ICYMI: WannaCry - NHS hit; Round 2? who to blame?; predecessor; MalwareTech


In Case You Missed it: WannaCry global ransomware attack freezes NHS, Apportioning blame, Backgound and precedents, Saving the day

Hospitals turn patients away as NHS caught up in global ransomware attack

A combination of WannaCrypt0r and the EternalBlue exploit harvested from the NSA is forcing the closure of networks around the world including many NHS trusts in the UK.

The National Health Service in the UK has been caught up in a wave of ransomware infections that has infected over 200,000 computers worldwide.

A total of 40 NHS trusts across the UK have confirmed they are dealing with outbreaks of WannaCrypt0r 2.0.

Security experts are blaming the rapid spread of WannaCrypt0r on the fact that the attackers have packaged the malware with EternalBlue. EternalBlue is a worm developed by the National Security Administration (NSA) in the US to exploit a vulnerability in Microsoft SMB.  More....

WannaCry Update - who is to blame and are we facing round two?

By this morning it was reported that at least 200,000 computers in some 150 countries had been hit by the WannaCrypt0r 2.0 ransomware which struck last Friday, using the EternalBlue exploit to leverage the MS17-010 vulnerability in Microsoft operating systems. However, Ciaran Martin, CEO of the NCSC announced on BBC news at lunchtime that there had been no new infections, that the impact was at the lower end of expectations, and no second wave attack had yet happened.

In the UK over the weekend 48 National Health Service (NHS) trusts in England plus 13 in Scotland reported problems at hospitals, doctor surgeries or pharmacies. Meanwhile, the Spanish telecommunications operator Telefonica, Russia's Interior Ministry and Sberbank, Germany's Deutsche Bahn rail network, French carmaker Renault, plus FedEx in the US were also hit.

The current spread is being logged on the following map. More....

WannaCry in the NHS: who takes responsibility?

According to the Guardian newspaper, leader of the Labour party, Jeremy Corbyn, has expressed anger the Conservative government failed to renew a £5.5 million cyber-security deal with Microsoft over a year ago.

Last year a billion pounds had been taken out of infrastructure in order to plug wider funding gaps in the NHS. According to figures seen by HSJ, more than £3 billion is set to be moved from an NHS investment fund elsewhere by 2020, part of which is spent on the NHS' IT infrastructure, to help fill funding gaps elsewhere in the NHS.

Another prominent IT security commentator writing on LinkedIn but asking not to be attributed, pointed the finger at IT security vendors. He writes: “Had the software vendors not charged over the odds for their software, had the IT consultants not tried to rip them off, would the NHS have been able to move off their legacy IT solutions and therefore into a patchable environment and kept themselves in a safer IT environment? I think some blame has to lie with the IT vendors who see government services such as education and healthcare as a cash cow and charge over-the-odds for  services.” More...

WannaCry not first to exploit NSA EternalBlue, DoublePulsar malware

There is no honour among thieves – nor it appears, originality. WannaCry was not the first malware to exploit EternalBlue, the exploit written by the NSA to take advantage of the Microsoft SMB vulnerability.

According to the researchers who discovered it, this previously unknown infection may be bigger than WannaCry and be earning its masters thousands of dollars a day. Proofpoint has discovered that another cyber-criminal group is using EternalBlue and DoublePulsar to install a cryptocurrency miner called Adylkuzz.  More...

 How WannaCry crippled the NHS and a security researcher brought it back

Into the breach: how a security researcher and other cyber-security experts working together and alone stopped a virulent strain of malware in its tracks.

Marcus Hutchins, 22, who lives and works in Devon, was identified by a national newspaper as the man behind the twitter handle MalwareTech. MalwareTech is credited with shutting down the WannaCry ransomware attack by registering a specific domain name.

He said in his blog that he didn't expect it to have such a dramatic effect on the malware and that his primary interest was in gathering more data on WannaCry and the people behind it. The domain – iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[dot]com – is just one of thousands that he has registered while studying malware.  More....

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews