Posts Tagged ‘Spain’

Police Arrest Islamic State Suspect, 2 Others in Madrid — “Extremely dangerous profile similar to those involved in recent attacks”

June 21, 2017

MADRID — Spain’s Interior Ministry says police have arrested three Moroccans, including a suspected member of the Islamic State group considered to be a clear threat to national security.

A ministry statement Wednesday said the suspect had instruction manuals on jihadi suicide and electronic terrorism and was believed to have had internet contact with IS members in Syria and Iraq.

The ministry said he had an extremely dangerous profile similar to those involved in recent attacks in Britain and France and was considered a threat to Spain.

The ministry said he was working to indoctrinate the other two arrested.

The statement said Spanish police have been involved in the arrests of 172 suspected jihadi activists since the country raised its security alert to one step below the maximum in June 2015.

*************************************

MADRID — Spanish police arrested a 32-year-old Moroccan in a dawn raid in central Madrid on Tuesday who they said was “highly radicalized” and had a large collection of extreme Islamist material including a manual for suicide bombers, the government said.

Image result for spain, police, photos

Spanish police

Police also arrested two other Moroccan men aged 38 and 33 who lived with the first man in the residential apartment, the Interior Ministry said in a statement.

Television images showed armed police in riot gear storming the apartment building before dawn and men dressed in white robes and motorcycle helmets being grappled to the ground and handcuffed outside the apartment block.

The man had an extremely dangerous profile, similar to that of those who carried out recent attacks in Britain and France, the government said, without giving further details.

He had tried to recruit others to carry out an Islamist attack in Spain, it said.

(Reporting by Sonya Dowsett; Editing by Alison Williams)

Portugal is likely to see more massive forest fires

June 19, 2017

AFP

© AFP / by Laurence COUSTAL | Heat waves have become more frequent in Portugal, say experts

PARIS (AFP) – Highly exposed to global warming’s climate-altering impacts, Portugal is likely to see more massive forest fires such as the one — still raging — that has killed at least 60 people this weekend, experts say.- Why Portugal, why now? –

The Iberian peninsula encompassing Portugal and Spain is experiencing a warmer, drier June than usual, explains Thomas Curt, a researcher at France’s Irstea climate and agriculture research institute.

Added to that, the country has vast expanses of highly inflammable plants, including forests of pine and eucalyptus trees.

“Hotter air is synonymous with drier and more inflammable vegetation,” said Curt. “The more the mercury climbs, so does the risk of fires and their intensity.”

Temperatures in the region have warmed by more than the global average over the past half century, according to a 2014 review of climate change impacts on Portugal.

Heat waves have become more frequent, and annual rainfall slightly less, said the review published in the journal WIREs Climate Change.

More frequent and pronounced heat waves are expected in future, accompanied by a “substantial increase” in fire risk — “both in severity and in length of the fire season,” it said.

– Does global warming boost forest fire risk? –

“It is certain — we are experiencing a rise in temperatures,” said Curt.

The Northern hemisphere summer has lengthened over the past 50 years from July-to-August, to June-to-October now — meaning a longer fire risk season.

There has been an increase in major fires of more than 100 hectares, and so-called “megafires” of more than 1,000 hectares, the researcher added.

“It is truly a growing problem everywhere in the world, and notably in Mediterranean Europe.”

These mega blazes remain rare — only about 2-3 percent of all fires — but are responsible for about three-quarters of all surface burnt.

“Many analyses of climate change show that these major fires will become more and more likely,” said Curt.

– What to do? –

In the short term, reinforce firefighting capacity, deploy patrols, set up watchtowers to raise the alarm, and ban fire-making everywhere.

Over the longer term, human settlements and green areas will need to be substantially redesigned, experts say.

Some forest will have to be cut back, undergrowth cleared, and residential areas moved further from scrubland and forest borders, to reduce the risk to life and property.

“The focus of efforts should shift from combating forest fires as they arise to preventing them from existing, through responsible long-term forest management,” green group WWF said.

“Responsible forest management is more effective and financially more efficient than financing the giant firefighting mechanisms that are employed every year.”

In the yet longer term, added Curt, “of course, we need to curtail global warming itself.”

by Laurence COUSTAL

NHS was ‘repeatedly warned’ of cyber-attack, says Fallon — Spent £50m to improve its computer systems

May 14, 2017

BBC News

The NHS has been given about £50m to improve its computer systems, defence minister Michael Fallon says.

Hospital trusts were repeatedly warned about cyber threats before the attack on computer systems on Friday, defence secretary Michael Fallon has said.

He told BBC One’s Andrew Marr Show the NHS was given ‘a large chunk’ of money to improve its security.

Labour leader Jeremy Corbyn said on Saturday that an annual £5.5m deal with Microsoft to protect NHS devices had been renewed in 2014 but not since.

A handful of trusts are still dealing with disruption caused by the hack.

The ransomware, which locked users’ files and demanded payment to allow access, spread to 150 countries, including Spain, Russia, the US and China.

In England, 48 trusts reported problems at hospitals, GP surgeries or pharmacies and 13 NHS organisations in Scotland were also affected.

Some hospitals were forced to cancel treatment and appointments and, unable to use computers, many doctors resorted to using pen and paper.

‘Large chunk’ of funding

Asked by Andrew Marr if the government had failed to give the NHS proper support and failed to pay for ‘crucial’ upgrades to security in 2015, Mr Fallon said £1.9bn had been set aside for UK cyber-protection – when cyber-attacks were identified as one of three main threats to the UK’s defences.

Of that, he said: “We’re spending around £50m on the NHS cyber systems to improve their security. We have encouraged NHS trusts to reduce their exposure to the weakest system, the Windows XP.

Fewer than 5% of the trusts used XP now, he said.

“We want them to use modern systems that are better protected.

“We warned them, and they were warned again in the spring. They were warned again of the threats.

However, Kingsley Manning, a former chairman of NHS Digital, – which provides the health services’s IT systems – told the BBC on Saturday that several hundred thousand computers were still running on Windows XP.

Map of areas hit by the cyber attack

Europol head Rob Wainwright warned on ITV’s Peston on Sunday there was an escalating threat from the virus, known as Wanna Decryptor or WannaCry, as people returned to their workplace computers on Monday.

Security experts have warned another major cyber-attack could be imminentafter 125,000 systems across the globe were affected on Friday.

UK security researcher “MalwareTech”, who helped to limit the ransomware attack, has predicted another one coming as the new week begins.

‘Kill switch’

MalwareTech, who wants to remain anonymous, was hailed as an “accidental hero” after registering a domain name to track the spread of the virus, which actually ended up halting it.

But he and fellow security researcher Darien Huss from tech firm Proofpoint, have warned the attack could happen again, without a “kill switch” in the virus that they say helped to stop its progress.

The cost of the attack is unknown, in the UK or beyond, but BBC analysis of three accounts linked to the ransom demands suggest hackers have already been paid the equivalent of £22,080.

The Liberal Democrats and Labour have both demanded an inquiry into the cyber-attack.

http://www.bbc.com/news/uk-39912825

Businesses brace for Monday as ransomware threat lingers

May 14, 2017

A projection of cyber code on a hooded man is pictured in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration
.
By Jeremy Wagstaff and Jim Finkle | SINGAPORE/TORONTO

Technical staff scrambled on Sunday to patch computers and restore infected ones, amid fears that the ransomware worm that stopped car factories, hospitals, shops and schools could wreak fresh havoc on Monday when employees log back on.

The spread of the virus dubbed WannaCry – “ransomware” which locked up more than 100,000 computers – had slowed, cybersecurity experts said, but they warned that the respite may be brief.

New versions of the worm were expected, and the extent of the damage from Friday’s attack was still unclear.

 

A worker is seen completing final checks on the production line at Nissan car plant in Sunderland, northern England, June 24, 2010. REUTERS/Nigel Roddis/File photo

Marin Ivezic, cybersecurity partner at PwC, said that some clients had been “working around the clock since the story broke” to restore systems and install software updates, or patches, or restore systems from backups.

Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm to spread across networks, a rare and powerful feature that caused infections to surge on Friday.

Code for exploiting that bug, which is known as “Eternal Blue,” was released on the internet in March by a hacking group known as the Shadow Brokers.

The group claimed it was stolen from a repository of National Security Agency hacking tools. The agency has not responded to requests for comment.

Hong Kong-based Ivezic said that the ransomware was forcing some more “mature” clients affected by the worm to abandon their usual cautious testing of patches “to do unscheduled downtime and urgent patching which is causing some inconvenience.”

He declined to identify which clients had been affected.

MONDAY MORNING RUSH?

Monday was expected to be a busy day, especially in Asia which may not have seen the worst of the impact yet, as companies and organisations turned on their computers.

“Expect to hear a lot more about this tomorrow morning when users are back in their offices and might fall for phishing emails” or other as yet unconfirmed ways the worm may propagate, said Christian Karam, a Singapore-based security researcher.

Targets both large and small have been hit.

Renault on Saturday said it had halted manufacturing at plants in Sandouville, France, and Romania to prevent the spread of ransomware in its systems.

Among the other victims is a Nissan manufacturing plant in Sunderland, northeast England.

Hundreds of hospitals and clinics in the British National Health Service were infected on Friday, forcing them to send patients to other facilities.

German rail operator Deutsche Bahn said some electronic signs at stations announcing arrivals and departures were infected.

In Asia, some hospitals, schools, universities and other institutions were affected. International shipper FedEx Corp said some of its Windows computers were also breached.

Telecommunications company Telefonica was among the targets in Spain. Portugal Telecom and Telefonica Argentina both said they were also targeted.

A Jakarta hospital said on Sunday that the cyber virus had infected 400 computers, disrupting the registration of patients and finding records. The hospital said it expected big queues on Monday when about 500 people were due to register.

In Singapore, a company that supplies digital signage, MediaOnline, was rushing to fix its systems after a technician’s error had led to 12 kiosks being infected in two of the island’s malls. Director Dennis So said the systems were not connected to the malls’ or tenants’ networks.

Symantec, a cybersecurity company, predicted infections so far would cost tens of millions of dollars, mostly from cleaning corporate networks. Ransoms paid amount to tens of thousands of dollars, one analyst said, but he predicted they would rise.

Governments and private security firms on Saturday said that they expected hackers to tweak the malicious code used in Friday’s attack, restoring the ability to self-replicate.

“This particular attack was relatively easy to shut down,” said Bryce Boland, Asia Pacific chief technology officer for FireEye, a cybersecurity company.

But he said it would be straightforward for the existing attackers to launch new releases or for other ransomware authors to start copying the way the malware replicated.

The U.S. government on Saturday issued a technical alert with advice on how to protect against the attacks, asking victims to report attacks to the Federal Bureau of Investigation or Department of Homeland Security.

(Additional reporting by Additional reporting by Neil Jerome Morales, Masayuki Kitano, Kiyoshi Takenaka, Jose Rodriguez, Emmanuel Jarry, Orathai Sriring, Jemima Kelly, Alistair Smout, Andrea Shalal, Jack Stubbs, Antonella Cinelli, Dustin Volz, Kate Holton, Andy Bruce, Michael Holden, David Milliken, Tim Hepher, Luiza Ilie, Patricia Rua, Axel Bugge, Sabine Siebold and Eric Walsh, Engen Tham, Fransiska Nangoy, Soyoung Kim, Mai Nguyen; Editing by Mike Collett-White)

Related:
.
.

More Cyberattack Victims Emerge as Agencies Search for Clues

May 13, 2017

List of those affected grows to include Deutsche Bahn, Russian banks

A programmer shows a sample of a ransomware cyberattack on a laptop in Taipei.

A programmer shows a sample of a ransomware cyberattack on a laptop in Taipei. PHOTO: RITCHIE B. TONGO/EUROPEAN PRESSPHOTO AGENCY
.

Updated May 13, 2017 8:12 a.m. ET

Governments and executives scrambled Saturday to recover from a cyberattack that wreaked havoc on computer systems around the world, as the list of victims grew to include Germany’s main rail operator and a swath of the Russian banking system.

Deutsche Bahn AG said the attack had affected its digital display panels​ at stations across Germany, and it expects the disruptions to last​some time.

The state-owned company, which operates roughly 40,000 trains a day, said rail services were unaffected.

A number of Russian banks were also hit but had successfully defended against the attack, state news agency RIA cited the country’s central bank as saying. News agency Interfax reported that Sberbank , Russia’s largest lender, had said it was among those affected. Russia’s main rail operator, too, said it had been hit but services hadn’t been affected, Interfax reported.

The China News Service reported that some gas stations belonging to China National Petroleum Corp. in Beijing, Shanghai, Chongqing and elsewhere had their networks disrupted and could only accept cash as payment. The state media also reported that some Chinese universities appeared to have been hit.

The attacks ricocheted around the world Friday as companies and others reported their computer systems had been disrupted by malicious software that encrypted files and asked for ransom money. FedEx Corp. in the U.S. and Britain’s National Health Service were among the highest-profile organizations hit Friday.

U.K. Home Secretary Amber Rudd said Saturday that authorities hadn’t yet determined who was responsible for the attack on the country’s health service, and that the National Cyber Security Centre was working to contain the disruption.

She said 45 NHS facilities in England and Scotland have been disrupted. The U.K. government said no patient data had been accessed or transferred. Ciaran Martin, head of the National Cyber Security Centre, said experts were working around the clock to restore NHS systems.

“We’re not able to tell you who’s behind the attack,” Ms. Rudd said. “That work is still ongoing…It feels random in terms of where it’s gone to and where it’s been opened.”

She said Britain was coordinating with other nations affected.

Europol, the European Union’s police agency, said its cybercrime center was working closely with units in the affected countries and industry partners to mitigate the threat and assist victims.

“The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits,” Europol said in a statement, adding that its specialist international cyber investigators would play an important role in that probe.

Computer security incident response teams from all 28 EU member states have exchanged information about the attack through a previously established mailing list also monitored by the EU’s cybersecurity agency, Enisa. Experts at Enisa specialized in health-care and other affected areas are also closely monitoring the situation, the EU said.

The head of Germany’s BSI Office for Information Security said the agency was in touch with German companies and its international partners and France and the U.K.

“The current attacks show how vulnerable our digitized society is. They are a wake-up call for companies to finally take IT security seriously and to take lasting protectionism measures,” said BSI President Arne Schönbohm in a statement.

German Interior Minister Thomas de Maizière said the government’s network wasn’t affected.

​”This attack isn’t the first of its kind,” he said in a statement. “Even though it’s particularly serious, it fits into the very tense cyberthreat situation to which the BSI and the German Interior Ministry have repeatedly pointed out.”

U.S. authorities have said cyberattacks via ransomware are a growing problem, having previously hit entire computer networks at universities, businesses and hospitals. Last year, Hollywood Presbyterian Medical Center in Los Angeles paid $17,000 to unlock files after an attack crippled a large part of its computer systems.

Friday’s attack appears to have exploited a vulnerability in Windows for which Microsoft Corp. issued a patch in March. Several cybersecurity specialists said the same vulnerability was targeted in software released in April by a hacking group calling itself “Shadow Brokers,” which said it had stolen the attack code from the National Security Agency.

Former U.S. intelligence contractor Edward Snowden pointed the finger at the NSA, implying the agency was responsible for exploiting a weakness in Windows.

Ransomware attacks are surging, claiming victims like Dave Winston, crew chief with Circle Sport-Leavine Family Racing. What are these digital attacks and why are hackers using them to hold data hostage? Photo: Joe Chisholm for Circle Sport-Leavine Family Racing (Originally published Aug. 19, 2016)

“If NSA builds a weapon to attack Windows XP—which Microsoft refuses to patch—and it falls into enemy hands, should NSA write a patch?” he wrote on Twitter late Friday.

The NSA has declined to comment on the authenticity of the Shadow Brokers documents.

A Microsoft spokeswoman said that in addition to the March patch, the company added new protections Friday to shield users from the malicious software. Anyone running Microsoft’s antivirus software with Windows updates enabled is protected, and the company is providing assistance to customers, the spokeswoman said.

Write to Andrea Thomas at andrea.thomas@wsj.com and Thomas Grove at thomas.grove@wsj.com

https://www.wsj.com/articles/more-cyberattack-victims-emerge-as-agencies-search-for-clues-1494671938

Related:

Mysterious hacking collective called ‘The Shadow Brokers’ stole NSA superweapon and caused global cyber attack that has shut hospitals, hit FedEx and is causing chaos in 99 countries

May 13, 2017

The NHS has been hit by a major cyber attack hitting computers, phones and emergency bleepers in hospitals and GP surgeries - and pop-ups like this one have appeared demanding a ransom
  • Hackers hit dozens of countries on Friday by exploiting a stolen tool used by the US National Security Agency  
  • The cyber attack rapidly spread and infected computers across the globe 
  • Hackers are believed to have exploited the NSA tool, which was stolen and released to the world by a group known as the Shadow Brokers last month
  • British hospitals, the Russian government and German railways were among those affected by the cyber attack 
  • Victims have been reported in 99 countries including Germany, Spain and USA

A global cyber attack using hacking tools widely believed to have been developed by the US National Security Agency and leaked online by a group called the Shadow Brokers has caused chaos around the world.

British hospitals, the Russian government, German railways and big companies like FedEx were among those affected on Friday when they were crippled by the ‘ransomware’ that rapidly spread across the globe and infected tens of thousands of computers in 99 countries.

Security experts say the malicious software behind the onslaught appeared to exploit a vulnerability in Microsoft Windows that was identified by the US National Security Agency for its own intelligence-gathering purposes.

The NSA documents were stolen and then released to the world last month by a mysterious group known as the Shadow Brokers.

The hackers, who have not come forward to claim responsibility, likely made it a ‘worm’, or self spread malware, by exploiting a piece of NSA code known as Eternal Blue, according to several security experts.

The Shadow Brokers released Eternal Blue last month as part of a trove of hacking tools that they said belonged to the US spy agency. It has stoked fears that the spy agency’s powerful cyber weapons had been stolen and repurposed by hackers with nefarious goals.

The malicious software was blocking access to computers and demanding payments of as much as $600 to restore access and scrambling data. It is thought to have impacted at least 75,000 computers, including machines in the Russian government.

Scroll down for video

This map released by cybersecurity experts, shows the impact of the ransomware around the world - with affected countries shown in orange and red. Russia is thought to be the worst affected

This map released by cybersecurity experts, shows the impact of the ransomware around the world – with affected countries shown in orange and red. Russia is thought to be the worst affected

The NHS has been hit by a major cyber attack hitting computers, phones and emergency bleepers in hospitals and GP surgeries - and pop-ups like this one have appeared demanding a ransom

The NHS has been hit by a major cyber attack hitting computers, phones and emergency bleepers in hospitals and GP surgeries – and pop-ups like this one have appeared demanding a ransom

The technological meltdown began earlier on Friday afternoon in Britain when more than 40 NHS organisations including hospitals and GP surgeries were hit by the virus.

But with the virus spreading at a rate of five million emails per hour, tens of thousands of victims have now been reported in 99 countries including the US, Australia, Belgium, France,Germany, Italy and Mexico.

Russia is thought to have been among the worst hit by the ransomware amid reports that 1,000 computers in the country’s Interior Ministry were affected, but sources say no information was leaked.

Ministry spokeswoman Irina Volk told Russian news agencies it had ‘recorded a virus attack on the ministry’s personal computers controlled by a Windows operating system.’

WHO HAS BEEN AFFECTED BY CYBER ATTACK?

The UK’s National Health Service: British hospitals and clinics were forced to send patients away and cancel appointments.

Russia: The country was believed to be among the worst hit when computers in the interior ministry were hit. Megafon – Russia’s second largest phone network – had also been affected.

German railway stations: Photos surfaced on social media appeared to show ticketing computers at train stations having been affected by the cyber attack.

Spanish companies: Telecoms giant Telefonica, power firm Iberdrola and utility provider Gas Natural all suffered from the virus.

FedEx: The shipping company confirmed they were affected and were implementing remediation steps.

Leading international shipper FedEx Corp was among the companies whose Microsoft Corp Windows systems were affected. They said they were ‘implementing remediation steps’.

The German rail system was also experiencing issues due to the ransomware. Photos surfaced on social media appeared to show ticketing computers at train stations having been affected by the cyber attack.

In Spain, the Telefonica mobile phone network, power firm Iberdrola and utility provider Gas Natural all suffered from the virus.

Some big firms in Spain took pre-emptive steps to thwart ransomware attacks following a warning from the National Cryptology Centre of ‘a massive ransomware attack’.

Iberdrola and Gas Natural, along with Vodafone’s unit in Spain, asked staff to turn off computers or cut off internet access in case they had been compromised.

Security teams at large financial services firms and businesses were reviewing plans for defending against cyber attacks, according to executives with private cyber security firms.

Chris Wysopal, chief technology officer with cyber security firm Veracode, said: ‘Seeing a large telco like Telefonica get hit is going to get everybody worried.

‘Now ransomware is affecting larger companies with more sophisticated security operations.’

A cybersecurity researcher told AFP they appeared to have discovered a ‘kill switch’ that could prevent the spread of the ransomware for now.

The researcher, tweeting as @MalwareTechBlog, said the discovery was accidental, but that registering a domain name used by the malware stops it from spreading.

‘Essentially they relied on a domain not being registered and by registering it, we stopped their malware spreading,’ @MalwareTechBlog told AFP in a private message on Twitter.

The researcher warned however that people ‘need to update their systems ASAP’ to avoid attack: ‘The crisis isn’t over, they can always change the code and try again.’

The German rail system was also experiencing issues due to the ransomware. Photos surfaced on social media showing ticket machines at train stations having been affected

The German rail system was also experiencing issues due to the ransomware. Photos surfaced on social media showing ticket machines at train stations having been affected

Medics have claimed that messages are flashing up on screens saying they must pay cash or terminals are down completely

Medics have claimed that messages are flashing up on screens saying they must pay cash or terminals are down completely

Some hospitals said they were forced to divert emergencies on Friday after a suspected national cyber attack.

Some hospitals said they were forced to divert emergencies on Friday after a suspected national cyber attack.

Several computers at a university in Italy were also randomly targeted in the cyber attack

Several computers at a university in Italy were also randomly targeted in the cyber attack

Computer expert Lauri Love, who is facing extradition to the US over the alleged theft of data from government computers, said the attack is being powered by a ‘top of the range cyber weapon’ used by spies in the US.

‘It appears the cyber attack affected so many computers in the UK in the NHS and in Spain by taking advantage of a very nasty vulnerability in Microsoft Windows, which was dumped by hacking group Shadow Brokers who obtained it from the NSA in America.’

RANSOMWARE: THE CYBER ATTACK THAT CRIPPLED THE WORLD

What is ransomware?

Ransomware is a type of malicious software that criminals use to attack computer systems.

Hackers often demand the victim to pay ransom money to access their files or remove harmful programs.

The aggressive attacks dupe users into clicking on a fake link – whether it’s in an email or on a fake website, causing an infection to corrupt the computer.

In some instances, adverts for pornographic website will repeatedly appear on your screen, while in others, a pop-up will state that a piece of your data will be destroyed if you don’t pay.

In the case of the NHS attack, the ransomware used was called Wanna Decryptor or ‘WannaCry’ Virus.

What is the WannaCry virus?

The WannaCry virus targets Microsoft’s widely used Windows operating system.

The virus encrypts certain files on the computer and then blackmails the user for money in exchange for the access to the files.

It leaves the user with only two files: Instructions on what to do next and the Wanna Decryptor program itself.

When opened the software tells users that their files have been encrypted and gives them a few days to pay up or their files will be deleted.

It can quickly spread through an entire network of computers in a business or hospital, encrypting files on every PC.

How to protect yourself from ransomware

Thankfully, there are ways to avoid ransomware attacks, and Norton Antivirus has compiled a list of prevention methods:

1. Use reputable antivirus software and a firewall

2. Back up your computer often

3. Set up a popup blocker

4. Be cautious about clicking links inside emails or on suspicious websites

5. If you do receive a ransom note, disconnect from the Internet

6. Alert authorities

In December last year it was revealed about 90 per cent of NHS Trusts were still running Windows XP, two and a half years after Microsoft stopped supporting the system.

Citrix, an American software company, sent a Freedom of Information request to 63 NHS Trusts, 42 of which responded. It revealed that 24 Trusts were unsure when they would even upgrade, The Inquirer reported.

Windows XP was released more than 15 years ago and is now particularly vulnerable to viruses. Microsoft stopped providing virus warnings for the ageing Windows XP in 2015.

A number of UK hospitals continue to run the outdated software, including East Sussex, Sheffield’s Children’s hospital and Guy’s and St Thomas’ NHS Trust.

Hours after news of the cyber attacks broke, a Microsoft spokesman revealed that customers who were running the company’s free antivirus software and who had enabled Windows updates were ‘protected’ from the attack.

It raises questions about why NHS computers using the operating system were not shielded from the ransomware.

The spokesman said: ‘Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt.

‘In March, we provided a security update which provides additional protections against this potential attack.

‘Those who are running our free antivirus software and have Windows updates enabled, are protected.

‘We are working with customers to provide additional assistance.’

One message circulated online claims the hackers demand 300 US dollars (£230) in the virtual currency bitcoins to relinquish control of their IT systems.

The pop-up contains a countdown clock with a deadline of next Friday. At least 10 payments of around USD$ 300 have been made to Bitcoin accounts that the hackers have asked to be paid on Friday.

But, although all Bitcoin transactions are public, we cannot see who made the payments so cannot know if they have been made by anyone in the NHS.

‘Non urgent’ appointments and operations were postponed across the UK and some hospitals diverted ambulances to neighbouring ones to ensure patient safety.

Computer systems were switched off or immobilised and key services including the bleeper system for doctors were also believed to be down.

In the minutes after the attack one doctor in the UK tweeted: ‘Massive NHS hack cyber attack today. Hospital in shut down. Thanks for delaying emergency patient care & endangering lives. A******s’.

NHS Digital, which is responsible for the health service’s cyber security, says computer systems are believed to have been hit by a ransomware cyber attack using malware called ‘Wanna Decryptor’.  Three hospitals in America were hit in the same way last year.

Ransomware: How do hackers take your data hostage?

Ransomware: How do hackers take your data hostage?

The National Cyber Security Centre is investigating and is working with Britain’s FBI – the National Crime Agency. 

GP surgeries hit in the attack say their phones went down and patients should avoid calling unless ‘absolutely necessary’ and doctors were back to using pen and paper in some areas.

Explaining the fallout, one doctor said in a message shared on Twitter: ‘So our hospital is down. We got a message saying your computers are now under their control and pay a certain amount of money. And now everything is gone.’

A screenshot obtained by the Health Service Journal (HSJ) purported to show the pop-up that appeared on at least one of the computers affected.

It said: ‘Your important files are encrypted. Maybe you are busy looking for a way to recover your files, but do not waste your time.

‘Nobody can recover your files without our decryption service.’

It goes on to demand payment, otherwise the files will be deleted. It gives a deadline of next Friday afternoon, May 19, to pay.

The HSJ said services affected were thought include archiving systems for X-rays, pathology test results, phone and bleep systems, and patient admin systems.

OUR SCREENS WERE ‘WIPED OUT ONE BY ONE’

A shocked worker at Colchester General Hospital described how her office’s computers were ‘wiped out, one by one’.

She said: ‘My computer locked at about 3pm and I couldn’t get anything to work. Then my colleague sat next to me said her computer was down.

‘It swept through the office and everyone was effected and didn’t know what was going on. One by one the computers were wiped out.

‘Nothing was working and switching them off and on did not solve the problems.

The NHS has been hit by a major cyber attack and criminals have taken control of computers and cut off phone lines across England, leaving some departments working with pen and paper

The NHS has been hit by a major cyber attack and criminals have taken control of computers and cut off phone lines across England, leaving some departments working with pen and paper

‘Some of our colleagues from a neighbouring department came in and they’d been told to unplug their internet cables and await further instruction.’

The health worker said the effect of such a hack on modern hospitals would be catastrophic because ‘all the doctors’ notes’ are kept on the computers now.

‘They record their notes to a dictaphone during a consultation but that’s only so the the notes can be typed up and stored on the computer.

‘It’s very worrying that the impact has been so far-reaching in such a short space of time.’

A Colchester Hospital University NHS Foundation Trust spokesman, which runs Colchester General, confirmed patients are being warned to told to avoid A&E where possible.

According to a hospital official statement patients are being warned that all non-urgent activity is being postponed.

Hackers demand ransom money in major NHS cyber attack
East and North Herts NHS Trust issued this warning to patients on their website

East and North Herts NHS Trust issued this warning to patients on their website

Blackpool Victoria Hospital is one of many across the country hit - operations have been cancelled and ambulances diverted 

Blackpool Victoria Hospital is one of many across the country hit – operations have been cancelled and ambulances diverted

Ambulances outside the accident and emergency department (stock image)

Ambulances outside the accident and emergency department (stock image)

Fylde and Wyre NHS Trust and Blackpool Hospitals in Lancashire, East and North Hertfordshire NHS Trust and Derbyshire Community Health Services NHS Trust have admitted having problems.

Fylde and Wyre NHS Trust and Blackpool Hospitals in Lancashire, East and North Hertfordshire NHS Trust and Derbyshire Community Health Services NHS Trust have admitted having problems.

Barts NHS Trust in east London said they are treating it as a ‘major incident’ to ensure they can ‘maintain the safety and welfare of patients’.

A spokesman said: ‘We are experiencing a major IT disruption and there are delays at all of our hospitals.

‘Ambulances are being diverted to neighbouring hospitals. The problem is also affecting the switchboard at Newham hospital but direct line phones are working. All our staff are working hard to minimise the impact and we will post regular updates on the website’.

Fylde and Wyre NHS Trust and Blackpool Hospitals in Lancashire, East and North Hertfordshire NHS Trust and Derbyshire Community Health Services NHS Trust have admitted having problems. Colchester University Hospitals Trust is also a victim as is neighbouring Chelmsford in Essex.

York Teaching Hospital NHS Foundation Trust which runs York and Scarborough hospitals has confirmed its computers have been affected by the widespread attack.

They have urged people to be patient and avoid calling GP surgeries and hospitals unless ‘absolutely necessary’.

NHS Merseyside said: ‘Following a suspected national cyber attack we are taking all precautionary measures possible to protect our local NHS systems and services’.

Read more: http://www.dailymail.co.uk/news/article-4500738/NHS-hack-huge-global-cyber-attack.html#ixzz4gwZ7JYCh
Follow us: @MailOnline on Twitter | DailyMail on Facebook

Related:

Major cyber attack hits companies, hospitals, schools worldwide

May 13, 2017

Reuters

Sat May 13, 2017 | 2:18am EDT

By  Costas Pitas and Carlos Ruano | LONDON/MADRID
.

A global cyber attack leveraging hacking tools believed to have been developed by the U.S. National Security Agency has infected tens of thousands of computers in nearly 100 countries, disrupting Britain’s health system and global shipper FedEx.

Image result for FedEx, aircraft, photos

Cyber extortionists tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.

The ransomware encrypted data on the computers, demanding payments of $300 to $600 to restore access. Security researchers said they observed some victims paying via the digital currency bitcoin, though they did not know what percent had given in to the extortionists.

Researchers with security software maker Avast said they had observed 57,000 infections in 99 countries, with Russia, Ukraine and Taiwan the top targets.

Asian countries reported no major breaches on Saturday, but officials in the region were scrambling to check and the full extent of the damage may not be known for some time.

China’s official Xinhua news agency said some secondary schools and universities had been affected, without specifying how many or identifying them.

The most disruptive attacks were reported in Britain, where hospitals and clinics were forced to turn away patients after losing access to computers on Friday.

International shipper FedEx Corp said some of its Windows computers were also infected. “We are implementing remediation steps as quickly as possible,” it said in a statement.

FROM ARGENTINA TO SPAIN

Only a small number of U.S.-headquartered organizations were hit because the hackers appear to have begun the campaign by targeting organizations in Europe, said Vikram Thakur, research manager with security software maker Symantec.

By the time they turned their attention to the United States, spam filters had identified the new threat and flagged the ransomware-laden emails as malicious, Thakur added.

Infections of the worm appeared to have fallen off significantly after a security researcher bought a domain that the malware was connecting to, by chance undermining the malware’s effectiveness.

An ambulance waits outside the emergency department at St Thomas’ Hospital in central London, Britain May 12, 2017. REUTERS/Stefan Wermuth

Making the domain active appears to have stunted the spread of the worm, Thakur said on Saturday.

“The numbers are extremely low and coming down fast,” he said, while cautioning that any change in the original code could lead the worm to flare up again.

The U.S. Department of Homeland Security said late on Friday it was aware of reports of the ransomware, was sharing information with domestic and foreign partners and was ready to lend technical support.

Telecommunications company Telefonica was among many targets in Spain, though it said the attack was limited to some computers on an internal network and had not affected clients or services. Portugal Telecom and Telefonica Argentina both said they were also targeted.

An ambulance waits outside the emergency department at St Thomas’ Hospital in central London, Britain May 12, 2017. REUTERS/Stefan Wermuth
.

Private security firms identified the ransomware as a new variant of “WannaCry” that had the ability to automatically spread across large networks by exploiting a known bug in Microsoft’s Windows operating system.

The hackers, who have not come forward to claim responsibility or otherwise been identified, likely made it a “worm”, or self spreading malware, by exploiting a piece of NSA code known as “Eternal Blue” that was released last month by a group known as the Shadow Brokers, researchers with several private cyber security firms said.

“This is one of the largest global ransomware attacks the cyber community has ever seen,” said Rich Barger, director of threat research with Splunk, one of the firms that linked WannaCry to the NSA.

.

TECHNOLOGY NHS 160396

The Shadow Brokers released Eternal Blue as part of a trove of hacking tools that they said belonged to the U.S. spy agency.

Microsoft said it was pushing out automatic Windows updates to defend clients from WannaCry. It issued a patch on March 14 to protect them from Eternal Blue.

“Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt,” Microsoft said in a statement on Friday, adding it was working with customers to provide additional assistance.

SENSITIVE TIMING

The spread of the ransomware capped a week of cyber turmoil in Europe that began the previous week when hackers posted a trove of campaign documents tied to French candidate Emmanuel Macron just before a run-off vote in which he was elected president of France.

On Wednesday, hackers disrupted the websites of several French media companies and aerospace giant Airbus.Also, the hack happened four weeks before a British general election in which national security and the management of the state-run National Health Service (NHS) are important issues.

Authorities in Britain have been braced for cyber attacks in the run-up to the vote, as happened during last year’s U.S. election and on the eve of the French vote.

But those attacks – blamed on Russia, which has repeatedly denied them – followed a different modus operandi involving penetrating the accounts of individuals and political organizations and then releasing hacked material online.

On Friday, Russia’s interior and emergencies ministries, as well as its biggest bank, Sberbank, said they were targeted. The interior ministry said on its website that about 1,000 computers had been infected but it had localized the virus.

Sberbank head office.jpg

Sberbank

The emergencies ministry told Russian news agencies it had repelled the cyber attacks while Sberbank said its cyber security systems had prevented viruses from entering its systems.

NEW BREED OF RANSOMWARE

Although cyber extortion cases have been rising for several years, they have to date affected small-to-mid sized organizations, disrupting services provided by hospitals, police departments, public transport systems and utilities in the United States and Europe.

“Seeing a large telco like Telefonica get hit is going to get everybody worried. Now ransomware is affecting larger companies with more sophisticated security operations,” said Chris Wysopal, chief technology officer with cyber security firm Veracode.

The news is also likely to embolden extortionists when selecting targets, Chris Camacho, chief strategy officer with cyber intelligence firm Flashpoint, said.

In Spain, some big firms took pre-emptive steps to thwart ransomware attacks following a warning from the National Cryptology Center of “a massive ransomware attack”.

Iberdrola and Gas Natural, along with Vodafone’s unit in Spain, asked staff to turn off computers or cut off internet access in case they had been compromised, representatives from the firms said.

The attacks did not disrupt the provision of services or networks operations of the victims, the Spanish government said in a statement.

(Additional reporting by Jim Finkle, Eric Auchard, Jose Rodriguez, Alistair Smout, Andrea Shalal, Jack Stubbs, Antonella Cinelli, Dustin Volz, Kate Holton, Andy Bruce, Michael Holden, David Milliken, Rosalba O’Brien, Julien Toyer, Tim Hepher, Luiza Ilie, Patricia Rua, Axel Bugge, Sabine Siebold and Eric Walsh, Engen Tham; Editing by Rob Birsel and Mike Collett-White)

Related:

NHS cyber-attack — Experts strive to restore NHS computers — Warnings of impending attacks ignored for months

May 13, 2017

BBC News

IT experts are “working round the clock” to restore NHS computer systems hit by Friday’s ransomware attack.

Ciaran Martin, head of the UK’s cyber security agency, said it was doing “everything in our power” to get “vital services” back up and running.

The BBC understands about 40 NHS organisations and some GP practices were hit in England and Scotland, with operations and appointments cancelled.

Theresa May said the NHS had been caught up in an international attack.

Similar computer infections have been reported in a range of organisations in about 100 countries.

Some British hospitals and GPs were unable to access patient data after their computers were locked by the malicious program.

The NHS has not been affected in Wales and Northern Ireland.

‘Highly technical’

NHS Digital said there was no evidence patient data had been compromised,

NHS England said patients needing emergency treatment should go to A&E or access emergency services as they normally would.

However, some ambulances have been diverted from affected hospitals and individual trusts have asked people not to attend unless it is urgent.

Mr Martin, who leads the National Cyber Security Centre – part of GCHQ – said “thousands of organisations and individuals in dozens of countries” had been hit by the attack.

Those responsible have not been identified yet.

He told the BBC: “It’s important to understand that cyber attacks can be different from other forms of crime in that their sometimes highly technical and anonymous nature means it can take some time to understand how it worked, who was behind it and what the impact is.

“But our commitment is we will be as open as we can be, as soon as we can be, as our investigation continues.

“NHS cyber-attack: How doctors and patients reacted.

 

NHS cyber-attack: How doctors and patients reacted
Video: http://www.bbc.com/news/health-39906019

The malware used in the attack is called WannaCry and attacks Windows operating systems.

The malware used in the attack is called WannaCry and attacks Windows operating systems.

It encrypts files on a user’s computer, blocking them from view, before demanding money, via an on-screen message, to access them again.

The demand is for a payment of $300 (£230) in virtual currency Bitcoin to unlock the files.

The virus is usually covertly installed on to computers by hiding within emails containing links, which users are tricked into opening.

Security chiefs and ministers have repeatedly highlighted the threat to Britain’s critical infrastructure and economy from cyber-attacks.

‘Hit the go button’

The former director for intelligence and cyber operations at GCHQ, Brian Lord, told BBC’s Newsnight that the NHS was particularly vulnerable to such attacks because of its ageing IT systems.

“Also [it has] very, very complex interconnectivity between surgeries, trusts, boards and so on,” he said.

“So, as a consequence, there is an awful lot of openings for delivery of this type of basic malware.”

Convicted hacker Jake Davis also told the programme: “The most terrifying thing about this is how simple it is.

“It might have been a sophisticated criminal organisation or it might have just been some kid who hit the go button and a worm has just spread when they went to take a nap.”

He said that two months ago Microsoft had issued a patch for the bug exploited by the virus, but some systems had not applied it.

In Russia, the Interior Ministry said about 1,000 computers had been hit.

Global impact

People tweeted photos of affected computers from other countries, including at a local railway ticket machine in Germany and in a university computer lab in Italy.

A number of Spanish firms – including telecoms giant Telefonica, power firm Iberdrola and utility provider Gas Natural – suffered from the outbreak.

Portugal Telecom, delivery company FedEx, a Swedish local authority and Megafon, the second largest mobile phone network in Russia, also said they had been affected.

Includes videos:

http://www.bbc.com/news/health-39906019

*********************************************

U.K. Health Service, Targeted in Cyberattack, Ignored Warnings for Months

LONDON — Britain’s National Health Service ignored numerous warnings over the last year that many of its computer systems were outdated and unprotected from the type of devastating cyberattack it suffered on Friday.

The attack caused some hospitals to stop accepting patients, doctor’s offices to shut down, emergency rooms to divert patients, and critical operations to be canceled as a decentralized system struggled to cope.

At some hospitals, nurses could not even print out name tags for newborn babies. At the Royal London Hospital, in east London, George Popescu, a 23-year-old hotel cook, showed up with a forehead injury. “My head is pounding and they say they can’t see me,” he said. “They said their computers weren’t working. You don’t expect this in a big city like London.”

In a statement on Friday, the N.H.S. said its inquiry into the attack was in its early phases but that “at this stage we do not have any evidence that patient data has been accessed.”

Many of the N.H.S. computers still run Windows XP, an out-of-date software that no longer gets security updates from its maker, Microsoft. A government contract with Microsoft to update the software for the N.H.S. expired two years ago.

Microsoft discontinued the security updates for Windows XP in 2014. It made a patch, or fix, available in newer versions of Windows for the flaws that were exploited in Friday’s cyberattacks. But the health service does not seem to have installed either the newer version of Windows or the patch.

“Historically, we’ve known that N.H.S. uses computers running old versions of Windows that Microsoft itself no longer supports and says is a security risk,” said Graham Cluley, a cybersecurity expert in Oxford, England. “And even on the newest computers, they would have needed to apply the patch released in March. Clearly that did not happen, or the malware wouldn’t have spread this fast.”

Just this month, a parliamentary research briefing noted that cyberattacks were viewed as one of the top threats facing Britain. The push to make medical records systems more interconnected might also make the system more vulnerable to attack. Britain plans to digitize all patient records by 2020.

Several news reports have addressed the outdated systems of the N.H.S. that potentially left confidential patient data vulnerable to attack. Last November, Sky News did an investigation showing that units of the N.H.S., serving more than two million people, spent nothing on cybersecurity in 2015. Jennifer Arcuri, of Hacker House, which worked with Sky on the report, said then: “I would have to say that the security across the board was weak for many factors.”

Souce: https://www.nytimes.com/2017/05/12/world/europe/nhs-cyberattack-warnings.html?ribbon-ad-idx=5&rref=world/europe&module=Ribbon&version=context&region=Header&action=click&contentCollection=Europe&pgtype=article
.

Read the rest:

British Hospitals Suffer Major Cyber Attack-What Do We Know So Far?

May 12, 2017

LONDON — Britain’s National Health Service said it had suffered a major cyber attack on Friday, disrupting hospitals all over England.

The health service said it had been hit with malicious software known as ‘ransomware’ that locks up computers and demands ransoms to restore access, but that so far it did not believe patient data had been accessed.

Below is what is known about the incident so far. For the latest updates, see:

* Hospitals have reported major disruption to their IT systems. People have been asked not to visit unless they need immediate medical attention.

* The attacks span the length of England. The NHS said 16 of its organizations – some containing several hospitals – have been affected.

* It was not immediately clear whether patients had suffered as a result of the attack.

* In addition to London, there have been media reports of problems in Northumbria in the north east, Merseyside in the north west, and Essex in the south. There are no reports of attacks in Scotland or Wales so far.

* The National Health Service said it was a “ransomware attack” – a type of extortion. Computer users are locked out of their software and asked to pay up large sums of money to regain control. It said it believed the malware variant is called”Wanna Decryptor”.

* Spain’s government warned that a large number of companies had been attacked by cyber criminals who infected computers with“ransomware”. * The NHS said it did not have any evidence that patient data had been accessed. * A reporter from the Health Service Journal said the attack had affected x-ray imaging systems, pathology test results, phone and bleep systems, and patient administration systems.

* Britain’s National Crime Agency said it was aware of the reports of a cyber attack but made no further comment.

(Compiled by Andy Bruce, Additional reporting by Kate Holton, Michael Holden and David Milliken; editing by Stephen Addison)

Related:

Several Spanish firms targeted in cyber attacks

May 12, 2017

AFP

© AFP/File | Spain’s national cryptology centre said the ransomware used affected the Windows operating system

MADRID (AFP) – 

Telecom giant Telefonica and several other Spanish companies were targeted in cyber attacks Friday, the government said.

The energy ministry said it had “confirmation of various cyber attacks targeting Spanish companies”, adding the attackers used so-called ransomware which blocks access to files until a ransom is paid.

Some staff computers at the firms were affected, but service and network operations were not, the ministry said.

The firms’ clients were also unaffected.

It added that there had been no breach of data security.

Spain’s national cryptology centre, a division of the country’s intelligence services, said the ransomware used in the attacks was of the WannaCry type which locks targeted files with a secret encryption algorithm.

It affected Windows operating systems and any linked networks, it said.

Telefonica reacted by switching off all computers at its Madrid headquarters, after hundreds of PCs came under attack, a source at the company told AFP.

Telefonica staff were told in megaphone announcements to urgently shut down their workstations, the source said.

Spanish energy company Iberdrola, a client of Telefonica, meanwhile shut down its computers as a precaution, a spokesman told AFP, but later found them to be unaffected by the attacks.