Ransomware attacks spread 'world wide'

Written by Enrico Frumento, CEFRIEL


 

Today 12th of May, few hours ago, this news spread the world: Ransomware infections reported worldwide. Several site news, for example BBC, report that an huge ransomware attack is ongoing.
«There have been reports of infections in as many as 74 countries, including the UK, US, China, Russia, Spain, Italy and Taiwan».

Hackers using a tool stolen from the United States government conducted extensive cyberattacks on Friday that hit vast sections of Europe and Asia, severely disrupting Britain’s public health system and wreaking havoc on computers in at least 11 other countries, including Russia.

The thing was already of course known in the specialised sites and we also made a tweet earlier:


This operation was anyhow already somehow in the air since few days. The following one is a tweet of DOGANA two days ago:


And also English gov seems to be aware of their critical situation with NHS (National Healthcare System). The following is a recent report, still tweeted by DOGANA:

 

In all this story there are some elements that have been barely considered in papers about this thing, in our opinion.

1)  All of this could be a general trial of a global knock-out of the NHSs around the world, to launch a coordinated cyber and real terrorism attack. A not so SciFi scenario that we already discussed in our blog twice:
- Which could be the consequences of a social engineering attack?
- Health and unSafety. Why is your medical data so valuable? 10 famous recent hackings to healthcare systems


2)
In the past days the bitcoin trade market saw an huge increase of the value of the bitcoin exchange rates. The coordination of this operation by someone was somehow quite probable, for example, to force a market poisoning or a pump-and-dump operation or as it seems to be possible now,  increase the value of ransoms.


3)
Healthcare is closely monitored by cybercriminals since a lot of time, but only lately they realized how valuable it is. On the one hand, the specific infection we are discussing in this post is an opportunistic one and infected not only healthcare, but all the people with a specific vulnerability. This said, the prevalence of infections in healthcare, despite being probably also used by the journalists to pump the news, is significant and must be interpreted.. Few days before the 3rd annual Healthcare Breach Report said that 2016 healthcare breaches hit an all-time high (328) surpassing 2015 (268)


4)
This attack involves a specific bug (MS17-010, known since a few months and which patch was already released by Microsoft in March) which allows an automatic attack expansion within the infected network. Despite this, the initial point of contact still remains phishing in general or some other social-engineering crafted message. Social engineering IS the king of these types of attacks and healthcare operators are definitely vulnerable to these things more than other industries, not only due to technical problems. We also argued about this at the latest mobiHealth conference: 

 

 

by Enrico Frumento (CEFRIEL)

 

 




This project has received funding from the European Union’s Horizon 2020 Research and Innovation programme, under grant agreement No. 653618