“The attack was widespread and cost billions, and North Korea is directly responsible,” Tom Bossert, homeland security adviser to President Donald Trump, wrote in a piece published on Monday night in the Wall Street Journal.

“North Korea has acted especially badly, largely unchecked, for more than a decade, and its malicious behavior is growing more egregious,” Bossert wrote. “WannaCry was indiscriminately reckless.”

The White House was expected to follow up on Tuesday with a more formal statement blaming Pyongyang, according to a senior administration official.

The U.S. government has assessed with a “very high level of confidence” that a hacking entity known as Lazarus Group, which works on behalf of the North Korean government, carried out the WannaCry attack, said the official, who spoke on condition of anonymity to discuss details of the government’s investigation.

Lazarus Group is widely believed by security researchers and U.S. officials to have been responsible for the 2014 hack of Sony Pictures Entertainment that destroyed files, leaked corporate communications online and led to the departure of several top studio executives.

North Korean government representatives could not be immediately reached for comment. The country has repeatedly denied responsibility for WannaCry and called other allegations about cyber attacks a smear campaign.

Washington’s public condemnation does not include any indictments or name specific individuals, the administration official said, adding the shaming was designed to hold Pyongyang accountable for its actions and “erode and undercut their ability to launch attacks.”

The accusation comes as worries mount about North Korea’s hacking capabilities and its nuclear weapons program.

‘PATTERN OF MISBEHAVING’

Many security researchers, including the cyber firm Symantec , as well as the British government, have already concluded that North Korea was likely behind the WannaCry attack, which quickly unfurled across the globe in May to infect more than 300,000 computers in 150 countries.

Considered unprecedented in scale at the time, WannaCry knocked British hospitals offline, forcing thousands of patients to reschedule appointments and disrupted infrastructure and businesses around the world.

The attack originally looked like a ransomware campaign, where hackers encrypt a targeted computer and demand payment to recover files. Some experts later concluded the ransom threat may have been a distraction intended to disguise a more destructive intent.

FedEx’s computer networks were among the most heavily hit. The international shipper said in September it expected to sustain a $300 million profit hit as a result of the attack.

Some researchers have said they believed WannaCry was deployed accidentally by North Korea as hackers were developing the code. The senior administration official declined to comment about whether U.S. intelligence was able to discern if the attack was deliberate.

“What we see is a continued pattern of North Korea misbehaving, whether destructive cyber attacks, hacking for financial gain, or targeting infrastructure around the globe,” the official said.

WannaCry was made possible by a flaw in Microsoft’s Windows software, which was discovered by the U.S. National Security Agency and then used by the NSA to build a hacking tool for its own use.

In a devastating NSA security breach, that hacking tool and others were published online by the Shadow Brokers, a mysterious group that regularly posts cryptic taunts toward the U.S. government.

The fact that WannaCry was made possible by the NSA led to sharp criticism from Microsoft President Brad Smith and others who believe the NSA should disclose vulnerabilities it finds so that they can be fixed, rather then hoarding that knowledge to carry out attacks.

Smith said WannaCry provided “yet another example of why the stockpiling of vulnerabilities by governments is such a problem.”

U.S. officials have pushed back on those assertions, saying the administration discloses most computer flaws that government agencies detect.

Last month, the White House published its rules for deciding whether to disclose cyber security flaws or keep them secret as part of an effort to be more transparent about the inter-agency process involved in weighing disclosure.

The post U.S. blames North Korea for ‘WannaCry’ cyber attack appeared first on Citi 97.3 FM - Relevant Radio. Always.

The first weekend camp for offenders was held in Bristol this month as part of the National Crime Agency’s (NCA) work with young computer criminals.

Attendees learned about the responsible use of cyber-skills and got advice about careers in computer security.

If the trial proves successful, it will be rolled out across the UK.

The people picked to attend the residential weekend were known to police because they had been caught carrying out one or more computer crimes, said Ethan Thomas, an operations officer in the NCA’s Prevent team, which engages with young cyber-offenders.

‘Attacks, attacks, attacks’

Hundreds of fledgling cyber-criminals have been contacted by the NCA as part of its Prevent work. Some received letters warning them that their online activity had been spotted and some were visited at home by officers.

The seven young men attending the weekend camp had gone further than many the NCA is aware of. They had either been arrested, visited by officers because they were spotted using tools or techniques that break UK computer misuse laws or been cautioned by police because of offences committed at school.

They had been caught defacing websites, knocking servers offline and carrying out hack attacks that let them take over restricted networks.

One attendee said an early fascination with numbers and his accidental “hack” of a primary school network that locked everyone out of the system, got him hooked on computers.

The skills he built up were put to malicious use later on, he said, because they were a way to escape the bullying he suffered at school.

He used technical vulnerabilities to break into networks by exploiting vulnerabilities and used psychological tricks, known as social engineering, to force people to cough up details that helped him burrow further in.

“I manipulated people’s feelings and thoughts to my own advantage,” he said. “It was all attacks, attacks, attacks and nothing on the good side.”

One attack on a company website was done just for “mischief” but left the organisation behind it with a hefty bill as it struggled to recover.

“I didn’t mean to do it,” said the young man. “I had no intention to cause harm.”

The investigation into the attack led police to the teenager, who was then arrested. He was given a two-year suspended sentence along with a series of other conditions – one of which was to attend the weekend rehab event.

–

Source: BBC

The post Rehab camp aims to put young cyber-crooks on right track appeared first on Citi 97.3 FM - Relevant Radio. Always.

The malicious program demanded a payment to unlock files it scrambled on infected machines.

However, a growing number of researchers now believe the program was launched just to destroy data.

Experts point to “aggressive” features of the malware that make it impossible to retrieve key files.

Cashing out

Matt Suiche, from security firm Comae, described the variant as a “wiper” rather than straight-forward ransomware.

“The goal of a wiper is to destroy and damage,” he wrote, adding that the ransomware aspect of the program was a lure to generate media interest.

Although the Petya variant that struck this week has superficial similarities to the original virus, it differs in that it deliberately overwrites important computer files rather than just encrypting them, he said.

Mr Suiche wrote: “2016 Petya modifies the disk in a way where it can actually revert its changes, whereas, 2017 Petya does permanent and irreversible damages to the disk.”

Anton Ivanov and Orkhan Mamedov from Russian security firm Kaspersky Lab agreed that the program was built to destroy rather than generate funds.

“It appears it was designed as a wiper pretending to be ransomware,” they said.

Their analysis of the malware revealed that it had no way to generate a usable key to decrypt data.

“This is the worst case news for the victims,” they said. “Even if they pay the ransom they will not get their data back.”

A veteran computer security researcher known as The Grugq said the “poor payment pipeline” associated with the variant lent more weight to the suspicion that it was more concerned with data destruction than cashing out.

“The real Petya was a criminal enterprise for making money,” he wrote. “This is definitely not designed to make money.”

The Bitcoin account associated with the malware has now received 45 payments from victims who have paid more than $10,000 (£7,785) into the digital wallet.

The email account through which victims are supposed to report that they have paid has been closed by the German firm hosting it – closing off the only supposed avenue of communication with the malware’s creators.

Remote controls

Organisations in more than 64 countries are now known to have fallen victim to the malicious program.

The latest to come forward is voice-recognition firm Nuance. In a statement it said”portions” of its internal network had been affected by the outbreak. It said it had taken measures to contain the the threat and was working with security firms to rid itself of the infection.

The initial infection vector seems to be software widely used in Ukraine to handle tax payments and about 75% of all infections caused by this Petya variant have been seen in the country.

A government spokesman for Ukraine blamed Russia for starting the attack.

“It’s difficult to imagine anyone else would want to do this,” Roman Boyarchuk, head of Ukraine’s cyber-protection centre told technology magazine Wired.

Computer security researcher Lesley Carhart said the malware hit hard because of the way it travelled once it evaded digital defences.

Ms Carhart said the malware abused remote Windows administration tools to spread quickly across internal company computer networks.

“I’m honestly a little surprised we haven’t seen worms taking advantage of these mechanisms so elegantly on a large scale until now,” she wrote.

Using these tools proved effective, she said, because few organisations police their use and, even if they did, acting quickly enough to thwart the malware would be difficult.

The success of the Petya variant would be likely to encourage others to copy it, she warned.

“Things are going to get worse and the attack landscape is going to deteriorate,” said Ms Carhart.

–

Source: BBC

The post Cyber-attack was about data and not money, say experts appeared first on Citi 97.3 FM - Relevant Radio. Always.

The creation of a single file can stop the attack from infecting a machine.

However, researchers have not been able to find a so-called kill switch that would prevent the crippling ransomware from spreading to other vulnerable computers.

Experts are still unsure about the attack’s origins or its real purpose.

Given that the ransom amount – $300 – was relatively small, some are speculating that the attack may be a front for causing wider disruption or making a political statement.

Among the victims of the attack were the Ukrainian central bank, Russian oil giant Rosneft, British advertising firm WPP and the global law firm DLA Piper.

Also caught up in the attack was at least one hospital in the US city of Pittsburgh.

A perfc solution

But for those concerned about the attack there appears to be fix, albeit one with limited effectiveness.

By creating a read-only file – named perfc – and placing it within a computer’s “C:\Windows” folder, the attack will be stopped in its tracks.

An explanation of how to do this has been posted by security news website Bleeping Computer and has been backed up by several other security experts.

However, while this method is effective, it only protects the individual computer the perfc file is placed on. Researchers have so far been unable to locate a kill switch that would disable the ransomware attack entirely.

“Even though it will make a machine ‘immune’,” explained computer scientist Prof Alan Woodward, “It is still a ‘carrier’ (to use the biological analogy).

“It will still act as a platform to spread the ransomware to other machines on the same network.”

For the vast majority of users, simply running an up-to-date version of Windows will be sufficient to prevent the attack taking hold, were it to infect your PC.

The spread of this new ransomware is likely to be much slower than last month’s WannaCry attack, researchers predict, as code analysis showed the new attack did not attempt to spread itself beyond the network it was placed on.

Because of this, several experts are predicting that the attack will not spread significantly further than it did on Tuesday, unless it is modified.

“There is low risk of new infections more than one hour after the attack,” suggested the MalwareTech blog.

MeDoc fear

So how did it spread? Experts from Cisco’s Talos intelligence unit said it believed the attack may have been carried out by exploiting vulnerable accounting software.

“We believe it is possible that some infections may be associated with software update systems for a Ukrainian tax accounting package called MeDoc,” the company said in a blog post.

MeDoc initially posted an update to its website on Tuesday saying, in Russian, “Attention! Our server made a virus attack” – though this was later removed, and the company has since denied its software was exploited.

As reported on Tuesday, the method by which victims can pay the ransom fee has been rendered useless. An email address provided by the criminals has been shut down by the hosting provider, while the Bitcoin wallet – where ransoms are deposited – has not been touched.

At the time of writing, the wallet contains approximately $8,000-worth of Bitcoin, not a large return for such a significant and widespread attack.

These factors contribute to a now-prevailing theory that this was a politically motivated attack on Ukraine, coming as it did just as the country is set to celebrate its Constitution Day.

“This looks like a sophisticated attack aimed at generating chaos, not money,” said Prof Woodward.

–

Source: BBC

The post ‘Vaccine’ created for huge cyber-attack appeared first on Citi 97.3 FM - Relevant Radio. Always.

However staff beginning the working week have been told to be careful.

The WannaCry ransomware started taking over users’ files on Friday, demanding $300 (£230) to restore access.

Hundreds of thousands of computers have been affected so far. Computer giant Microsoft said the attack should serve as a wake-up call.

BBC analysis of three accounts linked to the ransom demands suggests only about $38,000 (£29,400) had been paid by Monday morning.

However, the ransomware warning said that the cost would double after three days, so the payments may increase.

It threatens to delete files within seven days if no payment is made.

Among the organisations targeted worldwide have been Germany’s rail network Deutsche Bahn, Spanish telecommunications operator Telefonica, US logistics giant FedEx and Russia’s interior ministry.

How has Monday been so far?

Many firms employed experts over the weekend to try to prevent new infections.

The picture now appears better in Europe.

Senior spokesman for Europol, Jan Op Gen Oorth, told Agence France-Presse: “The number of victims appears not to have gone up and so far the situation seems stable in Europe, which is a success.

–

Source: BBC

The post WannaCry ransomware cyber-attacks slow but fears remain appeared first on Citi 97.3 FM - Relevant Radio. Always.

It blamed governments for storing data on software vulnerabilities which could then be accessed by hackers.

It says the latest virus exploits a flaw in Microsoft Windows identified by, and stolen from, US intelligence.

There are fears of more “ransomware” attacks as people begin work on Monday, although few have been reported so far.

Many firms have had experts working over the weekend to prevent new infections. The virus took control of users’ files and demanded $300 (£230) payments to restore access.

The spread of the virus slowed over the weekend but the respite might only be brief, experts have said. More than 200,000 computers have been affected so far.

But on Monday South Korea said just nine cases of ransomware had been found, giving no further details.

Australian officials said so far only three small-to-medium sized businesses had reported being locked out of their systems while New Zealand’s ministry of business said a small number of unconfirmed incidents were being investigated.

In Japan, both Nissan and Hitachi reported some units had been affected, while in China energy giant PetroChina said that at some petrol stations customers had been unable to use its payment system.

‘Like stealing Tomahawks’

A statement from Microsoft president and chief legal officer Brad Smith on Sunday criticised the way governments store up information about security flaws in computer systems.

“We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world,” he wrote.

“An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen.”

He added: “The governments of the world should treat this attack as a wake-up call.”

The organisation also said that many organisations had failed to keep their systems up to date, allowing the virus to spread.

Microsoft said it had released a Windows security update in March to tackle the problem involved in the latest attack, but many users were yet to run it.

“As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems,” Mr Smith said.

–

Source: BBC

The post Ransomware cyber-attack a wake-up call – Microsoft warns appeared first on Citi 97.3 FM - Relevant Radio. Always.

He told the BBC the act was “unprecedented in its scale” and warned more people could find themselves affected on Monday morning.

The virus took control of users’ files, demanding payments; Russia and the UK were among the worst-hit countries.

Experts say another attack could be imminent and have warned people to ensure their security is up to date.

Mr Wainwright said that the ransomware was being combined with a worm application allowing the “infection of one computer to quickly spread across the networks”.

He added: “That’s why we’re seeing these numbers increasing all the time.”

Although a temporary fix earlier slowed the infection rate, the attackers had now released a new version of the ransomware, he said.

Companies need to make sure they have updated their systems and “patched where they should” before staff arrived for work on Monday morning, the EU law enforcement agency head said.

What occurred was an “indiscriminate attack across the world on multiple industries and services”, he said, including Germany’s rail network Deutsche Bahn, Spanish telecommunications operator Telefonica, US logistics giant FedEx and Russia’s interior ministry.

However, Mr Wainwright said that so far “remarkably” few payments had been made by victims of the attack.

BBC analysis of three accounts linked with the global attack suggests the hackers have been paid the equivalent of £22,080.

–

Sport: BBC

The post Ransomware cyber-attack threat escalating – Europol appeared first on Citi 97.3 FM - Relevant Radio. Always.

UK security researcher “MalwareTech”, who helped to limit the ransomware attack, predicted “another one coming… quite likely on Monday”.

The virus, which took control of users’ files, spread to 100 countries, including Spain, France and Russia.

In England, 48 NHS trusts fell victim, as did 13 NHS bodies in Scotland.

Some hospitals were forced to cancel procedures and appointments, as ambulances were directed to neighbouring hospitals free from the computer virus.

UK Home Secretary Amber Rudd said on Saturday that the problem was largely resolved but that “there’s always more” that could be done to protect against computer viruses.

After taking computers over, the virus displayed messages demanding a payment of $300 (£230) in virtual currency Bitcoin to unlock files and return them to the user.

BBC analysis of three accounts linked with the global attack suggests the hackers have already been paid the equivalent of £22,080.

MalwareTech, who wants to remain anonymous, was hailed as an “accidental hero” after registering a domain name to track the spread of the virus, which actually ended up halting it.

The 22-year-old told the BBC: “It’s very important that people patch their systems now.

“We have stopped this one, but there will be another one coming and it will not be stoppable by us.

“There’s a lot of money in this. There’s no reason for them to stop. It’s not really much effort for them to change the code and then start over.

“So there’s a good chance they are going to do it… maybe not this weekend, but quite likely on Monday morning.”

On Sunday he warned hackers could upgrade the virus to remove the “kill switch” that helped to stop it.

“Version 1 of WannaCrypt was stoppable but version 2.0 will likely remove the flaw. You’re only safe if you patch ASAP,” he tweeted.

–

Source: BBC

The post Next cyber-attack could be imminent, warn experts appeared first on Citi 97.3 FM - Relevant Radio. Always.