According to the Washington Post, it was reported that hackers attacked the National Health Service (NHS), causing the entire system to be shut down. The patient was told to stay at home, doctors and nurses were unable to access e-mail or medical records and must be manually recorded.
WannaCrypt0r
Blackmail is ransom and is paid in virtual currency. But on the 12th afternoon, it was clear that the cyber attack was not limited to the UK. Companies and institutions in 99 countries reported similar attacks, and many networks were largely paralyzed. There may be many details are not clear, but we summarize the current global outbreak of the computer blackmail virus the latest information:
- How does malicious blackmail work?
As its name suggests, it is like a kidnapping of human placards ransom. Once your computer is infected, you will find two things: first, your files will be encrypted or converted into other languages that only hackers can decrypt. Second, you often do not know that you have become an attack target until you open the file.
According to the devastating version appeared on the 12th, this malware can lock your entire system. In the outbreak of the British attack, the computer screen shows: the attacker needs to pay the value of 300 US dollars of the bit currency, in exchange for the file to unlock the decryption key. The attacker has three days to consider whether to pay the ransom, 3 days after the ransom amount doubled. The attack was similar to that of the Los Angeles hospital a month ago when the hospital was forced to pay $ 17,000 in ransom and hackers set up a helpline to answer questions about the ransom.
The attack relies on the so-called Wanna Decryptor, which is also known as WannaCry or WCRY. These attacks are particularly difficult to find, mainly because hackers are always adjusting them. Wanna Decryptor has only been applied for weeks and has just gone through an upgrade. The NHS’s blackmail attack looks like WannaCry. The same malware also attacked Telefonica and other large organizations in Spain.
- How is the computer infected
Many ways. If you download infected software or PDF files, hackers can put extortion software into your system. They can also use phishing emails, or send you infected sites directly.
In this case, the hacker sends the compressed file attachment in the e-mail message. When the victim clicks, their computer will be infected. But the attack can not be blocked, extortion software through the hospital or the company’s computer network spread. “When malware gets a foothold in your system, other users will start running the software,” said Clifford Neuman, head of the Computer Systems Security Center at the University of Southern California.
- Does it have anything to do with Snowdon?
We are not sure, but it seems that hackers seem to take advantage of the Microsoft operating system vulnerabilities. As early as a few months ago, Microsoft had known the vulnerability and released the patch, but many companies or organizations seem to update the operating system is too slow, because they must assess the impact of updates on other software. In addition, Microsoft is aware of this vulnerability because it has been the US National Security Agency (NSA) contractor Edward Snowden (Edward Snowden) used. Obviously, the US intelligence agencies themselves have used this loophole.
- Who is the attack behind the black hand?
Investigators are looking for clues, but so far they have limited knowledge of the development of this malware behind the scenes. They think it may be from criminals, but no foreign forces involved. Investigators have learned that the original hacking tool was leaked by an organization named Shadow Brokers who exposed NSA’s stolen tools online. But it is not clear what Shadow Brokers is in the end, and whether or not their hackers have launched an attack.
- Who is the most important?
(Yellow is the affected country, while the red is considered to be the most important, including Russia and Ukraine)
The UK NHS is one of the main victims of Wanna Decryptor malware. In the UK, more than 40 hospitals and medical institutions are affected, and many medical staff computers are locked and can not access patient medical records, appointment schedules or internal e-mails. The impact is very large, the hospital has warned patients to stay at home, unless the emergency medical situation. Hospitals in Scotland and Wales are also affected. But investigators quickly realized that NHS was not the only (even deliberate) victim. The scope of the attack is quite extensive and many companies and institutions in the UK are affected.
At the same time, the Spanish intelligence agency NCC claimed to be “large-scale extortion attacks.” In Telefonica, a Spanish telecommunications company in Madrid, security staff asked all employees to shut down their computers and stay offline.
In addition, the British “Independent” reported that the attack throughout the world, including Portugal, Turkey, Indonesia, Vietnam, Japan, Germany and Russia. The target is not limited to NHS, “said Travis Farral, director of security strategy at Anomali Labs, a network security company.” Spain and Russia seem to be the most important. ”
To the 12th afternoon, the United States FedEx also confirmed that its system became the victim of extortion attacks.
6, how to seize the attackers?
It is difficult, but not impossible, to track an attacker in such an attack. One way is to track the ransom, and it is possible to track the whereabouts of the bitcoin. “Although some people may think that this tracking is very viable because you can see the flow of funds through the bitcover system, but that does not mean that you can eventually know,” said Newman, director of the Computer Systems Security Center at the University of Southern California. Who have a lot of different ways to hide the information. ”
Experts are also using the search code itself as a clue. Every hacker is writing code in a different way, and it’s like a note.
7, can i make sure the computer is safe?
First, you need to back up your hard drive. In any case, you should always back up to prevent the computer from crashing. But if your computer is attacked, with backup, you may not need to pay ransom can retrieve the data.
Second, if you run the company, you will back up all the computer data in the office and develop an emergency plan for the crash of the computer system. In addition, you also need to carefully set up the network so that most users can not access your system. For extortion attacks, this makes infection more difficult. Finally, make sure your users are vigilant against such attacks.
Subscribe to our mailing list to get the updates to your email inbox...
0 comments: