Tom Robinson, co-founder of Elliptic, a company that identifies illicit activity involving bitcoin and provides services to most major law enforcement agencies in the USA and the United Kingdom, said that at least three bitcoin addresses have been identified as being associated with the malware used in Friday’s worldwide attack, reports the Guardian. The National Center for the Protection of Critical Infrastructure says Friday it was communicating with more than 100 providers of energy, transportation, telecommunications and financial services about the attack.
The breadth of the attack indicates the software spread around the globe possibly for weeks but lay dormant when first introduced into a network, said Sean Dillon, a senior security analyst with RiskSense Inc.
Cluley said “There’s clearly some culpability on the part of the USA intelligence services”. “We are implementing remediation steps as quickly as possible”, it said in a statement. It said the attacks were carried out with a version of WannaCry ransomware that encrypted files and prompted a demand for money transfers to free up the system.
British media had reported past year that most public health organizations were using an outdated version of Microsoft Windows that was not equipped with security updates.
In England the critically ill were diverted to unaffected hospitals as computer systems failed in A&E units and doctors were locked out of test results, x-rays and patient records.
“Known as WannaCry or Wanna Decryptor, the so-called ransomware programme homes in on vulnerabilities in Microsoft Windows systems”, the daily said.
Avast said the majority of the attacks targeted Russia, Ukraine and Taiwan – though exactly which computers in those areas were targeted remains fuzzy.
The 22-year-old Britain-based researcher, identified online only as MalwareTech, explained Saturday that he spotted a hidden web address in the “WannaCrypt” code and made it official by registering its domain name.
As similar widespread ransomware attacks were reported in Spain, Romania and elsewhere, experts warned that online extortion attempts by hackers are a growing menace.
These hackers “have caused enormous amounts of disruption- probably the biggest ransomware cyberattack in history”, said Graham Cluley, a veteran of the anti-virus industry in Oxford, England.
Health Secretary Shona Robison said: “This has been a global cyber-attack which has impacted on countries across the world and clearly any incident of this nature is hugely concerning, but it’s important to stress that there is no evidence to suggest patient data has been compromised”.
“Global internet security has reached a moment of emergency”, Qihoo360 warned.
Speaking to the BBC, Rudd also said that she expects NHS trusts to “learn from the cyber attack and upgrade its systems”.
Fedex said Friday it was “experiencing interference with some of our Windows-based systems caused by malware” and was trying to fix the problems as quickly as possible.
A German ticket machine, a university laboratory in Italy and a number of Spanish firms – including telecoms giant Telefonica, power firm Iberdrola and utility provider Gas Natural – are among those hit by the outbreak.
Interior Ministry: The Russian Interior Ministry acknowledged a ransomware attack on its computers, adding that less than 1% of computers were affected.
“Appropriate economy-wide policy responses are needed”, the ministers said in their draft statement, seen by Reuters.
According to Matthew Hickey, founder of the security firm Hacker House, the attack is not surprising, and it shows many organizations do not apply updates in a timely fashion.
“So only six of them have some limits on their business”.
Consumers who have up-to-date software are protected from this ransomware.
That exploit was one of many hacking tools stolen from the NSA and published online by a group that called itself the Shadow Brokers on April 14, according to Avast Software.