Worldwide: Malware Attacks

Friday May. 12, 2017

Worldwide: Malware Attacks

May 12, 2017

Worldwide: Malware Attack That Began against UK Organizations Spreading Globally

Executive Summary

The WannaCry malware attack that started in the UK on May 12 has reportedly spread to more than 70 countries, including the US, Italy, China, and Russia. The attack exploits a Microsoft Windows vulnerability dubbed 'EternalBlue' (MS17-010) that was recently leaked to the public by the Shadow Brokers hacker group. The vulnerability allows the malware to encrypt files, folders, and drives, rendering them unusable. The malware also produces a message demanding a ransom payment in bitcoin in exchange for a decryption key.

Key Judgments

  •         Hackers have been able to access computer networks through phishing attempts using emails and infected attachments. Multiple reports suggest that most of the WannaCry attacks have featured infected .zip files. 
  •         The short-term ramifications of the attack are currently unclear; individual organizations could temporarily shut down network access to prevent infection while their systems are patched. 
  •        Widespread, preventative network shutdowns could temporarily affect email, file transfers, and other business-critical functions.  

UK Initially Targeted

The ransomware cyberattack began affecting National Health Service (NHS) IT infrastructure at multiple hospitals in England on the afternoon of May 12, preventing medical personnel from accessing computer systems responsible for patient records and other associated data. Authorities said at least 16 NHS organizations had been affected, including hospitals and trusts in London, Blackburn, Hertfordshire, Nottingham, Cumbria, and Warwickshire. East and North Hertfordshire NHS Trust said their phone systems had also malfunctioned. Health officials in Scotland announced that IT infrastructure at facilities in Dumfries and Galloway had also been affected.

Officials advised the public to only seek medical care for urgent conditions until the situation was resolved. The cyberattack caused significant disruptions to service at public health facilities; some affected facilities shut down their computer systems. Patients were relocated to medical facilities unaffected by the cyberattack. Authorities implemented contingency plans to deal with the IT outage. Government officials did not provide a time frame for the normalization of services.

Mitigation Strategies

Organizations and individuals worldwide should observe the following strict cybersecurity precautions:

  •        Do not open email attachments from unfamiliar or untrustworthy sources.
  •        If possible, temporarily refrain from sending attachments.
  •        Immediately report any suspicious communications or activity to corporate information security departments.

Ensure that computers and mobile devices are running the latest available operating system and have the latest security patches installed. Update security software on all devices, especially before remotely accessing corporate networks

 

This Special Report is copyrighted material of iJET International, Inc. and shall not be reproduced or redistributed in any form without express written consent of iJET. iJET, Travel Intelligence and Worldcue are registered trademarks of iJET. All rights reserved. © 2017 iJET International, Inc.

 

The information in this document is provided by iJET International, Inc. for your internal use only. While iJET constantly monitors the changing world situation and strives for accuracy and timeliness, this information is provided to you on an "as is" basis, and your use of this information is solely at your own risk.

 

iJET International (iJET) provides intelligence-driven, integrated risk management solutions that enable multinational organizations to operate globally with confidence. iJET’s end-to-end, tailored solutions integrate world-class threat intelligence, innovative technology,and response services to help organizations avoid threats, mitigate risk and protect their people, assets, and reputation. Founded in 1999, iJET is a privately held company headquartered in Annapolis, U.S. with regional offices in London and Singapore and country offices in Japan, India and Germany.  For more information, please visit www.iJET.com.

Comments

Leave a comment

Your email address will not be published.
Required fields are marked.
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
1 + 3 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.