England’s healthcare system came under a withering cyberattack Friday morning, with ” at least 25 ” hospitals across the country falling prey to ransomware that locked doctors and employees out of critical systems and networks. The UK government now reports that this is not a (relatively) isolated attack but rather a single front in a massive regionwide digital assault. #nhscyberattack pic.twitter.com/SovgQejl3X — gigi.h (@fendifille) May 12, 2017 The attack has impacted hospitals and transportation infrastructure across Europe, Russia and Asia. Organizations in dozens of countries have all been hit with the same ransomware program, a variant of the WannaCry virus, spouting the same ransom note and demanding $300 for the encryption key, with the demand escalating as time passes. The virus’s infection vector appears to through a known vulnerability, originally exploited and developed by the National Security Agency. That information was subsequently leaked by the hacking group known as Shadow Broker which has been dumping its cache of purloined NSA hacking tools onto the internet since last year. The virus appears to have originally spread via email as compressed file attachment so, like last week’s Google Docs issue, make sure you confirm that you email’s attachments are legit before clicking on them. Also, make sure your computers are using software that’s still receiving security updates, and that you’ve installed the latest updates available. Microsoft released a fix for the exploit used as a part of its March “Patch Tuesday” release, but unpatched Windows systems remain vulnerable. Update : Reuters reports a statement from Microsoft indicating that engineers have added detection and protection against the “Ransom:Win32.WannaCrypt” malware, so make sure your Windows Defender or other antivirus is updated before logging on to any corporate networks that may be infected. In a statement, a FedEx representative confirmed its systems are being impacted, saying “Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware. We are implementing remediation steps as quickly as possible. We regret any inconvenience to our customers.” Source: New York Times
Read the original:
‘WannaCry’ ransomware attack spreads worldwide (update)
An anonymous reader writes: The Necurs botnet has been harnessed to fling a new strain of ransomware dubbed “Jaff”. Jaff spreads in a similar way to the infamous file-encrypting malware Locky and even uses the same payment site template, but is nonetheless a different monster. Attached to dangerous emails is an infectious PDF containing an embedded DOCM file with a malicious macro script. This script will then download and execute the Jaff ransomware. Locky — like Jaff — also used the Necurs botnet and a booby-trapped PDF, security firm Malwarebytes notes. “This is where the comparison ends, since the code base is different as well as the ransom itself, ” said Jerome Segura, a security researcher at Malwarebytes. “Jaff asks for an astounding 2 BTC, which is about $3, 700 at the time of writing.” Proofpoint reckons Jaff may be the work of the same cybercriminals behind Locky, Dridex and Bart (other nasty malware) but this remains unconfirmed. And Forcepoint Security Labs reports that malicious emails carrying Jaff are being cranked out at a rate of 5 million an hour on Thursday, or 13 million in total at the time it wrote up a blog post about the new threat. Read more of this story at Slashdot.