Jump to content

WannaCry ransomware attack: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Good Faith but there is already a redirect to the German article to the left of the article. Undid revision 781363609 by 分液漏斗 (talk)
Line 222: Line 222:
[[Category:May 2017 crimes]]
[[Category:May 2017 crimes]]
[[Category:Ransomware]]
[[Category:Ransomware]]

[[de:WannaCry]]

Revision as of 19:54, 20 May 2017

WannaCry
Screenshot of the ransom note left on an infected system
Date12 May 2017 – present
LocationWorldwide
Also known asWannaCrypt
WanaCrypt0r
Wana Decrypt0r 2.0
WCRY
WNCRY
TypeCyberattack
ThemeRansomware encrypting files with $300 – $600 demand (via bitcoin)
Cause
OutcomeOver 200,000 victims and more than 230,000 computers infected[1][2]

The WannaCry ransomware attack is an ongoing worldwide cyberattack by the WannaCry[a] ransomware cryptoworm, which targets computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.[7]

The attack started on Friday, 12 May 2017,[8] and has been described as unprecedented in scale, infecting more than 230,000 computers in over 150 countries.[9][10] Parts of Britain's National Health Service (NHS),[11] Spain's Telefónica, FedEx and Deutsche Bahn were hit,[12][13][14] along with many other countries and companies worldwide.[15][16][17][18]

WannaCry spreads across local networks and the Internet[19] to systems that have not been updated with recent security updates, to directly infect any exposed systems.[5][20] To do so it uses the EternalBlue exploit developed by the U.S. National Security Agency (NSA),[21][22] which was released by The Shadow Brokers two months before.[23] A "critical" patch had been issued by Microsoft on 14 March 2017 to remove the underlying vulnerability for supported systems, nearly two months before the attack,[24] but many organizations had not yet applied it.[25] Those still running exposed older, unsupported operating systems such as Windows XP and Windows Server 2003, were initially at particular risk but the day after the outbreak Microsoft took the unusual step of releasing updates for these operating systems too.[3][26]

Shortly after the attack began, a web security researcher who blogs as "MalwareTech" discovered an effective kill switch by registering a domain name he found in the code of the ransomware. This greatly slowed the spread of the infection, but new versions have since been detected that lack the kill switch.[27][28][29][30][31] As per official news agencies reports, the cyber attack has slowed down drastically and has died down as of 19 May 2017.

Elements of the software

Detailed technical writeups of the WannaCry[a] ransomware computer worm that targets computers running Microsoft Windows[32] have now been done, including by: Microsoft,[33]Talos,[19]Malwarebytes,[34] and McAfee.[35]

The "payload" works in the same fashion as most modern ransomware: it finds and encrypts a range of data files, then displays a "ransom note" informing the user and demanding a payment in bitcoin.[36] It is considered a network worm because it also includes a "transport" mechanism to automatically spread itself. This transport code scans for vulnerable systems, then uses the EternalBlue exploit to gain access, and the DoublePulsar exploit to install and execute a copy of itself.[19]

EternalBlue

Main article: EternalBlue

The network infection vector, EternalBlue, was released by the hacker group The Shadow Brokers on 14 April 2017,[23] along with other tools apparently leaked from Equation Group, which is widely believed to be part of the United States National Security Agency.[37][38]

EternalBlue exploits vulnerability MS17-010[24] in Microsoft's implementation of the Server Message Block (SMB) protocol.[32] This Windows vulnerability was not a zero-day flaw, but one for which Microsoft had released a "critical" advisory, along with a security patch to fix the vulnerability two months before, on 14 March 2017.[24] The patch was to the Server Message Block (SMB) protocol used by Windows,[39][40] and fixed several client versions of the Microsoft Windows operating system, including Windows Vista onwards (with the exception of Windows 8), as well as server and embedded versions such as Windows Server 2008 onwards and Windows Embedded POSReady 2009 respectively, but not the older Windows XP, according to Microsoft.[24] According to Dona Sarkar, head of the Windows Insider Program at Microsoft, Windows 10 was not affected.[41]

DoublePulsar

Main article: DoublePulsar

DoublePulsar is a backdoor tool, also released by The Shadow Brokers on 14 April 2017,[23] Starting from 21 April 2017, security researchers reported that computers with the DoublePulsar backdoor installed were in the tens of thousands.[42] By 25 April, reports estimated the number of infected computers to be up to several hundred thousands, with numbers increasing exponentially every day.[43][44] The WannaCry code can take advantage of any existing DoublePulsar infection, or installs it itself.[19][45][46]

"Kill switch"

The software contained a URL that, when discovered and registered by a security researcher to track activity from infected machines, was found to act as a "kill switch" that shuts down the software, stopping the spread of the ransomware. The researcher speculated that this had been included in the software as a mechanism to prevent it being run on quarantined machines so that it is harder for anti-virus researchers to investigate the software; he observed that some sandbox environments will respond to all queries with traffic in order to trick the software into thinking that it is still able to access the internet, so the software queried an "intentionally unregistered domain" to verify it was receiving traffic that it should not.[47] He also noted that it was not an unprecedented technique, having been observed in the Necurs trojan.[47]

Attribution

Although cybersecurity companies Kaspersky Lab and Symantec have both said the code has some similarities with that previously used by the Lazarus Group[48] (believed to have carried out the cyberattack on Sony Pictures in 2014 and a Bangladesh bank heist in 2016—and linked to North Korea).[48] This may be either simple re-use of code by another group, or an attempt to shift blame—as in a cyber false flag operation.[48] North Korea denies being responsible for the cyberattack.[49]

The cyberattack

Map of the countries initially affected[50]

On 12 May 2017 WannaCry began affecting computers worldwide,[51] with evidence pointing to an initial infection in Asia at 7:44am UTC.[8][52] The initial infection was likely through an exposed vulnerable SMB port,[53] rather than email phishing as initially assumed.[8]

When executed, the malware first checks the "kill switch" domain name;[b] if it is not found, then the ransomware encrypts the computer's data,[54][36][55] then attempts to exploit the SMB vulnerability to spread out to random computers on the Internet,[34] and "laterally" to computers on the same network.[35] As with other modern ransomware, the payload displays a message informing the user that files have been encrypted, and demands a payment of around $300 in bitcoin within three days, or $600 within seven days.[36][56]

Organizations that had not installed Microsoft's security update were affected by the attack.[39] Those still running the older Windows XP[57] were at particularly high risk because no security patches had been released since April 2014 (with the exception of one emergency patch released in May 2014).[3][58] However, the day after the outbreak Microsoft released an emergency security patch for Windows XP.[3] Currently[when?] less than 0.1% of the affected computers were running Windows XP.[59]

However Kaspersky Labs study reports that 98 percent of the affected computers were running Windows 7.[60]

According to Wired, affected systems will also have had the DoublePulsar backdoor installed; this will also need to be removed when systems are decrypted.[6]

Three hardcoded bitcoin addresses, or "wallets", are used to receive the payments of victims. As with all such wallets, their transactions and balances are publicly accessible even though the wallet owners remain unknown.[61] As of 19 May 2017, at 12:00 UTC, a total of 291 payments totaling $92,879.51 had been transferred.[62]

Defensive response

Several hours after the initial release of the ransomware on 12 May 2017, while trying to establish the size of the attack, Marcus Hutchins,[63] a researcher who blogs under the handle @MalwareTech,[47] accidentally discovered what amounted to be a "kill switch" hardcoded in the malware.[64][65][66] Registering a domain name for a DNS sinkhole stopped the attack spreading as a worm, because the ransomware only encrypted the computer's files if it was unable to connect to that domain, which all computers infected with WannaCry before the website's registration had been unable to do. While this did not help already infected systems, it severely slowed the spread of the initial infection and gave time for defensive measures to be deployed worldwide, particularly in North America and Asia, which had not been attacked to the same extent as elsewhere. [67][68][69][70]

Microsoft released a statement recommending users to install update MS17-010 to protect themselves against the attack.[3] In an unusual move, the company also made security patches available to the general public for several out-of-support versions of Windows, including Windows XP, Windows 8 and Windows Server 2003.[3]

On 16 May 2017, researchers from University College London and Boston University reported that their PayBreak system could defeat WannaCry and several other families of ransomware.[71][72] On 19 May 2017, a group of French security researchers reported that they had found a way to unlock the program without paying the ransom under some circumstances.[73]

Advice on ransom

As of 17 May 2017, although many people paid the $300-$600 ransom, there were no known cases of someone paying and being given the means to decrypt their data.[74] According to Check Point Software Technologies, "WannaCry doesn’t seem to have a way of associating a payment to the person making it".[75] It seems from WannaCry's code that decryption cannot occur without direct manual intervention by the hackers, and no communications sent to them have been answered.[76] In light of these facts, experts strongly advise against paying the ransom.[74][76]

A flaw in the encryption used by the WannaCry malware has been used to create a tool called "WannaKey" which can, in some cases, decrypt a WannaCry infected Windows XP PC's files. It works by pulling traces of a private key from the memory of an infected Windows XP computer, but its creator, Adrien Guinet, cautions that "the trick fails if the malware or any other process happened to overwrite the lingering decryption key, or if the computer rebooted any time after infection". Guinet recommends users leave the computer untouched until they can run his program.[77] This tool was later reused by other researchers for a new tool "wanakiwi" that also works for Windows Server 2003 and Windows 7.[73][78]

Impact

The ransomware campaign was unprecedented in scale according to Europol,[9] which estimates that around 200,000 computers were infected across 150 countries. According to Kaspersky Lab, the four most affected countries were Russia, Ukraine, India and Taiwan.[79]

The attack affected many National Health Service hospitals in England and Scotland,[80] and up to 70,000 devices – including computers, MRI scanners, blood-storage refrigerators and theatre equipment – may have been affected.[81] On 12 May, some NHS services had to turn away non-critical emergencies, and some ambulances were diverted.[12][82] In 2016, thousands of computers in 42 separate NHS trusts in England were reported to be still running Windows XP.[57] NHS hospitals in Wales and Northern Ireland were unaffected by the attack.[11][12]

Nissan Motor Manufacturing UK in Tyne and Wear, England halted production after the ransomware infected some of their systems. Renault also stopped production at several sites in an attempt to stop the spread of the ransomware.[83][84]

The attack's impact is said to be relatively low compared to other potential attacks of the same type and could have been much worse had a security expert, who was independently researching the malware, not discovered that a kill-switch had been built in by its creators[85][86] or if it had been specifically targeted on highly critical infrastructure, like nuclear power plants, dams or railway systems.[87][88]

Reactions

A number of experts highlighted the NSA's non-disclosure of the underlying vulnerability, and their loss of control over the EternalBlue attack tool that exploited it. Edward Snowden said that if the NSA had "privately disclosed the flaw used to attack hospitals when they found it, not when they lost it, [the attack] may not have happened".[89] British cybersecurity expert Graham Cluley also sees "some culpability on the part of the U.S. intelligence services". According to him and others "they could have done something ages ago to get this problem fixed, and they didn't do it". He also said that despite obvious uses for such tools to spy on people of interest, they have a duty to protect their countries' citizens.[90] Others have also commented that this attack shows that the practice of intelligence agencies to stockpile exploits for offensive purposes rather than disclosing them for defensive purposes may be problematic.[86] Microsoft president and chief legal officer Brad Smith wrote, "Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen."[91][92][93] Russian President Vladimir Putin placed the responsibility of the attack on U.S. intelligence services, for having created EternalBlue.[94]

Other experts also used the publicity around the attack as a chance to reiterate the value and importance of having good, regular and secure backups, good cybersecurity including isolating critical systems, using appropriate software, and having the latest security patches installed.[95] Adam Segal, director of the digital and cyberspace policy program at the Council on Foreign Relations, stated that "the patching and updating systems are broken, basically, in the private sector and in government agencies".[86] In addition, Segal said that governments' apparent inability to secure vulnerabilities "opens a lot of questions about backdoors and access to encryption that the government argues it needs from the private sector for security".[86] Arne Schönbohm, President of Germany's Federal Office for Information Security (BSI), stated that "the current attacks show how vulnerable our digital society is. It's a wake-up call for companies to finally take IT security [seriously]".[40]

The effects of the attack also had political implications; in the UK the impact on the NHS quickly became political, with claims that the effects were exacerbated by Government under-funding of the NHS, in particular the refusal to pay extra to keep protecting outdated Windows XP systems from such attacks.[96] Home Secretary Amber Rudd refused to say whether patient data had been backed up, and Shadow Health Secretary Jon Ashworth accused Health Secretary Jeremy Hunt of refusing to act on a critical note from Microsoft, the National Cyber Security Centre (NCSC) and the National Crime Agency that had been received two months previously.[97] Gavin E. L Hall, a doctoral researcher at the University of Birmingham, has argued that an important debate should begin into the role of the Government in cyber-intrusions based from "an educational starting point that a cyber-intrusion will happen and you will lose data".[98] Others find that hardware and software vendors often fail to account for future security flaws, selling systems that − due to their technical design and market incentives − eventually won't be able to properly receive and apply patches.[99]

Independent research and development

As both nations and the international community have seemingly failed to establish organizations that prevent and mitigate such cyberthreats sufficiently independent researchers, often working in their spare time, were prominently involved in the spread limitation, damage control and public preventive education.

Edward Snowden highlights this, stating that when "[NSA]-enabled ransomware eats the internet, help comes from researchers, not spy agencies" and asks why this is the case.[100][101]

This was the case when a 22-year-old security researcher accidentally discovered and activated a "kill switch" that shut down the software, temporarily stopping further spread of the malware.[85][102]

It was also the case when a global loose-knit team of security researchers collaborated online to develop open source tools[78][103] that allow for decryption without payment under some circumstances.[73]

Affected organizations

The following is an alphabetical list of organisations confirmed to have been affected:

See also

Notes

  1. ^ a b The worm is also known as WannaCrypt,[3] WanaCrypt0r 2.0,[4][5] Wanna Decryptor[6]
  2. ^ iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com

References

  1. ^ "Ransomware attack still looms in Australia as Government warns WannaCry threat not over". Australian Broadcasting Corporation. Retrieved 15 May 2017.
  2. ^ Cameron, Dell. "Today's Massive Ransomware Attack Was Mostly Preventable; Here's How To Avoid It". Gizmodo. Retrieved 13 May 2017.
  3. ^ a b c d e f MSRC Team. "Customer Guidance for WannaCrypt attacks". Microsoft. Retrieved 13 May 2017.
  4. ^ Jakub Kroustek (12 May 2017). "Avast reports on WanaCrypt0r 2.0 ransomware that infected NHS and Telefonica". Avast Security News. Avast Software, Inc.
  5. ^ a b Fox-Brewster, Thomas. "An NSA Cyber Weapon Might Be Behind A Massive Global Ransomware Outbreak". Forbes. Retrieved 12 May 2017.
  6. ^ a b Woollaston, Victoria. "Wanna Decryptor: what is the 'atom bomb of ransomware' behind the NHS attack?". WIRED UK. Retrieved 13 May 2017.
  7. ^ "WannaCry Infecting More Than 230,000 Computers in 99 Countries". Eyerys. 12 May 2017.
  8. ^ a b c Brenner, Bill. "WannaCry: the ransomware worm that didn't arrive on a phishing hook". Naked Security. Sophos. Retrieved 18 May 2017.
  9. ^ a b "Cyber-attack: Europol says it was unprecedented in scale". BBC News. 13 May 2017. Retrieved 13 May 2017.
  10. ^ "'Unprecedented' cyberattack hits 200,000 in at least 150 countries, and the threat is escalating". CNBC. 14 May 2017. Retrieved 16 May 2017.
  11. ^ a b c d Marsh, Sarah (12 May 2017). "The NHS trusts hit by malware – full list". The Guardian. London. Retrieved 12 May 2017.
  12. ^ a b c d e "NHS cyber-attack: GPs and hospitals hit by ransomware". BBC News. 12 May 2017. Retrieved 12 May 2017.
  13. ^ Hern, Alex; Gibbs, Samuel (12 May 2017). "What is 'WanaCrypt0r 2.0' ransomware and why is it attacking the NHS?". The Guardian. London. ISSN 0261-3077. Retrieved 12 May 2017.
  14. ^ "Statement on reported NHS cyber attack". digital.nhs.uk. Retrieved 12 May 2017.
  15. ^ Cox, Joseph (12 May 2017). "A Massive Ransomware 'Explosion' Is Hitting Targets All Over the World". Motherboard. Retrieved 12 May 2017.
  16. ^ a b Larson, Selena (12 May 2017). "Massive ransomware attack hits 99 countries". CNN. Retrieved 12 May 2017.
  17. ^ "The WannaCry ransomware attack has spread to 150 countries". The Verge. 14 May 2017. Retrieved 16 May 2017.
  18. ^ "Security researchers link North Korea to massive WannaCry ransomware hack". Retrieved 16 May 2017.
  19. ^ a b c d "Player 3 Has Entered the Game: Say Hello to 'WannaCry'". blog.talosintelligence.com. Retrieved 16 May 2017.
  20. ^ Larson, Selena (12 May 2017). "Massive ransomware attack hits 74 countries". CNNMoney. Retrieved 12 May 2017.
  21. ^ "NHS cyber attack: Edward Snowden says NSA should have prevented cyber attack". The Independent. Retrieved 13 May 2017.
  22. ^ "NHS cyber attack: Everything you need to know about 'biggest ransomware' offensive in history". The Daily Telegraph. Retrieved 13 May 2017.
  23. ^ a b c "NSA-leaking Shadow Brokers just dumped its most damaging release yet". Ars Technica. Retrieved 15 April 2017.
  24. ^ a b c d "Microsoft Security Bulletin MS17-010 – Critical". technet.microsoft.com. Retrieved 13 May 2017.
  25. ^ 15:58, 12 May 2017 at; tweet_btn(), John Leyden. "WanaCrypt ransomware snatches NSA exploit, fscks over Telefónica, other orgs in Spain". The Register. Retrieved 12 May 2017. {{cite web}}: |last1= has numeric name (help)CS1 maint: numeric names: authors list (link)
  26. ^ Surur (13 May 2017). "Microsoft release Wannacrypt patch for unsupported Windows XP, Windows 8 and Windows Server 2003". mspoweruser.com. Retrieved 13 May 2017.
  27. ^ Khandelwal, Swati. "It's Not Over, WannaCry 2.0 Ransomware Just Arrived With No 'Kill-Switch'". The Hacker News. Retrieved 14 May 2017.
  28. ^ "Erpressungssoftware: Experten fürchten neue "WannaCry"-Attacken – SPIEGEL ONLINE – Netzwelt". Der Spiegel. Retrieved 14 May 2017.
  29. ^ Shieber, Jonathan. "Companies, governments brace for a second round of cyberattacks in WannaCry's wake". TechCrunch. Retrieved 14 May 2017.
  30. ^ Chan, Sewell; Scott, Mark (14 May 2017). "Cyberattack's Impact Could Worsen in 'Second Wave' of Ransomware". The New York Times. Retrieved 14 May 2017.
  31. ^ "Warning: Blockbuster 'WannaCry' malware could just be getting started". NBC News. Retrieved 14 May 2017.
  32. ^ a b "The legacy code behind WannaCry – the skeleton in the closet". scademy.com/blog/. Retrieved 18 April 2017.
  33. ^ "WannaCrypt ransomware worm targets out-of-date systems". TechNet. Microsoft. Retrieved 20 May 2017.
  34. ^ a b Clark, Zammis. "The worm that spreads WanaCrypt0r". Malwarebytes Labs. malwarebytes.com. Retrieved 13 May 2017.
  35. ^ a b Samani, Raj. "An Analysis of the WANNACRY Ransomware outbreak". McAfee. Retrieved 13 May 2017.
  36. ^ a b c "What you need to know about the WannaCry Ransomware". Symantec Security Response. Retrieved 14 May 2017.
  37. ^ Fox-Brewster, Thomas (16 February 2015). "Equation = NSA? Researchers Uncloak Huge 'American Cyber Arsenal'". Forbes. Retrieved 24 November 2015.
  38. ^ "Latest Shadow Brokers dump – owning SWIFT Alliance Access, Cisco and Windows". Medium. 14 April 2017. Retrieved 15 April 2017.
  39. ^ a b "WannaCry Ransomware Attack Hits Victims With Microsoft SMB Exploit". eWeek. Retrieved 13 May 2017.
  40. ^ a b "WannaCry: BSI ruft Betroffene auf, Infektionen zu melden" (in German). heise online. Retrieved 14 May 2017.
  41. ^ "Dona Sarkar on Twitter".
  42. ^ Goodin, Dan. "10,000 Windows computers may be infected by advanced NSA backdoor". ARS Technica. Retrieved 14 May 2017.
  43. ^ Goodin, Dan. "NSA backdoor detected on >55,000 Windows boxes can now be remotely removed". ARS Technica. Retrieved 14 May 2017.
  44. ^ Broersma, Matthew. "NSA Malware 'Infects Nearly 200,000 Systems'". Silicon. Retrieved 14 May 2017.
  45. ^ Cameron, Dell (13 May 2017). "Today's Massive Ransomware Attack Was Mostly Preventable; Here's How To Avoid It". Gizmodo. Retrieved 15 May 2017.
  46. ^ "How One Simple Trick Just Put Out That Huge Ransomware Fire". Forbes. 24 April 2017. Retrieved 15 May 2017.
  47. ^ a b c MalwareTech (13 May 2017). "How to Accidentally Stop a Global Cyber Attacks".
  48. ^ a b c Solong, Olivia (15 May 2017). "WannaCry ransomware has links to North Korea, cybersecurity experts say". The Guardian. {{cite news}}: Cite has empty unknown parameter: |dead-url= (help)
  49. ^ Uchill, Joe (19 May 2017). "North Korea denies role in WannaCry malware". TheHill. Retrieved 20 May 2017.
  50. ^ "Cyber-attack: Europol says it was unprecedented in scale". BBC. 13 May 2017.
  51. ^ Newman, Lily Hay. "The Ransomware Meltdown Experts Warned About Is Here". Wired. Retrieved 13 May 2017.
  52. ^ Yuzifovich, Yuriy. "WannaCry: views from the DNS frontline". Security and Data Science. nominum. Retrieved 18 May 2017.
  53. ^ Goodin, Dan. "An NSA-derived ransomware worm is shutting down computers worldwide". ARS Technica. Retrieved 14 May 2017.
  54. ^ "Russian-linked cyber gang blamed for NHS computer hack using bug stolen from US spy agency". The Telegraph. Retrieved 12 May 2017.
  55. ^ Bilefsky, Dan; Perlroth, Nicole (12 May 2017). "Hackers Hit Dozens of Countries Exploiting Stolen N.S.A. Tool". The New York Times. ISSN 0362-4331. Retrieved 12 May 2017.
  56. ^ Thomas, Andrea; Grove, Thomas; Gross, Jenny (13 May 2017). "More Cyberattack Victims Emerge as Agencies Search for Clues". The Wall Street Journal. ISSN 0099-9660. Retrieved 14 May 2017.
  57. ^ a b "NHS Hospitals Are Running Thousands of Computers on Unsupported Windows XP". Motherboard. Retrieved 13 May 2017.
  58. ^ "Windows XP End of Support". Microsoft. Retrieved 13 May 2017.
  59. ^ http://techpp.com/2017/05/20/wannacry-ransomware-windows-7-xp/
  60. ^ http://techpp.com/2017/05/20/wannacry-ransomware-windows-7-xp/
  61. ^ Collins, Keith. "Watch as these bitcoin wallets receive ransomware payments from the global cyberattack". Quartz. Retrieved 14 May 2017.
  62. ^ "@actual_ransom tweets". Twitter. Retrieved 19 May 2017.
  63. ^ "'Just doing my bit': The 22yo who blocked the WannaCry cyberattack". ABC News. 16 May 2017. Retrieved 17 May 2017.
  64. ^ "Government under pressure after NHS crippled in global cyber attack as weekend of chaos looms". The Telegraph. 12 May 2017.
  65. ^ Thomson, Iain (13 May 2017). "74 countries hit by NSA-powered WannaCrypt ransomware backdoor: Emergency fixes emitted by Microsoft for WinXP+". The Register.
  66. ^ Khomami, Nadia; Solon, Olivia (13 May 2017). "'Accidental hero' halts ransomware attack and warns: this is not over". The Guardian.
  67. ^ Newman, Lily Hay. "How an Accidental 'Kill Switch' Slowed Friday's Massive Ransomware Attack". Wired Security. Retrieved 14 May 2017.
  68. ^ Solon, Olivia (13 May 2017). "'Accidental hero' finds kill switch to stop spread of ransomware cyber-attack". The Guardian. London. Retrieved 13 May 2017.
  69. ^ Foxx, Chris (13 May 2017). "Global cyber-attack: Security blogger halts ransomware 'by accident'". BBC. Retrieved 13 May 2017.
  70. ^ Kan, Micael. "A 'kill switch' is slowing the spread of WannaCry ransomware". PC World. Retrieved 13 May 2017.
  71. ^ "Protection from Ransomware like WannaCry". College of Engineering. Boston University. Retrieved 19 May 2017.
  72. ^ Kolodenker, Eugene (16 May 2017). "PayBreak able to defeat WannaCry/WannaCryptor ransomware". Information Security Research & Education. Bentham’s Gaze. University College London. Retrieved 19 May 2017.
  73. ^ a b c Auchard, Eric (19 May 2017). "French researchers find way to unlock WannaCry without ransom". Reuters. Retrieved 19 May 2017.
  74. ^ a b "Ransomware attack hits 200,000 computers across the globe". New Scientist. 17 May 2017.
  75. ^ "WannaCry – Paid Time Off?". Check Point Software Technologies, Ltd. 14 May 2017.
  76. ^ a b Baraniuk, Chris (15 May 2017). "Should you pay the WannaCry ransom?". BBC.
  77. ^ Greenberg, Andy (18 May 2017). "A WannaCry flaw could help some windows XP users get files back". Wired.
  78. ^ a b "gentilkiwi/wanakiwi". GitHub. Retrieved 20 May 2017.
  79. ^ Jones, Sam (14 May 2017). "Global alert to prepare for fresh cyber attacks". Financial Times. {{cite news}}: |access-date= requires |url= (help)
  80. ^ "Global cyberattack strikes dozens of countries, cripples U.K. hospitals". CBS News. Retrieved 13 May 2017.
  81. ^ Ungoed-Thomas, Jon; Henry, Robin; Gadher, Dipesh (14 May 2017). "Cyber-attack guides promoted on YouTube". The Sunday Times. Retrieved 14 May 2017.
  82. ^ Wong, Julia Carrie; Solon, Olivia (12 May 2017). "Massive ransomware cyber-attack hits 74 countries around the world". The Guardian. London. Retrieved 12 May 2017.
  83. ^ Sharman, Jon (13 May 2017). "Cyber-attack that crippled NHS systems hits Nissan car factory in Sunderland and Renault in France". The Independent. Retrieved 13 May 2017.
  84. ^ Rosemain, Mathieu; Le Guernigou, Yann; Davey, James (13 May 2017). "Renault stops production at several plants after ransomware cyber attack as Nissan also hacked". Daily Mirror. Retrieved 13 May 2017.
  85. ^ a b "Lucky break slows global cyberattack; what's coming could be worse". Chicago Tribune. Retrieved 14 May 2017.
  86. ^ a b c d Helmore, Edward (13 May 2017). "Ransomware attack reveals breakdown in US intelligence protocols, expert says". The Guardian. Retrieved 14 May 2017.
  87. ^ "The Latest: Researcher who helped halt cyberattack applauded". Star Tribune. Retrieved 14 May 2017.
  88. ^ "Global 'WannaCry' ransomware cyberattack seeks cash for data". Washington Post. Retrieved 16 May 2017.
  89. ^ Wong, Julia Carrie; Solon, Olivia (12 May 2017). "Massive ransomware cyber-attack hits 74 countries around the world". The Guardian. Retrieved 12 May 2017.
  90. ^ Heintz, Sylvia Hui, Allen G. Breed and Jim. "Lucky break slows global cyberattack; what's coming could be worse". Chicago Tribune. Retrieved 14 May 2017.{{cite web}}: CS1 maint: multiple names: authors list (link)
  91. ^ "Ransomware attack 'like having a Tomahawk missile stolen', says Microsoft boss". The Guardian. 14 May 2017. Retrieved 15 May 2017.
  92. ^ Storm, Darlene (15 May 2017). "WikiLeaks posts user guides for CIA malware implants Assassin and AfterMidnight". Computerworld. Retrieved 17 May 2017. {{cite news}}: Cite has empty unknown parameter: |dead-url= (help)
  93. ^ Smith, Brad. "The need for urgent collective action to keep people safe online". Microsoft. Retrieved 14 May 2017.
  94. ^ a b Vidal Liy, Macarena (15 May 2017). "Putin culpa a los servicios secretos de EE UU por el virus 'WannaCry' que desencadenó el ciberataque mundial" (in Spanish). El País. Retrieved 16 May 2017.
  95. ^ Coughlin, Tom. "WannaCry Ransomware Demonstrations The Value of Better Security and Backups". Forbes. Retrieved 14 May 2017.
  96. ^ "The ransomware attack is all about the insufficient funding of the NHS". The Guardian. 13 May 2017. Retrieved 14 May 2017.
  97. ^ "Jeremy Hunt 'ignored warning signs' before cyber-attack hit NHS". The Guardian. 13 May 2017. Retrieved 14 May 2017.
  98. ^ Hall, Gavin E. L. (18 May 2017). "WannaCry: The Role of Government in Cyber-Intrusions". Fair Observer. Retrieved 18 May 2017.
  99. ^ Larson, Selena. "Why WannaCry ransomware took down so many businesses". The Philadelphia Tribune. Retrieved 20 May 2017.
  100. ^ "Edward Snowden on Twitter". Twitter. Retrieved 20 May 2017.
  101. ^ "Edward Snowden on Twitter". Twitter. Retrieved 20 May 2017.
  102. ^ "How to Accidentally Stop a Global Cyber Attacks | MalwareTech". www.malwaretech.com. Retrieved 20 May 2017.
  103. ^ "aguinet/wannakey". GitHub. Retrieved 20 May 2017.
  104. ^ "Andhra police computers hit by cyberattack". The Times of India. 13 May 2017. Retrieved 13 May 2017.
  105. ^ "«Χάκαραν» και το ΑΠΘ στην παγκόσμια κυβερνοεπίθεση!". Proto Thema (in Greek). 13 May 2017. Retrieved 18 May 2017.
  106. ^ "Atacul cibernetic global a afectat și Uzina Dacia de la Mioveni. Renault a anunțat că a oprit producția și în Franța". Pro TV (in Romanian). 13 May 2017.
  107. ^ "Hackers demand $54K in Cambrian College ransomware attack". CBC.ca. Retrieved 16 May 2017.
  108. ^ a b Mimi Lau (14 May 2017). "Chinese police and petrol stations hit by ransomware attack". South China Morning Post. Retrieved 15 May 2017.
  109. ^ "Korean gov't computers safe from WannaCry attack". The Korea Herald. Retrieved 15 May 2017.
  110. ^ "Weltweite Cyberattacke trifft Computer der Deutschen Bahn". Frankfurter Allgemeine Zeitung (in German). 13 May 2017. Retrieved 13 May 2017.
  111. ^ a b c d "Global cyber attack: A look at some prominent victims" (in Spanish). elperiodico.com. 13 May 2017. Retrieved 14 May 2017.
  112. ^ "Hackerský útok zasiahol aj Fakultnú nemocnicu v Nitre". etrend.sk (in Slovak). 15 May 2017. Retrieved 15 May 2017.
  113. ^ "What is Wannacry and how can it be stopped?". Financial Times. 12 May 2017. Retrieved 13 May 2017.
  114. ^ "เซิร์ฟเวอร์เกม Blade & Soul ของ Garena ประเทศไทยถูก WannaCrypt โจมตี" (in Thai). blognone.com. 13 May 2017. Retrieved 14 May 2017.
  115. ^ "日立製作所 サイバー攻撃で社内システム一部に障害". NHK News Web (in Japanese). 15 May 2017. Retrieved 15 May 2017.
  116. ^ "Instituto Nacional de Salud, entre víctimas de ciberataque mundial". El Tiempo (in Spanish). 13 May 2017.
  117. ^ "Ontario health ministry on high alert amid global cyberattack". Toronto Star.
  118. ^ "LATAM Airlines también está alerta por ataque informático". Fayerwayer. Retrieved 13 May 2017.
  119. ^ "Massive cyber attack creates chaos around the world". news.com.au. Retrieved 13 May 2017.
  120. ^ "Researcher 'accidentally' stops spread of unprecedented global cyberattack". ABC News. Retrieved 13 May 2017.
  121. ^ "UPDATE. Atac cibernetic la MAE. Cine sunt hackerii de elită care au falsificat o adresă NATO". Libertatea (in Romanian). 12 May 2017.
  122. ^ a b "Cyber-attack that crippled NHS systems hits Nissan car factory in Sunderland and Renault in France". The Independent. 13 May 2017. Retrieved 13 May 2017.
  123. ^ "Nach Attacke mit Trojaner WannaCry: Kundensystem bei O2 ausgefallen" (in German). FOCUS Online. Retrieved 20 May 2017.
  124. ^ "Erhebliche Störungen – WannaCry: Kundendienst von O2 ausgefallen – HAZ – Hannoversche Allgemeine" (in German). Hannoversche Allgemeine Zeitung. Retrieved 20 May 2017.
  125. ^ "PT Portugal alvo de ataque informático internacional". Observador (in Portuguese). 12 May 2017. Retrieved 13 May 2017.
  126. ^ "Parkeerbedrijf Q-Park getroffen door ransomware-aanval". Nu.nl (in Dutch). 13 May 2017. Retrieved 14 May 2017.
  127. ^ "France's Renault hit in worldwide 'ransomware' cyber attack" (in Spanish). France 24. 13 May 2017. Retrieved 13 May 2017.
  128. ^ "Компьютеры РЖД подверглись хакерской атаке и заражены вирусом". Radio Free Europe/Radio Liberty. Retrieved 13 May 2017.
  129. ^ a b "WannaCry no Brasil e no mundo". O Povo (in Portuguese). 13 May 2017. Retrieved 13 May 2017.
  130. ^ Amjad Shacker [@AmjadShacker] (14 May 2017). "⁥⁥" (Tweet) – via Twitter.
  131. ^ a b c "Ransomware WannaCry Surfaces In Kerala, Bengal: 10 Facts". New Delhi Television Limited (NDTV). Retrieved 15 May 2017.
  132. ^ Sanjana Nambiar (16 May 2017). "Hit by WannaCry ransomware, civic body in Mumbai suburb to take 3 more days to fix computers". Hindustn Times. Retrieved 17 May 2017.
  133. ^ "Un ataque informático masivo con 'ransomware' afecta a medio mundo" (in Spanish). elperiodico.com. 12 May 2017. Retrieved 13 May 2017.
  134. ^ Balogh, Csaba (12 May 2017). "Ideért a baj: Magyarországra is elért az óriási kibertámadás". HVG (in Hungarian). Retrieved 13 May 2017.
  135. ^ "Timrå kommun drabbat av utpressningsattack" (in Swedish). Sveriges Television. 13 May 2017. Retrieved 15 May 2017.
  136. ^ "Virus Ransomware Wannacry Serang Perpustakaan Universitas Jember". Tempo (in Indonesian). 16 May 2017. Retrieved 17 May 2017.
  137. ^ "Il virus Wannacry arrivato a Milano: colpiti computer dell'università Bicocca". la Repubblica (in Italian). 12 May 2017. Retrieved 13 May 2017.
  138. ^ "Some University of Montreal computers hit with WannaCry virus". The Globe and Mail. 16 May 2017. Retrieved 16 May 2017.

External links

Wikimedia Commons has media related to WannaCry ransomware attack.
Retrieved from "https://en.wikipedia.org/w/index.php?title=WannaCry_ransomware_attack&oldid=781364083"