This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at https://www.nytimes.com/2017/06/27/technology/global-ransomware-hack-what-we-know-and-dont-know.html
The article has changed 7 times. There is an RSS feed of changes available.
| Version 1 | Version 2 |
|---|---|
| Global Cyberattack: What We Know and Don’t Know | Global Cyberattack: What We Know and Don’t Know |
| (about 2 hours later) | |
| A quickly spreading ransomware attack is hitting countries across the world including Ukraine, Russia, Spain, France and the United States, just weeks after a ransomware attack known as “WannaCry.” | A quickly spreading ransomware attack is hitting countries across the world including Ukraine, Russia, Spain, France and the United States, just weeks after a ransomware attack known as “WannaCry.” |
| • Several private companies have confirmed that they have been hit by the attack, including the American pharmaceutical giant Merck, the Danish shipping company AP Moller-Maersk, the British advertising firm WPP, Saint-Gobain of France, and the Russian steel, mining and oil firms Evraz and Rosneft. | • Several private companies have confirmed that they have been hit by the attack, including the American pharmaceutical giant Merck, the Danish shipping company AP Moller-Maersk, the British advertising firm WPP, Saint-Gobain of France, and the Russian steel, mining and oil firms Evraz and Rosneft. |
| • Photographs and videos of computers affected by the attack show a message of red text over a black screen. The message read: “Oops, your important files have been encrypted. If you see this text then your files are no longer accessible because they have been encrypted. Perhaps you are busy looking to recover your files but don’t waste your time.” | |
| • Cybersecurity researchers first said that the new ransomware appeared to be a variation of a well-known ransomware strain called Petya. One researcher from the Moscow-based cybersecurity firm Kaspersky Lab reported the new ransomware was a strain of Petya first identified in March 2016. Kaspersky found evidence that the latest strain had been created on June 18, suggesting it has been hitting victims for more than a week. But Kaspersky also said it was still investigating the attack and that it could be a new type of ransomware that has never been seen before. | • Cybersecurity researchers first said that the new ransomware appeared to be a variation of a well-known ransomware strain called Petya. One researcher from the Moscow-based cybersecurity firm Kaspersky Lab reported the new ransomware was a strain of Petya first identified in March 2016. Kaspersky found evidence that the latest strain had been created on June 18, suggesting it has been hitting victims for more than a week. But Kaspersky also said it was still investigating the attack and that it could be a new type of ransomware that has never been seen before. |
| • Kaspersky reported that approximately 2,000 computer systems had been affected by the new ransomware so far. | • Kaspersky reported that approximately 2,000 computer systems had been affected by the new ransomware so far. |
| • Symantec, a Silicon Valley cybersecurity firm, confirmed that the ransomware was infecting computers through at least one exploit, or vulnerability to computer systems, known as Eternal Blue. | • Symantec, a Silicon Valley cybersecurity firm, confirmed that the ransomware was infecting computers through at least one exploit, or vulnerability to computer systems, known as Eternal Blue. |
| • Eternal Blue was leaked online last April by a mysterious group of hackers known as the Shadow Brokers, who have previously released hacking tools used by the National Security Agency. The same vulnerability was used in May to spread the WannaCry ransomware, in which hundreds of thousands of computers in over 150 countries were affected. | • Eternal Blue was leaked online last April by a mysterious group of hackers known as the Shadow Brokers, who have previously released hacking tools used by the National Security Agency. The same vulnerability was used in May to spread the WannaCry ransomware, in which hundreds of thousands of computers in over 150 countries were affected. |
| • Several cybersecurity researchers have identified a Bitcoin address to which the attackers are demanding a payment of $300 from their victims. At least some of the victims appear to be paying the ransom. | • Several cybersecurity researchers have identified a Bitcoin address to which the attackers are demanding a payment of $300 from their victims. At least some of the victims appear to be paying the ransom. |
| • Who is behind the ransomware attack. The original Petya ransomware was developed and used by cybercriminals, and variations have been sold through dark web trading sites, which are accessible only by using browsers that mask a user’s identity, making it difficult for cybersecurity researchers to track. | • Who is behind the ransomware attack. The original Petya ransomware was developed and used by cybercriminals, and variations have been sold through dark web trading sites, which are accessible only by using browsers that mask a user’s identity, making it difficult for cybersecurity researchers to track. |
| • Why it is spreading as quickly as it is. Cybersecurity researchers believe that like WannaCry, the ransomware infects computers using vulnerabilities in the central nerve of a computer, called a kernel, making it difficult for antivirus firms to detect. It is not yet known if the new ransomware uses any new vulnerabilities, or variants of the vulnerabilities, made public by the group known as the Shadow Brokers. | • Why it is spreading as quickly as it is. Cybersecurity researchers believe that like WannaCry, the ransomware infects computers using vulnerabilities in the central nerve of a computer, called a kernel, making it difficult for antivirus firms to detect. It is not yet known if the new ransomware uses any new vulnerabilities, or variants of the vulnerabilities, made public by the group known as the Shadow Brokers. |
| • It’s unclear if systems protected against WannaCry can still be affected by the new ransomware attack. | • It’s unclear if systems protected against WannaCry can still be affected by the new ransomware attack. |
| • Ransomware is one of the most popular forms of online attack today. It typically begins with attackers sending their victims an email that includes a link, or a file, which appears innocuous, but which contains dangerous malware. | • Ransomware is one of the most popular forms of online attack today. It typically begins with attackers sending their victims an email that includes a link, or a file, which appears innocuous, but which contains dangerous malware. |
| • Once a victim clicks on the link or opens the attachment, the computer becomes infected. The program encrypts the computer, essentially locking the user out of files, folders, and drives on that computer. In some cases, the entire network the computer is connected to can become infected. | • Once a victim clicks on the link or opens the attachment, the computer becomes infected. The program encrypts the computer, essentially locking the user out of files, folders, and drives on that computer. In some cases, the entire network the computer is connected to can become infected. |
| • The victim then receives a message demanding payment in exchange for attackers unlocking the system. The payment is usually requested in Bitcoin, a form of digital currency. | • The victim then receives a message demanding payment in exchange for attackers unlocking the system. The payment is usually requested in Bitcoin, a form of digital currency. |