What we know and do not know about the international cyberattack
■ In total, more than 45,000 attacks were recorded in 74 countries. Russia was the worst, followed by Ukraine, India and Taiwan, according to Kaspersky Lab, a Russian cybersecurity firm. FedEx, the British National Health Service and the Russian Ministry of the Interior are among the companies and government agencies involved.
Continue reading the main storyWhat we know
■ Cybersecurity experts have identified malware as a variant of ransomware known as WannaCry. Workers in hospitals and businesses around the world were confronted with a message on their monitors who read: "Oops, your files were encrypted!" And asked Bitcoin for $ 300, an anonymous digital currency preferred by criminals, To restore access.
■ The hackers appeared to have exploited a flaw in the Microsoft Windows operating system that was first discovered by the US National Security Agency. The scourge and a tool to exploit it with malware was made public in April by a group of hackers known as Shadow Brokers.
■ Microsoft released a new patch for its Windows software after the attack.
■ At least 45 British hospitals and other medical facilities appeared to be the most affected by the attacks, preventing doctors from accessing patient records and causing emergency rooms To divert patients. Prime Minister Theresa May said there was no evidence that patient data had been compromised.
■ Companies such as Deutsche Bahn, the German transportation giant; Telefónica, a Spanish telecommunications company; And Renault, the French automaker, said some of their systems had been hit, although no major breakdown was reported in the region's transport or telecommunications networks.
■ The Russian Interior Ministry confirmed in a statement that 1,000 of its computers had also been affected.
■ The Chinese online security company Qihoo 360 issued a warning about the virus, saying that many networks had been affected and that some computers used to extract Bitcoin in China were among those infected.
■ A FedEx spokesman said: "Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malicious software. "
■ Last year's reports revealed that some public hospitals in Great Britain had not devoted much attention to the Cyber defense and had outdated software on their systems.
What is Ransomware?
■ In a typical attack, hackers pass an e-mail message to their victims that includes a link to what appears to be a web address or an inoffensive e-mail attachment. In this case, the attackers seem to have sent to their victims encrypted .zip files which are intended to make it more difficult to detect their harmful needs.
■ Victims who click on this attachment quickly find their computers infected. The program encrypts files, folders and drives on the computer - and potentially all the networks to which they are connected. "Users and organizations are generally unaware that they have been infected until they can no longer access their data or until they start To see computer messages informing them of the attack and requesting a ransom payment in exchange for a decryption key ", according to the FBI
■ Messages received by victims include instructions To pay the assailants a ransom. Payment is usually requested, as in the last group of attacks, in Bitcoin.
■ A Los Angeles hospital was also attacked in February last year, paying a bitcoin ransom equivalent to about $ 17,000 for hackers who used malware to keep their computer system hostage .
How was the attack curled?
■ Attackers, who have not yet been identified, have included a "destruction switch" in their attack, a way to disable the malicious software in case they wanted to close their activities. To do this, the attackers included a code in the ransomware system that would prevent it from spreading if the virus sent an online request to a specific website, such as the one created by the attackers.
■ When the 22-year-old British researcher whose Twitter handle is @MalwareTechBlog saw in the attack that the domain name of the mortar was not registered, he Bought itself. By making the site live, the researcher stopped the attack inadvertently before being able to spread completely to the United States, according to experts. (He confirmed his involvement and wrote an article on the blog, but insisted on anonymity as he did not want the public review.)
■ "The switch Of destruction is why the United States has not been affected so far "said Matthieu Suiche, founder of Comae Technologies, a cybersecurity company in the United Arab Emirates. "But this is only temporary. All attackers should do is create a variant of the hack with a different domain name."
HEALTH COACH -
Comments
Post a Comment