This weekend’s global online extortion attack reinforces the need for businesses and other large organizations to update their computer operating systems and security software, cybersecurity experts said.

The attack largely infected networks that used out-of-date software, such as Windows XP, which Microsoft no longer offers technical support for.

“There’s some truth to the idea that people are always going to hack themselves,” said Dan Wire, a spokesman for security firm FireEye. “You’ve got to keep your systems updated.”

The attack that authorities say swept 150 countries this weekend is part of a growing problem of “ransomware” scams, in which people find themselves locked out of their files and presented with a demand to pay hackers to restore their access.

Hackers bait users to click on infected email links, open infected attachments or take advantage of outdated and vulnerable systems. This weekend’s virus was particularly virulent, because it could spread to all other computers on a network even if just one user clicked a bad link or attachment.

Lawrence Abrams, a New York-based blogger who runs BleepingComputer.com, says many organizations don’t install security upgrades because they’re worried about triggering bugs, or they can’t afford the downtime.

Here are five tips to make yourself a less-likely victim:

Make safe and secure backups

Once your files are encrypted, your options are limited. Recovery from backups is one of them. “Unfortunately, most people don’t have them,” Abrams says. Backups often are also out of date and missing critical information. With this attack, Abrams recommends trying to recover the “shadow volume” copies some versions of Windows have.

Some ransomware does also sometimes targets backup files, though.

You should make multiple backups — to cloud services and using physical disk drives, at regular and frequent intervals. It’s a good idea to back up files to a drive that remains entirely disconnected from your network.

Update and patch your systems

The latest ransomware was successful because of a confluence of factors. Those include a known and highly dangerous security hole in Microsoft Windows, tardy users who didn’t apply Microsoft’s March software fix, and malware designed to spread quickly once inside university, business and government networks. Updating software will take care of some vulnerability.

“Hopefully people are learning how important it is to apply these patches,” said Darien Huss, a senior security research engineer for cybersecurity firm Proofpoint, who helped stem the reach of the weekend attack. “I hope that if another attack occurs, the damage will be a lot less.”

The virus targeted computers using Windows XP, as well as Windows 7 and 8, all of which Microsoft stopped servicing years ago. Yet in an unusual step, they released a patch for those older systems because of the magnitude of the outbreak.

“There’s a lot of older Windows products out there that are `end of life’ and nobody’s bothered to take them out of service,” said Cynthia Larose, a cybersecurity expert at the law firm of Mintz Levin.

Use antivirus software

Using antivirus software will at least protect you from the most basic, well-known viruses by scanning your system against the known fingerprints of these pests. Low-end criminals take advantage of less-savvy users with such known viruses, even though malware is constantly changing and antivirus is frequently days behind detecting it.

Educate your workforce

Basic protocol such as stressing that workers shouldn’t click on questionable links or open suspicious attachments can save headaches. System administrators should ensure that employees don’t have unnecessary access to parts of the network that aren’t critical to their work. This helps limit the spread of ransomware if hackers do get into your system.

If hit, don’t wait and see

Some organizations disconnect computers as a precautionary measure. Shutting down a network can prevent the continued encryption — and possible loss — of more files. Hackers will sometimes encourage you to keep your computer on and linked to the network, but don’t be fooled.

If you’re facing a ransom demand and locked out of your files, law enforcement and cybersecurity experts discourage paying ransoms because it gives incentives to hackers and pays for their future attacks. There’s also no guarantee all files will be restored. Many organizations without updated backups may decide that regaining access to critical files, such as customer data, and avoiding public embarrassment is worth the cost.

Ryan O’Leary, vice president of WhiteHat Security’s threat research center, points out that this weekend’s hackers weren’t asking for much, usually about $300.

“If there is a silver lining to it, you’re not out a million dollars,” he said.

Still, “My answer is, never pay the ransom,” Abrams said. “But at the same time, I also know that if you’re someone who’s been affected and you’ve lost all your children’s photographs or you’ve lost all your data or you lost your thesis, sometimes $300 is worth it, you know?”
…

Europe’s police agency Europol says a global cyberattack has affected at least 100,000 organizations in 150 countries, with data networks infected by malware that locks computer files unless a ransom is paid.

Speaking to Britian’s ITV, Europol director Rob Wainwright said the healthcare sector in many countries is particularly vulnerable.  

So far there has been no progress reported in efforts to determine who launched the plot.

Computer security experts have assured individual computer users who have kept their PC operating systems updated that they are relatively safe.

They advised those whose networks have been effectively shut down by the ransomware attack not to make the payment demanded — the equivalent of $300, paid in the digital currency bitcoin, delivered to a likely untraceable destination that consists merely of a lengthy string of letters and numbers.  

However, the authors of the “WannaCry” ransomware attack told their victims the amount they must pay would double if they did not comply within three days of the original infection — by Monday, in most cases. And the hackers warned that they would delete all files on infected systems if no payment was received within seven days.

Avast, an international security software firm that claims it has 400 million users worldwide, said the ransomware attacks rose rapidly Saturday to a peak of 57,000 detected intrusions. Avast, which was founded in 1988 by two Czech researchers, said the largest number of attacks appeared to be aimed at Russia, Ukraine and Taiwan, but that major institutions in many other countries were affected.

‘Kill switch’ found

Computer security experts said the current attack could have been much worse but for the quick action of a young researcher in Britain who discovered a vulnerability in the ransomware itself, known as WanaCryptor 2.0.

The researcher, identified only as “MalwareTech,” found a “kill switch” within the ransomware as he studied its structure.

The “kill” function halted WanaCryptor’s ability to copy itself rapidly to all terminals in an infected system — hastening its crippling effect on a large network — once it was in contact with a secret internet address, or URL, consisting of a lengthy alphanumeric string.

The “kill” function had not been activated by whoever unleashed the ransomware, and the researcher found that the secret URL had not been registered to anyone by international internet administrators. He immediately claimed the URL for himself, spending about $11 to secure his access, and that greatly slowed the pace of infections in Britain.

Expects cautioned, however, that the criminals who pushed the ransomware to the world might be able to disable the “kill” switch in future versions of their malware.

Hackers’ key tool

WanaCryptor 2.0 is only part of the problem. It spread to so many computers so rapidly by using an exploit — software capable of burrowing unseen into Windows computer operating systems.

The exploit, known as “EternalBlue” or “MS17-010,” took advantage of a vulnerability in the Microsoft software that reportedly had been discovered and developed by the U.S. National Security Agency, which used it for surveillance activities.

NSA does not discuss its capabilities, and some computer experts say the MS17-010 exploit was developed by unknown parties using the name Equation Group (which may also be linked to NSA). Whatever its source, it was published on the internet last month by a hacker group called ShadowBrokers.

Microsoft distributed a “fix” for the software vulnerability two months ago, but not all computer users and networks worldwide had yet made that update and thus were highly vulnerable. And many computer networks, particularly those in less developed parts of the world, still use an older version of Microsoft software, Windows XP, that the company no longer updates.

The Finnish computer security firm F-Secure called the problem spreading around the world “the biggest ransomware outbreak in history.” The firm said it had warned about the exponential growth of ransomware, or crimeware, as well as the dangers of sophisticated surveillance tools used by governments.

Lesson: Update programs

With WanaCryptor and MS17-010 both “unleashed into the wild,” F-Secure said the current problem seems to have combined and magnified the worst of the dangers those programs represent.

The security firm Kaspersky Lab, based in Russia, noted that Microsoft had repaired the software problem that allows backdoor entry into its operating systems weeks before hackers published the exploit linked to the NSA, but also said: “Unfortunately it appears that many users have not yet installed the patch.”

Britain’s National Health Services first sounded the ransomware alarm Friday.

The government held an emergency meeting Saturday of its crisis response committee, known as COBRA, to assess the damage. Late in the day, Home Secretary Amber Rudd said the NHS was again “working as normal,” with 97 percent of the system’s components now fully restored.

Spanish firm Telefonica, French automaker Renault, the U.S.-based delivery service FedEx and the German railway Deutsche Bahn were among those affected.

None of the firms targeted indicated whether they had paid or would pay the hackers ransom.

 
…

Science fiction movies often contain imaginary technology. But now a real life moon rover has made it onto the big screen. Not only is it a star in a new film, but it will also play a starring role on a private mission to the moon next year. VOA’s Deborah Block has the story.
…

In what is believed to be the largest attack of its kind ever recorded, a cyberextortion attack continued causing problems Saturday, locking up computers and holding users’ files for ransom at dozens of hospitals, companies and government agencies. Businesses and computer security organizations await problems in the new workweek.

Ransomware Attack Could Herald Future Problems — Tech staffs around the world worked around the clock this weekend to protect computers and patch networks to block the computer hack whose name sounds like a pop song — “WannaCry” — as analysts warned the global ransomware attack could be just the first of a new wave of strikes by computer criminals.

Worldwide Cyberattack Spreads Further in Second Day — A cyberattack against tens of thousands of data networks in scores of countries, all infected by malware that locks computer files unless a ransom is paid, spread further in its second day Saturday, with no progress reported in efforts to determine who launched the plot.

Authorities Seek Clues On Culprits Behind Global Cyberattack — The British government said on Saturday it does not yet know who was behind a massive global cyberattack that disrupted Britain’s health care services, but Interior Minister Amber Rudd said the country’s National Crime Agency is investigating where the attacks came from.

Europol Working on Probe Into Massive Cyberattack — The European Union’s police agency, Europol, says it is working with countries hit by the global ransomware cyberattack to rein in the threat and help victims.

‘Perfect Storm’ of Conditions Helped Cyberattack Succeed — The cyberextortion attack that hit dozens of countries spread quickly and widely thanks to an unusual confluence of factors: a known and highly dangerous security hole in Microsoft Windows, tardy users who didn’t apply Microsoft’s March software fix, and a software design that allowed the malware to spread quickly once inside university, business and government networks.

Where Global Cyberattack Has Hit Hardest — A look at some of the countries and organizations hardest hit during the global cyberattack.

What Is the Digital Currency Bitcoin? — In the news now after a cyberextortion attack this weekend, bitcoin has a fuzzy history, but it’s a type of currency that allows people to buy goods and services and exchange money without involving banks, credit card issuers or other third parties.

 
…

Here is a look at some of the places hit by the global cyberattack.

European Union — Europol’s European Cybercrime Center, known as EC3, said the attack “is at an unprecedented level and will require a complex international investigation to identify the culprits.”

Britain — Britain’s home secretary said the “ransomware” attack hit one in five of 248 National Health Service groups, forcing hospitals to cancel or delay treatments for thousands of patients — even some with serious aliments like cancer.

Germany — The national railway said Saturday departure and arrival display screens at its train stations were affected, but there was no impact on actual train services. Deutsche Bahn said it deployed extra staff to help customers.

Russia — Two security firms — Kaspersky Lab and Avast — said Russia was hit hardest by the attack. The Russian Interior Ministry, which runs the country’s police, confirmed it was among those that fell victim to the “ransomware,” which typically flashes a message demanding payment to release the user’s data. Spokeswoman Irina Volk was quoted by the Interfax news agency Saturday as saying the problem had been “localized” and that no information was compromised. Russia’s health ministry said its attacks were “effectively repelled.”

United States — In the U.S., FedEx Corp. reported that its Windows computers were `”experiencing interference” from malware, but wouldn’t say if it had been hit by ransomware. Other impacts in the U.S. were not readily apparent.

Turkey — The head of Turkey’s Information and Communication Technologies Authority or BTK says the nation was among those affected by the ransomware attack. Omer Fatih Sayan said the country’s cyber security center is continuing operations against the malicious software.

France — French carmaker Renault’s assembly plant in Slovenia halted production after it was targeted. Radio Slovenia said Saturday the Revoz factory in the southeastern town of Novo Mesto stopped working Friday evening to stop the malware from spreading.

Brazil — The South American nation’s social security system had to disconnect its computers and cancel public access. The state-owned oil company Petrobras and Brazil’s Foreign Ministry also disconnected computers as a precautionary measure, and court systems went down, too.

Spain — The attack hit Spain’s Telefonica, a global broadband and telecommunications company.
…

Tech staffs around the world worked around the clock this weekend to protect computers and patch networks to block the computer hack whose name sounds like a pop song — “WannaCry” — as analysts warned the global ransomware attack could be just the first of a new wave of strikes by computer criminals.

The United States suffered relatively few effects from the ransomware that appeared on tens of thousands of computer systems across Europe and into Asia, beginning Friday. Security experts remained cautious, however, and stressed there was a continuing threat.

In contrast to reports from several European security firms, a researcher at the Tripwire company on the U.S. West Coast said late Saturday that the attack could be diminishing.

“It looks like it’s tailing off,” said Travis Smith of Tripwire.

“I hope that’s the case,” Smith added. The Oregon firm protects large enterprises and governments from computer security threats.

Ransomware attack

The code for the ransomware unleashed Friday remains freely available on the internet, experts said, so those behind the WannaCry attack — also known as WanaCryptor 2.0 and a variety of other names — could launch new strikes in coming days or weeks. Copycat attacks by other high-tech criminals also are possible.

“We are not out of the woods yet,” said Gary Davis, chief consumer security evangelist at McAfee, the global computer security software company in Santa Clara, California. “We think it’s going to be the footprint for other kinds of attacks in the future.”

The attack hit scores of countries — more than 100, by some experts’ count — and infected tens of thousands of computer networks.

Industry reports indicate Russia, Taiwan, Ukraine and Britain were among the countries hit hardest, and more hacking reports can be expected when offices reopen for the new workweek Monday or, in some parts of the world, Sunday.

One of the weapons used in the current attack is a software tool reportedly stolen from the U.S. National Security Agency and published on the internet by hackers last month.

The tool affords hackers undetected entry into many Microsoft computer operating systems, which is what they need to plant their ransomware. However, Microsoft issued patches to fix that vulnerability in its software weeks ago that could greatly reduce the chances of intrusion.

Outdated operating systems

The crippling effects of WannaCry highlight a problem that experts have long known about, and one that appears to have hit developing countries harder.

Some organizations are more vulnerable to intrusion because they use older or outdated operating systems, usually due to the cost of upgrading software or buying modern hardware needed to install better-protected operating systems. Companies like Microsoft eventually stop updating or supporting older versions of their software, so customers using those programs do not receive software patches or security upgrades.

Much of the ransomware’s spread around the world occurred without any human involvement. The WannaCry malware self-propagates, copying itself to all computers on a network automatically.

When a demand for ransom payments appears on a user’s screen — $300 at first, doubling to $600 in a few days — it’s usually too late: All files on that computer have been encrypted and are unreadable by their owners.

The hackers said they would reverse the effect of their software once they received the payments they demanded.

Microsoft patched the “hole” in the newest versions of its operating software — Windows 10 for most home users — in March, three weeks before the stolen NSA exploit software was published on the internet. Since Friday, the company dropped its refusal to update old versions of its programs and issued patches specifically written for use in Windows XP and several other systems.

Microsoft declined a request for an interview, but a statement on the company’s blog said: “Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. We are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003.”

“A lot of people in the security community were impressed with Microsoft’s speed, but it highlights an ongoing challenge we have,” said Stephen Cobb, a senior security researcher with ESET, a global security software company. “If a malicious code outbreak breaks out tomorrow, and targets unsupported operating systems, Microsoft may have to go there again.”
…

The British government said on Saturday it does not yet know who was behind a massive global cyberattack that disrupted Britain’s health care services and targeted vital computer systems in as many as 100 other countries.

British Interior Minister Amber Rudd said Britain’s National Cyber Security Center was working with the country’s health service to ensure the attack that began Friday was contained and limited.

She said Britain’s National Crime Agency was still working with her ministry to find out where the attacks came from and that the British government did not know if the attacks had been directed by a foreign government.

What appeared to be the biggest cyberextortion attack in history exploited a vulnerability in Microsoft Windows that was identified in leaked documents by the U.S. National Security Agency earlier this year.

With more than 75,000 attacks launched on Friday, cybercrime experts around the world were investigating a concentration of attacks in Russia, Ukraine, and India — countries where the use of older, unpatched versions of Microsoft Windows is widespread.

The hackers attempt to trick victims into opening malicious attachments to spam e-mails by saying they contained invoices, job offers, security warnings, and other seemingly legitimate files.

The extortionists demand payments of $300 to $600 to restore access once computers are crippled by the scam. Cybersecurity firms said criminal organizations were probably behind the attack.

Russia’s Interior Ministry, Emergencies Ministry, and biggest bank, Sberbank, were all targeted, officials said.

The Interior Ministry said on its website that around 1,000 computers had been infected, but it had localized the virus. Russia’s Investigative Committee denied reports that it was attacked.

Russia’s Health Ministry and Emergencies Ministry told Russian news agencies that they had repelled the cyberattacks, while Sberbank said its cybersecurity arrangements had prevented viruses from entering its systems.

Russia’s Central Bank said Saturday that it detected massive cyberattacks on domestic banks, but the resources of the Central Bank itself were “not compromised.”

Megafon, a top Russian mobile operator, said it had come under attacks that appeared similar to those that crippled U.K. hospitals. A spokesman said mobile communications weren’t affected but the attacks interrupted the work of its call centers.

Hospitals ‘Crippled’

Spain and the United Kingdom were hit particularly hard. Hospitals across Britain found themselves without access to their computers or phone systems. Many canceled routine procedures and asked patients not to come to the hospital unless it was an emergency. 

British Prime Minister Theresa May said that, while some hospitals were crippled, there was no evidence patient data had been compromised.

Spain’s giant Telefonica telecommunications company was hit, prompting Spanish authorities to take measures to protect critical infrastructure in transportation, energy, telecommunications, and financial services.

Only a small number of U.S. organizations were hit because the hackers appear to have begun their campaign in Europe, cybersecurity firms said.

By the time the hackers turned their attention to the United States, spam filters had identified the new threat and flagged the ransomware-laden emails as malicious.

The security holes exploited by the hackers were disclosed several weeks ago by TheShadowBrokers, a mysterious group that has published what it says are hacking tools used by the White House security agency as part of U.S. intelligence-gathering.

Microsoft said it was pushing out automatic Windows updates to defend clients from the virus.

Some material for this article came from AP, BBC, AFP, Reuters, Tass and Interfax.
…