{"id":92346,"date":"2017-05-15T12:01:06","date_gmt":"2017-05-15T11:01:06","guid":{"rendered":"https:\/\/www.transcend.org\/tms\/?p=92346"},"modified":"2017-05-15T10:55:17","modified_gmt":"2017-05-15T09:55:17","slug":"leaked-nsa-malware-is-helping-hijack-computers-around-the-world","status":"publish","type":"post","link":"https:\/\/www.transcend.org\/tms\/2017\/05\/leaked-nsa-malware-is-helping-hijack-computers-around-the-world\/","title":{"rendered":"Leaked NSA Malware Is Helping Hijack Computers around the World"},"content":{"rendered":"
\"\"<\/a>

Illustration: The Intercept. Getty Images<\/p><\/div>\n

12 May 2017 – <\/em>In mid-April,\u00a0an arsenal of powerful software tools apparently designed by the NSA to infect and control Windows computers was leaked<\/a> by an entity known only as the \u201cShadow Brokers.\u201d Not even a whole month later, the hypothetical threat that criminals would use the tools against the general public has become real, and tens of thousands of computers worldwide are now crippled by an unknown party demanding ransom.<\/p>\n

\"\"<\/a>

An infected NHS computer in Britain. Gillian Hann<\/p><\/div>\n

The malware worm taking over the computers goes by the names \u201cWannaCry\u201d or\u00a0\u201cWanna Decryptor.\u201d It spreads from machine to machine silently and remains invisible to users until it unveils itself as so-called ransomware, telling users that all their files have been encrypted with a key known only to the attacker and that they will be locked out until they pay $300 to an anonymous party using the cryptocurrency Bitcoin. At this point, one\u2019s computer would be rendered useless for anything other than paying said ransom. The price\u00a0rises to $600 after a few days; after seven days, if no ransom is paid, the hacker (or hackers) will\u00a0make the data permanently inaccessible (WannaCry victims will have a handy countdown clock\u00a0to\u00a0see exactly how much time they have left).<\/p>\n

Ransomware is not new; for victims, such an attack is normally a colossal headache. But today\u2019s vicious outbreak has spread ransomware on a massive scale, hitting not just home computers but reportedly health care, communications infrastructure, logistics, and government entities.<\/p>\n

Reuters said\u00a0that\u00a0\u201chospitals across England reported the cyberattack was causing huge problems to their services and the public in areas affected were being advised to only seek medical care for emergencies,\u201d and that \u201cthe attack had affected X-ray imaging systems, pathology test results, phone systems and patient administration systems.\u201d<\/p>\n

The worm has also reportedly reached universities, a major Spanish telecom, FedEx<\/a>, and the Russian Interior Ministry<\/a>. In total, researchers have detected WannaCry infections in over 57,000 computers<\/a>\u00a0across over 70 countries<\/a>\u00a0(and counting \u2014 these things move extremely quickly).<\/p>\n

https:\/\/twitter.com\/dodicin\/status\/862991818904002565\/photo\/1?ref_src=twsrc%5Etfw&ref_url=https%3A%2F%2Ftheintercept.com%2F2017%2F05%2F12%2Fthe-nsas-lost-digital-weapon-is-helping-hijack-computers-around-the-world%2F<\/p>\n

According to experts tracking and analyzing the worm and its spread, this could be one of the worst-ever recorded attacks of its kind. The security researcher who tweets and blogs as\u00a0MalwareTech told The Intercept, \u201cI\u2019ve never seen anything like this with ransomware,\u201d and \u201cthe last worm of this degree I can remember is Conficker.\u201d Conficker was a notorious Windows worm first spotted in 2008; it went on to infect over 9\u00a0million computers in nearly 200 countries<\/a>.<\/p>\n

Most importantly, unlike previous massively replicating computer worms and ransomware infections, today\u2019s ongoing WannaCry attack appears to be based on\u00a0an attack developed by the NSA, code-named ETERNALBLUE. The U.S. software weapon would have allowed the spy agency\u2019s hackers to break into potentially millions of Windows computers by exploiting a flaw<\/a> in how certain versions of Windows implemented a network protocol commonly used to share files and to print. Even though Microsoft fixed\u00a0the ETERNALBLUE vulnerability in a March software update, the safety provided there relied on computer users keeping their systems current with the most recent updates. Clearly, as has always been the case, many people (including in government) are not installing updates. Before, there would have been some solace in knowing that only enemies of the NSA would have to fear having ETERNALBLUE used against them \u2014 but from the moment the agency lost control of its own exploit last summer, there\u2019s been no such assurance. Today shows exactly what\u2019s at stake when government hackers can\u2019t keep their virtual weapons locked up. As security researcher Matthew Hickey, who tracked the leaked NSA tools last month, put it, \u201cI am actually surprised that a weaponized malware of this nature didn\u2019t spread sooner.\u201d<\/p>\n

\"\"<\/a>

Screenshot of an infected computer via Avast.<\/p><\/div>\n

The infection will surely reignite arguments over what\u2019s known as the Vulnerabilities Equity Process, the decision-making procedure used to decide whether the NSA should use a security weakness it discovers (or creates) for itself and keep it secret, or share it with the affected companies so that they can protect their customers. Christopher Parsons, a researcher at the University of Toronto\u2019s Citizen Lab, told The Intercept plainly: \u201cToday\u2019s ransomware attack is being made possible because of past work undertaken by the NSA,\u201d and that \u201cideally it would lead to more disclosures that would improve the security of devices globally.\u201d<\/p>\n

But even if the NSA were more willing to divulge its exploits rather than hoarding them, we\u2019d still be facing the problem that too many people really don\u2019t seem to care about updating their software. \u201cMalicious actors exploit years old vulnerabilities on a routine basis when undertaking their operations,\u201d Parsons pointed out. \u201cThere\u2019s no reason that more aggressive disclose of vulnerabilities through the VEP would change such activities.\u201d<\/p>\n

A Microsoft spokesperson provided the following comment:<\/p>\n

Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt. In March, we provided a security update which provides additional protections against this potential attack. Those who are running our free antivirus software and have Windows updates enabled, are protected. We are working with customers to provide additional assistance.<\/p>\n

Update: May 12, 2017, 3:45 p.m.:<\/strong><\/p>\n

This post was updated with a comment from Microsoft.<\/em><\/p>\n

Update: May 12, 2017, 4:10 p.m.:<\/strong><\/p>\n

This post was updated with a more current count of the number of\u00a0affected countries.<\/em><\/p>\n

________________________________________<\/em><\/p>\n

Related:<\/em><\/p>\n

Leaked NSA Malware Threatens Windows Users around the World<\/a><\/em><\/p>\n

The NSA Leak Is Real, Snowden Documents Confirm<\/a><\/em><\/p>\n

\"\"<\/a>Sam Biddle<\/a> – \u2709 sam.biddle@\u200btheintercept.com<\/a><\/em><\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

Go to Original \u2013 theintercept.com<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

12 May 2017 – In mid-April, an arsenal of powerful software tools apparently designed by the NSA to infect and control Windows computers was leaked by an entity known only as the \u201cShadow Brokers.\u201d Not even a whole month later, the hypothetical threat that criminals would use the tools against the general public has become real, and tens of thousands of computers worldwide are now crippled by an unknown party demanding ransom.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[216],"tags":[],"class_list":["post-92346","post","type-post","status-publish","format-standard","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts\/92346","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/comments?post=92346"}],"version-history":[{"count":0,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts\/92346\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/media?parent=92346"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/categories?post=92346"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/tags?post=92346"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}