WannaCry Ransomware: all the updates on the cyberattack – The Verge

US declares North Korea the culprit behind devastating WannaCry ransomware attack

2017-12-18T20:14:54-05:00

The US has declared North Korea the perpetrator of the widespread and financially devastating WannaCry ransomware cyberattack that rapidly spread across the globe in May, hitting hospitals, companies, and other critical institutions in countries around the world. The announcement came in the form of an op-ed in The Wall Street Journal authored by President Donald Trump's Homeland Security Advisor, Thomas Bossert.

News of the administration's announcement was reported earlier today by The Washington Post, which reports that the White House will be issuing a formal statement tomorrow. It was reported back in June that the US National Security …

Read the full story at The Verge.

The NSA reportedly believes North Korea was responsible for WannaCry ransomware attacks

2017-06-14T20:29:18-04:00

North Korea increasingly appears to have been behind the ransomware attack that infected hundreds of thousands of computers last month and shut down hospitals, businesses, and other systems in the process.

The Washington Post is now reporting that the US National Security Agency believes with "moderate confidence" that the ransomware, called WannaCry, came from hackers sponsored by North Korea's spy agency. The report isn't public, but the Post says the assessment has been distributed within the agency.

The connection was much weaker last month

North Korea was first linked to WannaCry last month. Several cybersecurity researchers, including …

Read the full story at The Verge.

Windows XP computers were mostly immune to WannaCry

2017-05-30T13:45:19-04:00

Windows XP isn't as vulnerable to the WannaCry ransomware as many assumed, according to a new report from Kryptos research. The company's researchers found that XP computers hit with the most common WannaCry attack tended to simply crash without successfully installing or spreading the ransomware. If true, the result would undercut much of the early reporting on Windows XP's role in spreading the globe-spanning ransomware.

The core of WannaCry is a vulnerability in a Windows file-sharing system called SMB, which allowed WannaCry to spread quickly across vulnerable systems with no user interaction. But when Kryptos researchers targeted an XP …

Read the full story at The Verge.

Almost all WannaCry victims were running Windows 7

2017-05-19T13:53:09-04:00

One week after it first hit, researchers are getting a better handle on how the WannaCry ransomware spread so quickly - and judging from the early figures, the story seems to be almost entirely about Windows 7.

According to data released today by Kaspersky Lab, roughly 98 percent of the computers affected by the ransomware were running some version of Windows 7, with less than one in a thousand running Windows XP. 2008 R2 Server clients were also hit hard, making up just over 1 percent of infections.

View Link

Windows 7 is still by far the most common version of Windows, running on roughly four times as many computers as Windows 10 worldwid …

Read the full story at The Verge.

The NSA’s leaked Windows hack caused more damage than just WannaCry

2017-05-17T16:14:01-04:00

When the ShadowBrokers first published the code for EternalBlue - an NSA exploit targeting Windows' file-sharing protocol - researchers knew it was a bad bug. But most had no idea of the scale of the damage that would be caused by the vulnerability.

Much of that damage has only become visible in recent days, as a ransomware program dubbed "WannaCry" locked up computers from the UK's National Health Service to the Russian Ministry of the Interior. Some of the damage caused by EternalBlue was harder to spot, caused by more discreet malware designed to infect and monetize computers without leaving a trace. As researchers look for clues as to W …

Read the full story at The Verge.

After WannaCry, a new bill would force the NSA to justify its hacking tools

2017-05-17T12:06:36-04:00

After last week's massive ransomware attack shut down machines around the world, the NSA, which knew of the exploit before it was public, became a target for criticism. Microsoft patched the problem before the attack, but it's still raised questions about how, and when, the NSA decides to hold on to software vulnerabilities.

The Protecting Our Ability to Counter Hacking Act of 2017

A new bill would help bring accountability to how the NSA deals with those vulnerabilities. Introduced by Sen. Brian Schatz, the Protecting Our Ability to Counter Hacking Act of 2017, or PATCH Act, would establish a legal framework for the process, requiring feder …

Read the full story at The Verge.

The WannaCry ransomware has mysterious ties to North Korea

2017-05-15T16:24:46-04:00

Researchers at Kaspersky Lab have uncovered new evidence linking the WannaCry ransomware code to North Korea. In a post today, the group detailed a segment of code used in both an early WannaCry variant and a February 2015 sample attributed to the Lazarus Group, a Kaspersky-tracked actor tied to the North Korean government. The overlap was first spotted by Google researcher Neal Mehta, and Kaspersky believes the similarity goes far beyond shared code.

"We strongly believe the February 2017 sample was compiled by the same people," Kaspersky writes, "or by people with access to the same source code as the May 2017 WannaCry encryptor used in t …

Read the full story at The Verge.

Is Microsoft to blame for the largest ransomware attacks in internet history?

2017-05-15T11:33:59-04:00

Friday saw the largest global ransomware attack in internet history, and the world did not handle it well. We're only beginning to calculate the damage inflicted by the WannaCry program - in both dollars and lives lost from hospital downtime - but at the same time, we're also calculating blame.

There's a long list of parties responsible, including the criminals, the NSA, and the victims themselves - but the most controversial has been Microsoft itself. The attack exploited a Windows networking protocol to spread within networks, and while Microsoft released a patch nearly two months ago, it's become painfully clear that patch didn't reach a …

Read the full story at The Verge.

Microsoft says governments should stop ‘hoarding’ security vulnerabilities after WannaCry attack

2017-05-15T04:59:27-04:00

As news of the WannaCry ransomware attack broke last week, companies and governments scrambled first to keep it contained. Now, with more details about its origins and effects clear, those organizations are issuing their official responses.

Among the first is Microsoft, which rushed out an emergency patch for Windows XP on Friday, after formally ending support for the operating system three years ago. The company responded to the attacks with a strongly worded blog post, criticizing governments for "stockpiling" information about cybersecurity vulnerabilities, and likening the WannaCry attack to the US military "having some of its Tomahawk …

Read the full story at The Verge.

The WannaCry ransomware attack has spread to 150 countries

2017-05-14T13:42:13-04:00

Since its discovery on Friday afternoon, the WannaCry ransomware attack has continued to spread this weekend, impacting over 10,000 organizations and 200,000 individuals in over 150 countries, according to European authorities. However, while measures have been taken to slow the spread of the malware, new variations have begun to surface.

This morning, Europol director Rob Wainwright told the BBC that the cyberattack is "unprecedented in its scale," and noted that it will likely continue as people return to work on Monday. While Microsoft took the unusual step to issue a patch for Windows XP, the patch will only work if installed, and autho …

Read the full story at The Verge.