'Ransomware' wave seemed aimed at old flaw and Ukraine

June 28, 2017
Ukraine's central bank says a cyberattack hit several lenders in the country, hindering operations and leading the regulator to warn other financial institutions to tighten security measures

A global wave of cyberattacks exploited an already patched vulnerability in Windows software and appeared to have Ukraine as a primary target, according to computer security specialists.

The first reports of trouble came from Ukrainian banks, Kiev's main airport and Rosneft, in a major incident reminiscent of the recent WannaCry virus.

WannaCry was a version of that, once in a computer, locked away data from users who were then told to pay to have access returned to their own files.

The bedeviling onslaught Tuesday was also being referred to as ransomware by US software titan Microsoft and specialists.

"Our initial analysis found that the ransomware uses multiple techniques to spread, including one which was addressed by a security update previously provided for all platforms from Windows XP to Windows 10 (MS17-010)," a Microsoft spokesperson told AFP.

After the WannaCry scourge in May, Microsoft called on people to protect machines with the MS17-010 patch.

The flaw—and the means to exploit it—had previously been disclosed in pirated documents about cyber weapons at the US National Security Agency.

Microsoft said that its anti-virus software detects and removes the ransomware used in the latest attack.

Microsoft is continuing to investigate the latest cyberattack and will take necessary steps to protect customers, the spokesperson said.

People were also urged to be wary of clicking on email attachments or shared links, since that is a common trick used to unleash malicious code on computers.

"As ransomware also typically spreads via email, customers should exercise caution when opening unknown files," the Microsoft spokesperson said.

Identification of the way the latest ransomware initially got into machines was proving challenging, and the use of email was not confirmed, according to a post by Cisco Talos threat intelligence.

"Based on observed in-the-wild behaviors, the lack of a known, viable external spreading mechanism and other research we believe it is possible that some infections may be associated with software update systems for a Ukrainian tax accounting package called MeDoc," Cisco Talos wrote.

Ukraine's central bank said several lenders had been hit in the country, hindering operations and leading the regulator to warn other financial institutions to tighten security measures.

The virus is "spreading around the world, a large number of countries are affected," Costin Raiu, a researcher at the Moscow-based Kaspersky Lab said in a Twitter post.

The cryptolocker demands $300 in bitcoins and does not name the encrypting program, which makes finding a solution difficult, Group IB spokesman Evgeny Gukov said.

Explore further: Multinationals hit by vast wave of cyberattacks

Related Stories

Alarm grows over global ransomware attacks

May 12, 2017

Security experts expressed alarm Friday over a fast-moving wave of cyberattacks around the world that appeared to exploit a flaw exposed in documents leaked from the US National Security Agency.

Explainer: What is ransomware?

May 13, 2017

Computers across the world were locked up Friday and users' files held for ransom when dozens of countries were hit in a cyber-extortion attack that targeted hospitals, companies and government agencies.

Recommended for you

Archaeologists discover Incan tomb in Peru

February 16, 2019

Peruvian archaeologists discovered an Incan tomb in the north of the country where an elite member of the pre-Columbian empire was buried, one of the investigators announced Friday.

Where is the universe hiding its missing mass?

February 15, 2019

Astronomers have spent decades looking for something that sounds like it would be hard to miss: about a third of the "normal" matter in the Universe. New results from NASA's Chandra X-ray Observatory may have helped them ...

What rising seas mean for local economies

February 15, 2019

Impacts from climate change are not always easy to see. But for many local businesses in coastal communities across the United States, the evidence is right outside their doors—or in their parking lots.

The friendly extortioner takes it all

February 15, 2019

Cooperating with other people makes many things easier. However, competition is also a characteristic aspect of our society. In their struggle for contracts and positions, people have to be more successful than their competitors ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.