Advertisement

Hackers demand ransoms after unleashing global chaos with stolen US ‘cyber bug’

Germany's main train operator Deutsche Bahn was also affected by the ransomware.

Germany's main train operator Deutsche Bahn was also affected by the ransomware. Photo: Twitter/Pamela_Moore13

A mysterious cyber gang with alleged links to Russia has been blamed for an unprecedented for-profit global computer security attack that crippled thousands of agencies on Saturday.

The first sign of the malware attack came when British health services were plunged into chaos, with hospital and clinics turning away patients because the hackers had made patient records inaccessible.

From there the attack rolled around the world — although not to Australia, as far as is known.

Germany’s main rail network was brought to a standstill and US international shipper FedEx battled computer interference.

It’s thought hacker organisation Shadow Brokers may be responsible for the major breach after it previously leaked a tool in April developed by the US National Security Agency.

That NSA-developed cyber weapon, also known as Eternal Blue, gives unique access to all computers that use the Microsoft Windows operating system. It was developed to access the computers of terrorists, crime syndicates and enemy nations.

Hackers used the bug to “lock” computers in close to 100 countries, then followed up with ransomware known as WannaCry, that demands hundreds of dollars in digital currency Bitcoin in order to restore users’ access to their files.

“Nobody can recover your files without our decryption service”, the WannaCry pop-up boasted, demanding that victims pay $300 and warning the price would double in three days if the ransom demand was not met.

In a series of messages posted on Twitter, former intelligence worker Edward Snowden pointed the finger at the NSA, accusing the agency of failing to adequately alert others to the vulnerability.

“If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened,” Snowden tweeted.

After the Shadow Brokers leaked the bug in April, Snowden suggested they were likely operating on behalf of Russia.

“Circumstantial evidence and conventional wisdom indicates Russian responsibility,” Snowden said.

“This leak is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server.”

In a blog post on April 8, the Shadow Brokers directly addressed US President Donald Trump, saying the group was disappointed in his policies.

“Dear President Trump — respectfully, what the f*** are you doing? The Shadow Brokers voted for you. The Shadow Brokers is losing faith in you.”

Last month Microsoft Corporation security manager Phillip Misner warned customers the Shadow Brokers had released a large number of bugs, including ‘Eternal Blue’.

Mr Misner said most of the vulnerabilities exploited by the bugs had already been ‘patched’ and encouraged customers to ensure their computers were “up-to-date”.

Australia still at risk

Cybercrime expert Nigel Phair, of the University of Canberra’s Centre for Internet Safety, said the hack pointed to the poor “cyber hygiene” of countless victim organisations.

Mr Phair warned Australia could still be at risk although it was not yet among the 100-odd countries affected by the cybercrime.

“Maybe they haven’t targeted Australian organisations, but they might yet. We can’t rest on our laurels and need to do the updates and patch accordingly,” Mr Phair said.

Security software maker Avast tallied more than 57,000 infections in up to 99 countries.

The hackers also disrupted several French media companies and aerospace giant Airbus as well as telecommunications companies, including Telefonica in Spain, Portugal Telecom and Telefonica Argentina.

Russia’s interior and emergency ministries were also not immune, with the country’s largest bank, Sberbank, reporting it had been affected and Megafon, a top Russian mobile operator, similarly hit.

Russian media also listed the Investigative Committee, the nation’s top criminal investigation agency, also has been targeted.

Megafon, a top Russian mobile operator, also said it has come under cyber attacks that appeared similar to those that crippled UK hospitals on Friday.

Advertisement
Stay informed, daily
A FREE subscription to The New Daily arrives every morning and evening.
The New Daily is a trusted source of national news and information and is provided free for all Australians. Read our editorial charter.
Copyright © 2024 The New Daily.
All rights reserved.