Global Cyber-Attack Infects Over 300,000 Computers

The recent cyber-attack has reignited the debate over whether or not governments should disclose vulnerabilities they have discovered or bought on the black market. Privacy experts are also calling the recent global ransomware attack that hit 150 countries a prime example of why requiring tech companies to create backdoors into computer programs is a bad idea.  The danger of those digital keys being stolen has the potential to wreak havoc.

The global computer hack that used a cyber-weapon developed by the National Security Agency (NSA), disrupted hospitals, universities, government offices, gas stations, ATM machines and more than 300,000 computers worldwide.  Less than 10 U.S. organizations reported attacks to the Department of Homeland Security.  The attack caused the most damage in Russia, Taiwan, Ukraine and India.

It’s the first time a cyber-weapon developed by the NSA has been stolen and released by hackers.   The NSA has neither confirmed nor denied that they developed the cyber-weapon.  Elements of the malicious software used in the attacks were part of a treasure trove of cyber-attack tools leaked by hacking group the Shadow Brokers in April.  One of the tools contained in the leak, codenamed EternalBlue, proved to be “the most significant factor” in the spread of the ransom ware used in the attack.

The ransom ware was transmitted by email and then encrypted thousands of computers, locking people out of their data and then threatened to destroy it unless a ransom was paid.  The cyberattack locked medical workers out of the computer systems at dozens of British and Indonesian hospitals, disrupted train schedules in Germany and froze government computers from Russia’s Interior Ministry to police stations in India.

The cyber-weapon used exploits weaknesses in Microsoft software.  The U.S. government have known for years about this weakness in the software but only told Microsoft about the vulnerability recently. Microsoft had fixed the problem a month prior to the EternalBlue leak on April 14^th but many high-profile targets had not updated their systems to stay secure.

The cyber-attack eased but the group who released the global WannaCry “ransomware” attack warned it would release more malicious code.  ShadowBrokers said they would release more recent code to enable hackers to break into the world’s most widely used computers, software and phones.  A blog post written by the group promised to release tools every month to anyone willing to pay for access to some of the tech world’s biggest commercial secrets.  It also threatened to dump data from banks using the SWIFT international money transfer network and from Russian, Chinese, Iranian or North Korean nuclear and missile programs. “More details in June,” it promised.

Cyber security researchers around the world have said they have found evidence that could link North Korea with the WannaCry cyber attack but that it is too early to confirm a definitive connection.