사이버공격 바이러스, 미 정부기관이 개발한 기술일 가능성 있어

 

세계 각지의 기업 등이 피해를 입은 대규모 사이버공격과 관련해, 체코에 본사를 둔 정보보안업체 '어베스트'는 13일, 확인된 피해가 더욱 늘어나, 104개 국가와 지역에서 모두 12만 6000건 이상이라고 발표했습니다.

이에 대해, 서방 주요 언론은, 미국의 정보기관 NSA, 국가안전보장국이 정보수집활동을 위해 개발한 기술을 해커단체가 훔쳐 악용했을 가능성이 있다고 보도했습니다.

'쉐도우 브로커스'란 이름의 해커단체는 지난해 8월 이 기술을 NSA에서 훔쳐 입수했다며 인터넷 상에서 구입자를 모집했지만, 누구도 응하지 않았기 때문에 지난달 무료로 공개한 것으로 알려지고 있습니다.

이번 사이버 공격의 배후는 아직 밝혀지지 않았습니다.

또, NSA는 해커가 기술을 훔쳤는지 여부를 포함해 입장을 내놓지 않고 있습니다.

이번 사이버 공격에 사용된 바이러스는 마이크로소프트사의 기본 운영체제인 윈도우의 특정 취약점을 파고들어 감염시키는 형태로, 마이크로소프트사는 지난 3월 이 취약점을 공개하고 보안 패치를 배포했지만, 보안 패치를 적용하지 않은 컴퓨터가 피해를 입은 것으로 보입니다

 

 

 

전 세계 각지에서 해킹 공격 잇따라…영국 병원 등 업무마비

'랜섬웨어'에 감염된 영국 국민보건서비스(NHS) 컴퓨터 화면.

전 세계 각지에서 해킹 공격 피해 사례가 잇따르고 있습니다. 

보안 업체 등에 따르면 12일을 전후해 일정 금액의 돈을 내지 않으면, 컴퓨터를 사용하지 못하도록 하는 바이러스인 ‘랜섬웨어’가 기승을 부리고 있습니다.

현재 보안 업체에 따라 4만에서 5만여 컴퓨터가 해당 랜섬웨어에 감염된 것으로 파악하고 있으며, 미국과 영국, 중국, 러시아 등 수십 개 나라에서 피해 사례가 확인되고 있습니다.

영국 국민보건서비스(NHS)는 12일 소속 병원 최소 16곳이 이 ‘랜섬웨어’에 감염돼, 컴퓨터 사용이 전면 중단된 상태라고 전했습니다.

현재 이들 병원들의 컴퓨터에는 미화 300달러에 해당하는 온라인 화폐, 비트코인을 요구하는 문구가 떠 있는 것으로 알려졌습니다.

NHS는 아직까지 해커들이 환자들의 개인정보에 접근하진 않았다면서, 현재 환자들과 앰뷸런스를 다른 의료기관으로 보내고 있다고 밝혔습니다. 이어 국립 사이버 보안 센터와 보건부 등 국가기관과 함께 해결 방안 마련에 나섰다고 덧붙였습니다.

스페인 자원부는 통신회사인 텔레포니카를 포함한 스페인 기업을 상대로 한 해킹 공격을 확인했습니다.

또 포르투갈의 통신회사 역시 같은 공격을 당했지만, 서비스 이용자들은 피해를 입지 않은 것으로 전해졌습니다.

VOA 뉴스

 

 

 

Massive ransomware attack hits countries around the globe

 

                              Here is what the ransom screen looks like (Chinese version) when a victim is hit with WannaCry.

Kaspersky Lab has recorded more than 45,000 attacks of ransomware in 74 countries around the world as of Friday.

The attack, boiling down to a computer virus that makes users' computers useless unless a payment is made to those who hacked their system, has prompt wide alarm around the globe.

The assault, described as the biggest-ever cyber ransom attack, struck state agencies and major companies around the world -- from Russian banks and British hospitals to FedEx and European car factories.

"WannaCry"

The multinational cybersecurity and anti-virus provider's Global Research and Analysis Team said in a web posting that in these attacks, data is encrypted with the extension ".WCRY" added to the filenames.

The attack by the ransomware, dubbed "WannaCry," is initiated through an SMBv2 remote code execution in Microsoft Windows.

The exploit, codenamed "EternalBlue," has been made available on the internet through the Shadowbrokers dump on April 14 and patched by Microsoft on March 14.

"It's important to understand that while unpatched Windows computers exposing their SMB services can be remotely attacked with the 'EternalBlue' exploit and infected by the WannaCry ransomware," Kaspersky Lab noted.

"The lack of existence of this vulnerability doesn't really prevent the ransomware component from working. Nevertheless, the presence of this vulnerability appears to be the most significant factor that caused the outbreak," it warned.

The WannaCry malware encrypts the files and also drops and executes a decryptor tool. Images appeared on victims' screens demanding payment of $300 in Bitcoin, saying: "Ooops, your files have been encrypted!"

Payment is demanded within three days or the price is doubled, and if none is received within seven days the files will be deleted, according to the screen message.

As not all ransomware provides this timer countdown, the WannaCry attack shows computer users that "payment will be raised" after a specific countdown, along with another display raising urgency to pay up, threatening that the user will completely lose their files after the set timeout, the team said.

It added that to make sure the user doesn't miss the warning, the tool changes the user's wallpaper with instructions on how to find the decryptor tool dropped by the malware.

Wide range of victims

Kaspersky Lab has confirmed additional infections in a group of countries, including China, Ukraine, Russia, India and more.

The cryptology branch of Spain's National Center for Intelligence (CNI) also confirmed on Friday that several Spanish companies, including multinational telecommunications giant Telefonica, have suffered the "massive" cyber attack.

The Spanish media reported that Telefonica bore the brunt of the attack, which caused the crash of the computers of Telefonica personnel at the company's Madrid headquarters, leaving them with blue screens and also halting other devices.

Other businesses thought to have been attacked by the virus included consultancy firms, banks and energy companies.

Hospitals in Britain also suffered from a similar attack on Friday. The National Health Service (NHS) issued an alert and confirmed infections at 16 medical institutions, but it remained unclear whether the incidents are connected with each other.

Sweden's Timra municipality was struck by WannaCry Friday afternoon, Swedish public broadcaster SVT reported.

A variation of the virus has infected Windows system and encrypts files locally and on shared services, and at least 70 computers were affected, as screens turned blue and then black on several of the municipalities' computers.

After the computers were rebooted, users got a message saying that the computers were encrypted and they had to pay to regain access to the content. Right now it appeared that there was no risk to life or health, according to Sweden's national Computer Emergency Response Team, although some of the administrative personnel were not able to do their work.

Andreaz Stromgren, head of the municipality's administrative offices, estimated that as many as 100 could have been infected before they stopped it from spreading.

Denmark is also one of the victims affected by the massive hacker attack.

"I can see on our map that Denmark has been tried to be attacked in the first hours of the attack," Leif Jensen, director of IT security company Kaspersky's Nordic department, was quoted by Danish TV2 channel as saying.

Mikko Hypponen, chief research officer at the Helsinki-based cyber security company F-Secure, told AFP it was the biggest ransomware outbreak in history, saying that 130,000 systems in more than 100 countries had been affected.

He said Russia and India were hit particularly hard, largely because Microsoft's Windows XP -- one of the operating systems most at risk -- was still widely used there.

French police said there were "more than 75,000 victims" around the globe, but cautioned that the number could increase "significantly".

US software firm Symantec said the majority of organisations affected were in Europe, and the attack was believed to be indiscriminate.

The companies and government agencies targeted were diverse.

In the United States, package delivery group FedEx said it was "implementing remediation steps as quickly as possible," while French carmaker Renault was forced to stop production at sites in France, Slovenia and Romania.

Russia's interior ministry said some of its computers had been hit by a "virus attack" and that efforts were underway to destroy it. The country's banking system was also attacked, although no problems were detected, as was the railway system.

Germany's rail operator Deutsche Bahn said its station display panels were affected. Universities in Greece and Italy also were hit.

So far it is unclear who is behind the attack.

Manhunt for hackers

International investigators hunted Saturday for those behind an unprecedented cyber-attack that affected systems in dozens of countries, including at banks, hospitals and government agencies, as security experts sought to contain the fallout.

"The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits," said Europol, Europe's police agency.

Europol said a special task force at its European Cybercrime Centre was "specially designed to assist in such investigations and will play an important role in supporting the investigation".

The attacks used ransomware that apparently exploited a security flaw in Microsoft operating systems, locking users' files unless they pay the attackers a designated sum in the virtual currency Bitcoin.

But experts and government alike warn against ceding to the hackers' demands.

"Paying the ransom does not guarantee the encrypted files will be released," the US Department of Homeland Security's computer emergency response team said.

"It only guarantees that the malicious actors receive the victim's money, and in some cases, their banking information."

 

 

미 백악관, 사이버 공격 피해 150개국 30만 건 이상

세계 각지에서 확산되고 있는 대규모 사이버 공격에 대해 미 백악관의 고위 관리가 약 150개국에서 30만 건 이상의 피해가 확인됐다며 계속해서 경계를 당부했습니다.

이번 사이버 공격은 마이크로소프트사의 운영 체제인 '윈도우'를 표적으로 한 것이며, 파일을 암호화해서 이용할 수 없도록 만든 다음 복원 대가로 금전을 요구하는 악성 프로그램인 '랜섬웨어'가 사용됐습니다.

이와 관련해 미 백악관의 보서트 대통령보좌관은 기자회견을 열고, 15일 아침 현재 피해 사례가 약 150개국에서 30만 건 이상에 달한다고 밝혔습니다.

한편 지금까지 세계 각지에서 약 7만 달러가 지불된 것으로 보이며, 일부 미국 기업도 피해를 봤으나 미국 정부 기관의 시스템은 영향을 받지 않았다고 밝히고 계속해서 경계를 당부했습니다.

그리고 마이크로소프트사가 이번 사이버 공격은 미국 정보 기관의 기술을 빼내 악용한 것이라고 단정한 데 대해서는 직접적인 언급을 피하면서 "미국 정보기관이 개발한 것이 아니라 범죄단체나 외국이 개발했을 가능성이 있다"고 지적했습니다.