Fuck you NSA.

Edit: And the fuckers using said tools, of course

 

[iMax]

Sounds like Tim Cook's principle was right.

 

[Spoiled Milk]

Why do I feel like, despite the US sabotaging Iran's nuclear program, widespread astroturfing and social engineering during an important US election year, and a seeming increase in high profile institutions being hit with ransomware.. nobody is really taking cyberwarfare as serious as they seem to do in their press releases?

Or is cybersecurity just a shit show in general?

Who's nobody? The cyber frontier is the most active right now. It's all the department of defense even cares about anymore. Our infrastructure is critically vulnerable and this stuff is hard.

 

[cyberheater]

And this is why companies should not give NSA/FBI/CIA security back doors.

100% right. I could not agree more.

 

[Linkstrikesback]

And this is why companies should not give NSA/FBI/CIA security back doors.

You can guarantee the recent UK legislation (the surveillance bill) on that subject won't be slowed down at all by this though.

Damn Tories.

 

[kirblar]

Maybe NSA should responsibly report vulnerabilities.

Then they wouldn't be doing their jobs? They're spies.

 

[Barzul]

Someone will still come in here and claim Wikileaks is a journalism organization.

 

[Berordn]

Someone will still come in here and claim Wikileaks is a journalism organization.

Just look at all the news they've created!

 

[Auctopus]

You can guarantee the recent UK legislation (the surveillance bill) on that subject won't be slowed down at all by this though.

Damn Tories.

This is what I was instantly reminded of. I remember when it passed, people were trying to explain when a plan like this is put in the hands if incapable people (i.e The Tories). Sadly, this news will fall on deaf ears.

 

[Maxim726X]

Well... At least they work?

Great job?

 

[Rush_Khan]

Wait, so it's the same ransomware everywhere?

 

[Rygar 8 Bit]

I wonder what Trump will say?

time to convert our computers to steam

 

[Spoiled Milk]

Then they wouldn't be doing their jobs? They're spies.

Their other task is to protect American communications infrastructure. If our hospitals are in danger or our allies' hospitals are in danger then this is a conflicting interest with harboring a tool of espionage.

 

[shem935]

Their other task is to protect American communications infrastructure. If our hospitals are in danger or our allies' hospitals are in danger then this is a conflicting interest with harboring a tool of espionage.

So are you arguing that they shouldn't have these tools in the first place or that they should protect them better? You seem to be doing both.

 

[TangoAlphaLima]

 

[The Emperor]

National incident declared in the NHS in UK

Major london and other hospitals' Emergency department computers have also been affected etc!!

 

[low-G]

Wait, so it's the same ransomware everywhere?

Same ransomware via same exploit. This was a really obvious one for even someone who has the slightest knowledge of IT. Letting this one go through is idiotic.

I can't believe that none of the people in these companies thought it would be a problem. Unless they're cripplingly under-funded their entire staffs should be laid off.

And, if these companies don't want to literally go defunct, they need to invest hundreds of millions into actually making their systems and IT staff competent, because this could have actually been much, much worse.

 

[Xando]

Wait, so it's the same ransomware everywhere?

Looks like it.

I guess that's what happens when you don't do frequent updates(This was fixed by MS a few month's ago i think).

 

[kirblar]

Looks like it.

I guess that's what happens when you don't do frequent updates(This was fixed by MS a few month's ago i think).

It was. Not updating in that time frame is mindblowingly dumb.

 

[ilium]

And so it begins.

Time to prepare for the worst people. Gonna get my cyberdeck ready, catch up on the newest algorithm banks and hit the streets, hustle between all the cyberspace jockeys and data cowboys that will flood this new low world of high tech fast speed information brokering

 

[Zvonimir Boban]

Thanks Obama?

 

[AndyD]

Same ransomware via same exploit. This was a really obvious one for even someone who has the slightest knowledge of IT. Letting this one go through is idiotic.

I can't believe that none of the people in these companies thought it would be a problem. Unless they're cripplingly under-funded their entire staffs should be laid off.

And, if these companies don't want to literally go defunct, they need to invest hundreds of millions into actually making their systems and IT staff competent, because this could have actually been much, much worse.

I think the issue is that hospitals and other sensitive areas take a while to validate fixes before deploying them widely. At least that's what the articles I read say.

 

[slit]

Thanks Britain!

 

[Famassu]

Why do I feel like, despite the US sabotaging Iran's nuclear program, widespread astroturfing and social engineering during an important US election year, and a seeming increase in high profile institutions being hit with ransomware.. nobody is really taking cyberwarfare as serious as they seem to do in their press releases?

Or is cybersecurity just a shit show in general?

At least in Finland I've seen a lot of cybersecurity talk from different branches of government (and related parties in public & private sectors) in the past year or two.

Not sure how well they are handling things but the way it's talked about makes it seem like at least they try to take it seriously and consider cyberattacks one of the biggest modern threats outside of actual war waged with weaponry & shit.

 

[Spoiled Milk]

So are you arguing that they shouldn't have these tools in the first place or that they should protect them better? You seem to be doing both.

I'm not arguing the latter at all, I'm saying they shouldn't have these tools in the first place and would better serve the country by reporting vulnerabilities wherever they occur. From attempting to submit faulty cryptographic algorithms to putting backdoors in consumer hardware and software to failing to disclose known vulnerabilities in critical infrastructure just for the purpose of having another back pocket tool against the poor sucker plebs that have no rights, the NSA consistently and uniquely undermine the cyber security of this country and the world.

 

[Xando]

I think the issue is that hospitals and other sensitive areas take a while to validate fixes before deploying them widely. At least that's what the articles I read say.

I work on a helpdesk and we usually wait a week or two to roll out updates to see if they break something(unless it's major OS updates). Waiting months is not a good idea.

 

[Jack Scofield]

Someone call Barron!

 

[Samurai G0SU]

This is crazy!

 

[michaelius]

Thank Wikileaks!

I'm confused? Was it wikileaks or NSA who didn't notify software maker about it hmm ?

 

[slit]

This is crazy!

Actually what is crazy is this has not happened before on this scale.

 

[Kinyou]

Thanks Liara

Only one who got it right

 

[low-G]

I think the issue is that hospitals and other sensitive areas take a while to validate fixes before deploying them widely. At least that's what the articles I read say.

That may be true, but in today's environment that's literally impossible for them. They may believe they're checking that things are right, but that's like you or I doing a spot check on a secret spy satellite. Only good to wait a little while for non-critical fixes, this was a case where they were 100% guaranteed to be successfully attacked at ANY MOMENT. This attack was assured. When I first heard the news I took all my systems offline (before I even learned they were already patched).

This is the equivalent of having your limbs chopped off and shopping around for a 2nd and 3rd opinion while you bleed out.

 

[Spoiled Milk]

I'm confused? Was it wikileaks or NSA who didn't notify software maker about it hmm ?

...it was WikiLeaks that unleashed a tool of destruction without notifying journalists or governments first because they think themselves agents of chaos.

 

[Jezbollah]

Here is the real question.

How many other vulnerabilities do you think exist that have yet to be disclosed?

Have a happy night's sleep, sys admins

 

[kirblar]

...it was WikiLeaks that unleashed a tool of destruction without notifying journalists or governments first because they think themselves agents of chaos.

They're not "agents of chaos", they're an arm of the Russian government. Hence they put something like this out in the open to get people pissed at the NSA for doing their jobs.

 

[shem935]

I'm not arguing the latter at all, I'm saying they shouldn't have these tools in the first place and would better serve the country by reporting vulnerabilities wherever they occur. From attempting to submit faulty cryptographic algorithms to putting backdoors in consumer hardware and software to failing to disclose known vulnerabilities in critical infrastructure just for the purpose of having another back pocket tool against the poor sucker plebs that have no rights, the NSA consistently and uniquely undermine the cyber security of this country and the world.

You are implicitly arguing for them when you say the NSA should be protecting this country. They can't do that without developing these tools, whether you like to admit it or not. Should they guard those tools better? Sure. But leaving our nation toothless in the face of attacks that will come regardless of how pure the NSA is in your eyes seems like folly.

 

[Krakn3Dfx]

Should have used steam.

 

[Jezbollah]

They're not "agents of chaos", they're an arm of the Russian government. Hence they put something like this out in the open to get people pissed at the NSA for doing their jobs.

Just think of the heads up WIkileaks gave Russia of these new fun tools they had access to?