MSNBC: huge hacking attack spreading across Europe and Asia

They just reported this live. They say that it involves ransomware and may be related to an earlier leak of NSA software.

The British health system is affected and patient’s records can’t be accessed.

CNN has an online report.

Here’s the Arstechnica report:

Summary: It’s a new and virulent strain of Wanna Decryptor, uses a vulnerability exposed in April by the group known as the Shadow Brokers after an NSA leak, Microsoft issued a patch in March.

Loads of companies and orgs won’t have patched against this yet. Hey ho.

Wonder why intelligence services cant track the money.

Today, my work address received an email from “IT Security” directing me to it-security-group. com [link broken-ITD] so they can test the complexity of my passwords or risk being locked out of my work computer. I wonder if that’s related.

Note: the real IT Security people where I work have blocked it-security-group. com [link broken] as phishing.

ETA: my personal address was also the recent target of a phishing attempt regarding Google Chrome.

Usually the ransom has to be paid in Bitcoin. Bitcoin can sometimes be traced but apparently they’ve found ways to launder it.

I went ahead and broke the links, so no one accidentally follows them without realizing what they are.

Pennsylvania Democrats hit with ransomware threat.

This is how the end of the world is going to start isn’t it?

I guess this is a time to point people to my thread about finding anti-ransomware apps (from reputable anti-malware companies). I’m trying out the Malwarebytes one, since it promises to detect and stop any encryption before it happens.

As reported in that thread, backups can help. But the modern strains infect you for a while before they inform you you are infected, and deliberately try to corrupt your backups during that time, hoping you’ll overwrite your old backups. Plus, even if you have good backups, you can still be set back too far, as these bigger companies will notice.

So I do recommend that everyone use these things. I only wish I had a way of testing them properly, to see which one is best, and making sure they can stop this new strain.

Thanks. They weren’t active for me in Chrome, hadn’t occurred to me that they could be active in other browsers.

Imagine that this grows, crippling commerce and public services. Meanwhile the federal government is paralyzed by the current political crisis.

So yeah, this could be the end of the world.

Okay, not really. We’d probably muddle through somehow.

Please note, the Pennsylvania attack happened back in March. I didn’t realize that it was an old story. The European attack is current, and it linked to the PA story, leading me to think that the PA story was part of the current attack.

Wrong thread?

no u:stuck_out_tongue:

Hooray for Microsoft.
Woo-hoo.
Extra “hoo”.

Have they figured out how it originally spread? All the articles I’ve read say it spreads by some type of “phishing e-mail” and then infects other computers on the LAN using the NSA-leaked vulnerability in Windows. Nobody is saying what the original phishing e-mail looks like, and what you have to do with it to get infected (do you have to click on a link, or will just previewing the e-mail in Outlook infect the computer?).

The term “phishing” usually refers to an email made to look like something it isn’t (an email from your bank, for example), the intent being to get you to click on a link and go to a fake or malicious webpage, which either entices you to enter sensitive info (passwords, banking info, etc.), or is designed to exploit some security hole and install malware on your computer.

I assume in this case it was the second, directly installing malware without the victims knowledge.

The word is (from the people who have their heads around how it was done) that there could be another world wide attack tomorrow.

The BMJ published this last Wednesday (10th May)