NSA Tools used in Major Cyber Attack: Cyber Attack hits 74 Countries; Cripples UK Hospitals

A large-scale cyber attack was launched today, hitting at least 74 countries and seriously damaging the UK’s health care system.

The attack leveraged tools developed by the US National Security Agency, which allowed the damaging code to fall into the hands of a group calling itself the Shadow Brokers. The group has been leaking classified NSA hacking tools online for the last year.

Today’s attack seriously disrupted Britain’s health system and infected at least 74 other countries throughout the world. Hospitals throughout parts of England were forced to turn away patients and cancel appointments after their computer systems became infected with the “ransomware,” which seized data and restricted access to computers.

“We are experiencing a major IT disruption, and there are delays at all of our hospitals,” said the Barts Health group, which manages major London hospitals. Routine appointments had been canceled, and ambulances were being diverted to neighboring hospitals.

Rich Barger, director of threat research at U.S.-based security research company Splunk, said: “This is one of the largest global ransomware attacks the cyber community has ever seen.”

The malware used in today’s attack encrypts computer files and drops and executes a decryptor tool. Users see a screen demanding $600 in Bitcoin.

Wannacry Ransomware screenshot

Kaspersky Lab, a Russian cybersecurity firm, said it had tracked at least 45,000 attacks throughout the day. Most of the attacks are concentrated in Russia but machines in 74 countries have been infected, including the UK, US, China, Russia, Spain, Italy and Taiwan.

Countries hit by Malware attack

Researchers at Kaspersky Lab said the attackers are using EternalBlue, the codename for the exploit made public by the hacking group Shadow Brokers.

EternalBlue is a remote code execution attack taking advantage of a SMBv1 vulnerability in Windows. Microsoft patched the vulnerability on March 14, one month before the exploit was publicly leaked. Spain’s Computer Emergency Response Team, Kaspersky Lab, and others are recommending organizations install MS17-010 immediately on all unpatched Windows machines.

The malware exploits a vulnerability widely believed by security researchers to have been developed by the National Security Agency.

Further Reading and Tips on Preparing for Cyber Threats:

2 Comments

  1. Sluggo
    May 13, 2017 at 11:10 am

    We have known about this for years and repeatedly block MS IP Addresses trying to access a couple of MS/XP boxes we have running in our lab. It was one of MS’s backdoors to your computer/personal/corporate information. Not sure if Bill shared this with the Government yet, but most likely a mutual back scratching. If this can be proven MS is in for a giant class action lawsuit.

  2. B from CA
    May 14, 2017 at 7:04 pm

    We keep progressing towards the abyss.

    The industrial revolution improved the lives of people but resulted in many negative consequences we still suffer from.
    Working in a factory with hundreds of people whom remain distant acquaintances, under harsh, sometimes oppressive conditions. I don’t think we will ever fully recover from the industrial revolution, let alone the imprisonment brought to us via the computer. I hope people will voluntarily disconnect. I believe many people are already making the transition away from digital enslavement.

Leave a Reply

Your email address will not be published.


*