Monday, 29 May, 2017

Cyber attack 'wake-up call for governments — Microsoft chief

British hospitals, Spanish firms among targets of huge cyberattack 'WannaCry' Rapidly Moving Ransomware Attack Spreads to 74 Countries
Sherri Watson | 17 May, 2017, 14:22

French carmaker Renault was forced to stop production at sites in France, Slovenia and Romania, while FedEx said it was "implementing remediation steps as quickly as possible". Users are confronted with a screen demanding a $300 payment to restore their files. Seven of the 47 affected trusts were still having IT problems Monday. He added that the rate of infection has slowed over the weekend. The hackers exploited software code from the National Security Agency that leaked online. Do not enable macros, cybersecurity company Symantec says.

"When you are talking about patching with large corporations, it's not a question of do we patch or do we not patch", said John Miller, head of Threat Intelligence at security firm FireEye. But Villasenor said there is "no flawless solution" to the problem.

The full extent of the attack won't become fully clear until later today when users will inadvertently click on infected email attachments or bad link which could spread the virus.

Data privacy lawyer Edward McAndrew from Ballard Spahr told Reuters that businesses could be sued if they failed to deliver services because of the attack. Even before Friday's attack, all those who updated systems were largely protected from it. "On China's most prestigious college campuses, students reported being locked out of their final papers". Banks and other institutions had the time to update their systems.

If you are using an "obsolete" operating system like Windows XP, pay to convert to Windows 10.

"The recent attack is at an unprecedented level and will require a complex worldwide investigation to identify the culprits", it said in a statement. It then demands ransom amounts, payable in untraceable Bitcoin, that escalate as the time from infection increases, doubling after three days.

The identity of whoever deployed the software remains unknown.

When the National Security Agency lost control of the software behind the WannaCry cyberattack, it was like "the US military having some of its Tomahawk missiles stolen", Microsoft President Brad Smith says, in a message about the malicious software that has created havoc on computer networks in more than 150 countries since Friday.

Smith compared the NSA losing track of its cyber weapon to the US military having Tomahawk cruise missiles stolen.

By March, Microsoft had developed and distributed security fixes for the vulnerability.

Microsoft itself is unlikely to face legal trouble over the flaw in Windows being exploited by WannaCry, according to legal experts.

The ransomware encrypts data on the computer using an encryption key that only the attacker knows.

It's hard not to engage in a bit of victim-blaming in this situation, especially because security experts say the attacks could have been prevented.

However, a kink in the hackers' plan happened when a cyber security expert in the United Kingdom accidentally stopped the hack by registering a domain the ransomware was trying to connect to, but that doesn't mean the whole thing can't be restarted with a few code changes. Activating the domain worked as a kill switch for the malware.

Ensure that anti-virus/anti-malware is up to date and functioning.

New variants of the rapidly replicating malware were discovered Sunday.

Vernick said businesses that failed to update their software could face scrutiny from the U.S. Federal Trade Commission, which has previously sued companies for misrepresenting their data privacy measures.

Dore said companies that faced disruptions because they did not run the Microsoft update or because they were using older versions of Windows could face lawsuits if they publicly touted their cyber security.

Keep all the software on your computer up-to-date. And remember that any account can be compromised. "Stay away from file extensions like ".exe", ".vbs" and ".scr".