(How bad could this get? Prelude for an even bigger attack?)Cyber attack latest: Vladimir Putin blames US for hack as thousands more computers hit by ransomware

Putin, NHS hack
Putin blamed the US for creating tools to exploit Microsoft flaw and denies Russian involvement in the hack

Vladimir Putin has blamed the US for the global cyber attack that has crippled computer systems around the world since Friday.

The cyber attack, which wreaked havoc at dozens of NHS trusts on Friday, has continued to spread, hitting thousands of computers in China and Japan.

Putin said Russia had “nothing to do” with the attack and blamed the US for creating the hacking software that affects Microsoft computers.

“Malware created by intelligence agencies can backfire on its creators,” said Putin, speaking to media in Beijing. He added that global leaders needed to discuss cyber security at a “serious political level” and said the US has backed away from signing a cyber security agreement with Russia. 

Authorities fear a second wave of the “WannaCry” ransomware could hit systems as people return to work and switch on their computers on Monday morning.

Japanese computer experts said around 2,000 PCs had been affected while the Chinese news agency Xinhua reported that almost 30,000 had been hit.

Authorities had warned of a day of chaos ahead of Monday, with the National Cyber Security Centre saying that existing infections could spread through computer systems.

Cyber attack: ransomware explained

NHS systems appeared to be largely up and running on Monday, although seven out of the 47 trusts hit by last week’s attack are still seeking emergency support, according to NHS Digital.

Patients are being warned of slow service at surgeries, but patient data does not appear to have been compromised. The Home Secretary Amber Rudd will hold a meeting of the emergency COBRA committee later today.

The WannaCry ransomware, which locks computer systems and demands $300 (£230) in Bitcoin, hit over 200,000 computers on Friday and the impact continued to be felt across the weekend. Around £33,000 in ransoms have been paid to date, according to analysis of Bitcoin wallets.

On Sunday night, Microsoft slammed the US spy agency that had originally developed software that allowed the ransomware attack to infect computers. The “Eternal Blue” tool developed by the National Security Agency had been dumped onto the public internet by a hacking group known as the Shadow Brokers.

It was then used by the still-anonymous cyber criminals to infect PCs with Friday’s ransomware.

“The governments of the world should treat this attack as a wake-up call,” In a statement, Microsoft president Brad Smith said. “Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.”

Microsoft released a patch over the weekend for the Eternal Blue vulnerability that defends against it even with older versions of Windows.

Auto update

On

1:26pm

Jeremy Hunt: No second wave of attacks

The Health Secretary has made his first public statement since last Friday’s attack.

He told BBC News:

I have this morning been briefed by GCHQ and the National Cyber Security Centre. According to our latest intelligence we have not seen a second wave of attacks and the level of criminal activity is at the lower end of what we had anticipated.

But the message is very clear, not just for organisations like the NHS but for private individuals and businesses: although we have never seen anything on this scale with regards ransomware attacks they are relatively common and there are things that you can do, all of us can do to protect ourselves against them.

In particular making sure data is properly backed up and making sure that we are using the software and antivirus patches that are sent out by manufacturers. These are things we can all do to reduce the impact of what we have seen in the last 48 hours.

Health Secretary Jeremy Hunt
Health Secretary Jeremy Hunt CREDIT: PA
1:19pm

Are new strains of WannaCry emerging?

The original ransomware was effectively neutered on Friday night after a British security expert bought the domain name that acted as a “kill switch”

However, new strains of the virus appear to have emerged over the weekend, with other cyber criminals seeking to make money by exploiting vulnerable systems.

Matthieu Suiche dealt with the first by registering a new killswitch address.

Since registering the 2nd killswitch yesterday, we stopped ~10K machines from spreading further – mainly from Russia.

However, the second, found by security company Kaspersky, does not have a killswitch at all, making it difficult to disable.

This second version does not seem to work, but it suggests hackers are trying to create a strain that cannot be so easily disabled.

12:24pm

NHS trusts ignored warning last month to upgrade systems

Dozens of NHS trusts fell victim to ransomware after failing to upgrade their systems despite a warning from NHS Digital, Sky News reports.

NHS Digital has said it told NHS trusts to upgrade their systems last month or risk falling victim to a cyber attack. The warning came after hackers leaked details of a Microsoft vulnerability stolen from the NSA.

The security patch could have prevented the ransomware attack from spreading across NHS computer systems.

NHS Digital has told Sky News NHS England trusts were sent details of security patch last month that would have prevented ransomware attack

11:24am

Renault shuts one of largest factories

Henry Samuel, our correspondent in Paris, says Renault has shut one of its largest factories in France as a “preventative measure”. Here’s his full dispatch:

One of carmaker Renault’s biggest factories in France remained closed on Monday as a “preventative” measure in the wake of the global cyberattack.

Renault had to temporarily lay off 3,500 staff at their Douai factory in northern France, giving them a collective holiday on Monday while they try and limit damage to the factory’s computers, which run into hundreds of terminals.

Unions were warned on Sunday.

The company gave no details on the degree to which the plant was affected by the malware.

“Our IT teams are working at the site today, along with logistics to maintain supply, and they will do everything possible to secure the site so that work can start up again tomorrow,” said a spokesman.

The work is “essentially preventative but requires great vigilance,” he said.

The Douai factory employs 5,500 staff and produces Talisman, Scenic and Espace vehicles.

A spokesman for Renault told AFP that production would start up again on Tuesday and that 90 per cent of the group’s factories were running as normal worldwide in the wake of the attack.

Two unspecified sites were not currently running abroad, he added.

The carmaker had earlier halted production at sites in France and Romania to prevent the spread of ransomware.

11:20am

Theresa May says Government warned the NHS about possible attack

Theresa May has denied accusations that the Government failed to alert the NHS about a possible cyber attack despite warnings from security experts.

“Clear warnings were given to hospital trusts,” said May, speaking at an event in Oxfordshire. “But this is not something that focused on attacking the NHS here in the UK.”

11:04am

Vladimir Putin blames US for hack

Vladimir Putin has blamed the US for causing the global cyber attack. He said Russia had “nothing to do” with the cyber attack, adding that the US had indirectly caused it by creating the Microsoft hack in the first place.

“Malware created by intelligence agencies can backfire on its creators,” said Putin, speaking to media in Beijing.

He added that the attack didn’t cause any significant damage to Russia. Russian security firm Kaspersky said hospitals, police and railroad transport had been affected in the country. Another report suggested Russia was one of the worst hit locations.

Putin said:

As regards the source of these threats, I believe that the leadership of Microsoft have announced this plainly, that the initial source of the virus is the intelligence services of the United States.

Once they’re let out of the lamp, genies of this kind, especially those created by intelligence services, can later do damage to their authors and creators.

So this question should be discussed immediately on a serious political level and a defence needs to be worked out from such phenomena.

10:53am

Health Secretary refuses to answer questions on NHS negligence

Jeremy Hunt was asked whether he had ignored warnings about NHS IT security as he left his house this morning.

The Health Secretary, who has been criticised over his lack of public statements over the attack, declined to answer any questions.

Hunt silent over alleged inaction on NHS systems

00:24

 

10:17am

Universities, police and petrol stations hit in China

Here’s a dispatch from Neil Connor in Beijing:

More than 4,000 educational organisations were among the 30,000 ‘institutions’ to have been paralysed by the global cyberattack, which is known as Wanna Decryptor ransomware, or WannaCry, Qihu 360, an anti-virus software firm said.

Reports in China said more than 20,000 petrol stations operated by China National Petroleum Cooperation could only process cash payments because of Internet issues over the weekend.

The National Business Daily reported on Monday that the company’s computers went down at 1pm on Saturday, with 80 percent of the systems returning to normal by midday on Sunday.

“Petro China has taken emergency measures to cope with WannaCry ransomware attacks,” a company official told the media outlet.

Chinese media also cited university students complaining about pop-ups appearing on their computers which demanded ransom payments, or else they would lose all their documents.

Wu Xingyong, an official from Yunnan Agricultural University, in south-west China, told thepaper.cn that eight students had been hit by the attack.

Other reports said breaches had occurred at Hangzhou Normal University, Shandong University and Jiangsu University in eastern China.

Beijing’s Tsinghua and Peking Universities, and Guilin University Of Electronic Technology were also affected.

Police officers in Shandong province were forced to unplug all of their computers when the cyber attack struck, reports said.

A Chinese expert criticised the United States over the breach, following suggestions by researchers that it used hacking tools developed by the US National Security Agency.

Qin An, director of the China Institute of Cyberspace Strategy, told the Global Times newspaper that the attack “again reminds the world of the great harm the US’ network hegemony and its network weapons can bring about.”

Cybersecurity is one of the most contentious issues between the US and China.

10:08am

‘Limited blood tests and no x-rays’

Patients still being turned away here at Barts in East London due to . More on @BBCNewsbeat 1245

 

10:04am

‘Significant delays’ at A&E

The Royal London Hospital in Whitechapel is continuing to report “significant delays” due to IT problems.

Outside the Royal London Hospital
Outside the Royal London Hospital CREDIT: PAUL GROVER/TELEGRAPH

 

9:55am

Surgeries turning away patients

At a GP in East London and people are being turned away. Unclear if they’re infected or if it is linked to nearby hospital issues.

This is in Barts Health area. Receptionists are saying systems are down… People getting kinda angry. https://twitter.com/iblametom/status/864039222621163520 

 

9:40am

Boris weighs in

From the Press Association:

Arriving in Brussels for a meeting of EU foreign ministers, Foreign Secretary Boris Johnson said: “Cyber-security is a huge issue for all of us in all our countries.

“It’s not specifically on the agenda today, but a huge amount of work goes on between the UK Government and all our friends and partners around Europe, and indeed in the United States, where they are now stepping up their precautions against cyber attacks of these kinds.”

9:16am

Hackers have made £33,000

Bitcoin, the digital currency that the ransomware hackers demanded payments in, is anonymous but not quite untraceable. We are able to follow transactions into the online wallets set up by the hackers.

This Twitter bot is tweeting live updates on the payments. At present, they total 24.75 bitcoins, or £33,600.

The three bitcoin wallets tied to ransomware have received 151 payments totaling 24.75899797 BTC ($42,640.91 USD).

 

8:57am

Amber Rudd to hold COBRA meeting

The Home Secretary will chair another emergency Cobra meeting to discuss the cyber attack on the NHS later today.

 

8:56am

22-year-old cyber hero revealed

The spread of the “WannaCry” ransomware was limited over the weekend after a quick-thinking IT expert registered the “kill switch” web domain found deep in the software’s code.

22-year-old Marcus Hutchins now says he is working with GCHQ to try and fend off another attack.

Marcus Hutchins has been credited with stopping the ransomware attack 
Marcus Hutchins has been credited with stopping the ransomware attack

 

8:20am

Jeremy Hunt spotted

The Health Secretary Jeremy Hunt was mysteriously silent over the weekend, with the Home Secretary Amber Rudd left to field questions about Friday’s attack and the NHS’s security.

Here’s Mr Hunt’s last tweet, for example:

Thanks for warm welcome and delicious coffee at the excellent Little Barn cafe in Elstead – great asset for community

 Mr Hunt was accused of ignoring warnings over NHS security, with many trusts running unpatched systems or continuing on Windows XP.

The Health Secretary has now been spotted leaving for work on his bicycle.

Jeremy Hunt leaving home
CREDIT: LONDON NEWS PICTURES LTD.
Jeremy Hunt leaving home
CREDIT: LONDON NEWS PICTURES LTD.

 

7:34am

Microsoft: ‘This is a wake-up call’

Embarrassingly for the US government, Friday’s attack can trace its way back to the US spy agency. The National Security Agency’s “Eternal Blue” tool, built to spy on enemy computers, helped spread the WannaCry ransomware tool by exploiting a flaw in Windows systems that had not been patched, including the obsolete Windows XP.

We need collective action to apply the lessons from last week’s cyberattack. And we need it now. https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/#sm.0001gnysbhjsod01z7q11hvz0xg2d 

The need for urgent collective action to keep people safe online: Lessons from last week’s cybera…

Early Friday morning the world experienced the year’s latest cyberattack. Starting first in the United Kingdom and Spain, the malicious “WannaCrypt” software quickly spread globally, blocking…

blogs.microsoft.com

Microsoft had released a patch in March, but many organisations had not updated, and it was not until Saturday that a patch for XP was released.

Microsoft attacked the US government on Sunday for building the Eternal Blue tool.

This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage.

An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.

The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.

7:16am

NCSC warns of further ransomware attacks

Here’s the latest from the National Cyber Security Centre:

Since the global coordinated ransomware attack on thousands of private and public sector organisations across dozens of countries on Friday, there have been no sustained new attacks of that kind.  But it is important to understand that the way these attacks work means that compromises of machines and networks that have already occurred may not yet have been detected, and that existing infections from the malware can spread within networks.

 

7:15am

Surgeries face ‘Monday meltdown’

Good morning. Patients are being warned this morning not to visit their GPs  amid fears that the fallout from the NHS cyber attack could continue.

Official advice from the health service says that patients should continue to visit surgeries if they have an appointment, but warns that services should be slower than usual and urged to seek other options if possible.

Seven out of the 47 trusts hit by last week’s attack are still seeking emergency support, NHS Digital has said.

Latest guidance for the NHS on protecting against cyber attack issued by @NHSDigital http://ow.ly/7Bzw30bIbtH 

Latest guidance for NHS on protecting against cyber attack

14 May 2017: Get the latest information and guidance from NHS Digital’s Data Security Centre on the cyber attack on the NHS on 12 May 2017.

digital.nhs.uk

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s