(National Sentinel) Cyberwar: Hackers using malware they stole from the National Security Agency hit dozens of countries on Friday in a massive ransomware attack that some cyber analysts believe was a sort of dry run in advance of a much larger assault.
As The New York Times reported, British hospitals appear to be the hardest hit by the attack, though by far were not the only victims. Ironically, though the malware utilized was stolen from the NSA, the United States was not among the hardest hit:
Corporate computer systems in many other countries — including FedEx of the United States, one of the world’s leading international shippers — were among those affected.
Kaspersky Lab, a Russian cybersecurity firm, said it had recorded at least 45,000 attacks in as many as 74 countries. The worst hit by far was Russia, followed by Ukraine, India and Taiwan, the company said. Users in Latin America and Africa were also struck.
At present no one knows who is responsible for the attacks, but cyber experts are nearly universal in their opinion that this won’t be the last one. A group calling itself the Shadow Brokers leaked the stolen NSA malware.
What’s more, the attacks make it clear that computer systems the world over remain extremely vulnerable to cyber assaults, as IT system security around the world is a maintained via a patchwork of various levels that do not coordinate with each other.
“When people ask what keeps you up at night, it’s this,” Chris Camacho, the chief strategy officer at Flashpoint, a New York security firm tracking the attacks, told The New York Times.
Ransomware works by locking users out of their system, encrypting their files and then demanding a ransom – often via Bitcoin so it cannot be tracked – in order to get their computers unlocked.
The ransomware used is called WannaCry and Shadow Brokers has been dumping it and other stolen software online since last year.
The malware was particularly effective against Microsoft systems. The company issued a patch in March but it was not universally installed by users around the world.
“It’s one of the first times we’ve seen a large international global campaign,” Camacho said, as reported by the Washington Post.
“There is going to be a lot more of these attacks,” he said. “We’ll see copycats, and not just for ransomware, but other attacks.”
Ironically, the attacks came a day after President Donald J. Trump signed an executive order requiring federal agencies to strengthen cyber security.
“The President will hold heads of executive departments and agencies (agency heads) accountable for managing cybersecurity risk to their enterprises,” the order states.
“In addition, because risk management decisions made by agency heads can affect the risk to the executive branch as a whole, and to national security, it is also the policy of the United States to manage cybersecurity risk as an executive branch enterprise.”