Monday, May 15, 2017

WannaCry ransomware attack - Wikipedia

  1. begin quote from:

    WannaCry ransomware attack - Wikipedia
    WannaCry (or WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor) is a ransomware program targeting the Microsoft Windows operating system. On Friday, 12 May 2017 ...
  2. The Wanna Cry ransomware attack - one of the largest ever cyber attacks - appeared to be slowing around 24 hours after it wrecked havoc and shut down tens of ... 

    WannaCry ransomware attack

    From Wikipedia, the free encyclopedia
    WannaCry ransomware attack
    Wana Decrypt0r screenshot.png
    Screenshot of the ransom note left on an infected system
    Date 12 May 2017–present
    Location Worldwide
    Also known as WannaCrypt, WanaCrypt0r. WCRY
    Type Cyber-attack
    Theme Ransomware encrypting hard disk with $300 – $1200 demand
    Cause EternalBlue exploit
    Outcome Over 200,000 victims and more than 230,000 computers infected[1][2]
    WannaCry (or WannaCrypt,[3] WanaCrypt0r 2.0,[4][5] Wanna Decryptor[6]) is a ransomware program targeting the Microsoft Windows operating system. On Friday, 12 May 2017, a large cyber-attack was launched using it, infecting more than 230,000 computers in 150 countries, demanding ransom payments in the cryptocurrency Bitcoin in 28 languages.[7] The attack has been described by Europol as unprecedented in scale.[8]
    The attack affected Telefónica and several other large companies in Spain, as well as parts of Britain's National Health Service (NHS),[9] FedEx, Deutsche Bahn, and LATAM Airlines.[10][11][12][13] Other targets in at least 99 countries were also reported to have been attacked around the same time.[14][15]
    Like previous ransomware, the attack spreads by phishing emails,[16] but also uses the EternalBlue exploit developed by the U.S. National Security Agency (NSA)[17][18] to spread through a network which has not installed recent security updates to directly infect any exposed systems.[5][19] A "critical" patch had been issued by Microsoft on 14 March 2017 to remove the underlying vulnerability for supported systems,[20] but many organizations had not yet applied it.[21]
    Those still running exposed older, unsupported operating systems were initially at particular risk, such as Windows XP and Windows Server 2003, but Microsoft has now taken the unusual step of releasing updates for these.[3][22]
    Shortly after the attack began, a web security researcher known by his Twitter account MalwareTech, found an effective kill switch which slowed the spread of infection, but new versions have now been detected that lack the kill switch.[23][24][25][26][27]



    The purported infection vector, EternalBlue, was released by the hacker group The Shadow Brokers on 14 April 2017,[28] along with other tools apparently leaked from Equation Group, believed to be part of the United States National Security Agency.[29][30]
    EternalBlue exploits vulnerability MS17-010[20] in Microsoft's implementation of the Server Message Block (SMB) protocol. Microsoft had released a "Critical" advisory, along with an update patch to plug the vulnerability a month before, on 14 March 2017.[20] This patch fixed several client versions of the Microsoft Windows operating system, including Windows Vista onwards (with the exception of Windows 8), as well as server and embedded versions such as Windows Server 2008 onwards and Windows Embedded POSReady 2009 respectively, but not the older Windows XP, according to Microsoft.[20] According to Dona Sarkar, head of the Windows Insider Program at Microsoft, Windows 10 was not affected;[31] however, IT writer Woody Leonhard questioned if this is the case with all Windows 10 systems, or just builds 14393.953 and later.[32]
    Starting from 21 April 2017, security researchers started reporting that computers with the DoublePulsar backdoor installed were in the tens of thousands.[33] By 25 April, reports estimated the number of infected computers to be up to several hundred thousands, with numbers increasing exponentially every day.[34][35] Apparently DoublePulsar was used alongside EternalBlue in the attack.[36][37]


    Countries initially affected[38]
    On 12 May 2017, WannaCry began affecting computers worldwide.[39] The initial infection might have been either through a vulnerability in the network defenses or a very well-crafted spear phishing attack.[40] When executed, the malware first checks the "kill switch" domain name[a]. If it is not found, then the ransomware encrypts the computer's data,[41][42][43] then attempts to exploit the SMB vulnerability to spread out to random computers on the Internet,[44] and "laterally" to computers on the same network.[45] As with other modern ransomware, the payload displays a message informing the user that files have been encrypted, and demands a payment of around $300 in bitcoin within three days or $600 within seven days.[42][46]
    The Windows vulnerability is not a zero-day flaw, but one for which Microsoft had made available a security patch on 14 March 2017,[20] nearly two months before the attack. The patch was to the Server Message Block (SMB) protocol used by Windows.[47][48] Organizations that lacked this security patch were affected for this reason, although there is so far no evidence that any were specifically targeted by the ransomware developers.[47] Initially, any organization still running the older Windows XP[49] was at particularly high risk because no security patches had been released since April 2014.[3][50] However, after the outbreak, Microsoft released a security patch for Windows XP on 13 May 2017, the day after the attack launched.[3]
    According to Wired, affected systems will also have had the DoublePulsar backdoor installed; this will also need to be removed when systems are decrypted.[6]
    Ken Collins of Quartz wrote on May 12 that three or more hardcoded bitcoin addresses, or "wallets", are used to receive the payments of victims. As with all such wallets, their transactions and balances are publicly accessible even though the wallet owners remain unknown. To track the ransom payments in real time, a Twitterbot that watches each of the three wallets has been set up.[51] As of 15 May 2017 at 11 AM, a total of 214 payments totaling nearly $56,000 had been transferred.[52][53][54]


    On May 14, two additional variants were released by the malware authors. One of these variants had a new kill switch which was quickly registered, while the other had no kill switch but had a corrupted payload preventing encryption of files.[55]


    The ransomware campaign was unprecedented in scale according to Europol.[8] The attack affected many National Health Service hospitals in England and Scotland,[56] and up to 70,000 devices – including computers, MRI scanners, blood-storage refrigerators and theatre equipment – may have been affected.[57] On 12 May, some NHS services had to turn away non-critical emergencies, and some ambulances were diverted.[11][58] In 2016, thousands of computers in 42 separate NHS trusts in England were reported to be still running Windows XP.[49] NHS hospitals in Wales and Northern Ireland were unaffected by the attack.[9][11]
    Nissan Motor Manufacturing UK in Tyne and Wear, England halted production after the ransomware infected some of their systems. Renault also stopped production at several sites in an attempt to stop the spread of the ransomware.[59][60]
    The attack's impact could have been much worse had an anonymous security expert, who was independently researching the malware, not discovered that a kill-switch had been built in by its creators.[61][62]
    Cybersecurity expert Ori Eisen from AdTruth said that the attack appears to be "low-level" stuff, given the ransom demands of $300 and states that the same thing could be done to crucial infrastructure, like nuclear power plants, dams or railway systems.[63][64]

    List of affected organizations

    Defensive response

    Several hours after the initial release of the ransomware on 12 May 2017, a researcher who blogs under the name MalwareTech[94] discovered what amounted to be a "kill switch" hardcoded in the malware while trying to establish the size of the attack.[95][96][97] Registering a domain name for a DNS sinkhole stopped the attack spreading as a worm. While this did not help already infected systems, it severely slowed the spread of the initial infection and gave time for defensive measures to be deployed worldwide, particularly in North America and Asia, which had not been attacked to the same extent as elsewhere. Analysis of the kill switch suggested that it may in fact be a bug in the malware whose code was originally intended to make the attack harder to analyse.[98][99][100][101] However, the kill switch domain needs to be available locally, and the response must be able to reach the malware to effectively work. Some network configurations may prevent the kill switch from working.[102]
    Microsoft released a statement recommending users install update MS17-010 to protect themselves against the attack. The update was originally released in March 2017.[103] In an unusual move, the company also created security patches for several now-unsupported versions of Windows, including Windows XP, Windows 8 and Windows Server 2003.[3]


    Several experts highlighted the NSA's non-disclosure of the underlying vulnerability, and their loss of control over the EternalBlue attack tool that exploited it. Edward Snowden said that if the NSA had "privately disclosed the flaw used to attack hospitals when they found it, not when they lost it, [the attack] may not have happened".[104] British cybersecurity expert Graham Cluley also sees "some culpability on the part of the U.S. intelligence services". According to him and others "they could have done something ages ago to get this problem fixed, and they didn't do it". He also said that despite obvious uses for such tools to spy on people of interest, they have a duty to protect their countries' citizens.[105]
    Others commented that this attack shows that the practice of intelligence agencies to stockpile exploits for offensive purposes rather than disclosing them for defensive purposes may be problematic.[62] Microsoft president Brad Smith wrote, "Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen."[106][107]
    Richard Jameson from IT Security firm InfoTech Legal confirms that this is not a targeted attack on the NHS, all organisations are at risk, the NHS is just an ill prepared high profile victim.
    Arne Schönbohm, President of Germany's Federal Office for Information Security (BSI) stated that "the current attacks show how vulnerable our digital society is. It's a wake up call for companies to finally take IT-security [seriously]".[48]
    Adam Segal, director of the digital and cyberspace policy program at the Council on Foreign Relations stated that "the patching and updating systems are broken, basically, in the private sector and in government agencies" and noted that "there's no assurance that even if the government reveals a vulnerability people are going to move quickly enough to make and apply the patch".[62] In addition, Segal said that governments' apparent inability to secure vulnerabilities "opens a lot of questions about backdoors and access to encryption that the government argues it needs from the private sector for security".[62]
    According to James Scott from the Institute of Critical Infrastructure Technology, ransomware emerged "as an epidemic" in 2016, with the healthcare sector being particularly vulnerable. He stated that "the staff have no cyber-hygiene training, they click on phishing links all the time. The sad thing is they weren't backing up their data properly either, so that's a big problem. They should be doing that all the time." He also noted that "you're only as strong as your weakest link within your organisation from a cyber-perspective".[108] To the contrary, healthcare insiders contend Microsoft is viewed upon, internally, as just another a sick patient insensitive to anyone's needs but their own, and because healthcare is ETL intensive, that software updates infrequently neuter their macros and interfere with their applications, causing system tools and complex overlapping algorithms malfunction, that their reluctance to software updates is well founded, and they are quite correct in admonishing their IT professionals to adopt a conservative approach, leaving well enough alone, foregoing updates when their automation seems to function just right.
    British Prime Minister Theresa May said of the ransomware, "This is not targeted at the NHS. It is an international attack. A number of countries and organizations have been affected."[109] However, writing in The Guardian, technology expert Charles Arthur said that the effects of the hack were exacerbated by Conservative Party under-funding of the NHS as part of the government's austerity measures, in particular the Department of Health's refusal to pay extra to Microsoft to keep protecting outdated Windows XP systems from such attacks.[110] Home secretary Amber Rudd refused to say whether patient data had been backed up, and shadow health secretary Jon Ashworth accused health secretary Jeremy Hunt of refusing to act on a critical note from Microsoft two months previously, as other warnings from the National Cyber Security Centre (NCSC) and National Crime Agency.[111] On 14 May 2017 the NCSC updated its latest guidance on dealing with ransomware attacks.[112]
    In the attack some see a dramatic demonstration of the value of having good, secure backups and good cyber-security including having the latest security patches installed.[113]

    See also




  3. "Ransomware attack still looms in Australia as Government warns WannaCry threat not over". Australian Broadcasting Corporation. Retrieved 15 May 2017.

  • External links

    Media related to WannaCry ransomware attack at Wikimedia Commons

    Navigation menu

  • Cameron, Dell. "Today's Massive Ransomware Attack Was Mostly Preventable; Here's How To Avoid It". Gizmodo. Retrieved 13 May 2017.

  • MSRC Team. "Customer Guidance for WannaCrypt attacks". Microsoft. Retrieved 13 May 2017.

  • Jakub Kroustek (12 May 2017). "Avast reports on WanaCrypt0r 2.0 ransomware that infected NHS and Telefonica.". Avast Security News. Avast Software, Inc.

  • Fox-Brewster, Thomas. "An NSA Cyber Weapon Might Be Behind A Massive Global Ransomware Outbreak". Forbes. Retrieved 12 May 2017.

  • Woollaston, Victoria. "Wanna Decryptor: what is the 'atom bomb of ransomware' behind the NHS attack?". WIRED UK. Retrieved 13 May 2017.

  • "WannaCry Infecting More Than 230,000 Computers in 99 Countries". Eyerys. 12 May 2017.

  • "Cyber-attack: Europol says it was unprecedented in scale". BBC News. 13 May 2017. Retrieved 13 May 2017.

  • Marsh, Sarah (12 May 2017). "The NHS trusts hit by malware – full list". The Guardian. London. Retrieved 12 May 2017.

  • S.A.P., El Mercurio (12 May 2017). "Hackeo mundial a empresas: Confirman 150 detecciones de virus en Chile y Gobierno monitorea efectos". Emol (in Spanish). Retrieved 14 May 2017.

  • "NHS cyber-attack: GPs and hospitals hit by ransomware". BBC News. 12 May 2017. Retrieved 12 May 2017.

  • Hern, Alex; Gibbs, Samuel (12 May 2017). "What is 'WanaCrypt0r 2.0' ransomware and why is it attacking the NHS?". The Guardian. London. ISSN 0261-3077. Retrieved 12 May 2017.

  • "Statement on reported NHS cyber attack". Retrieved 12 May 2017.

  • Cox, Joseph (12 May 2017). "A Massive Ransomware 'Explosion' Is Hitting Targets All Over the World". Motherboard. Retrieved 12 May 2017.

  • Larson, Selena (12 May 2017). "Massive ransomware attack hits 99 countries". CNN. Retrieved 12 May 2017.

  • Gayle, Damien; Topping, Alexandra; Sample, Ian; Marsh, Sarah; Dodd, Vikram (13 May 2017). "NHS seeks to recover from global cyber-attack as security concerns resurface". The Guardian. Retrieved 14 May 2017. One NHS worker, who asked to remain anonymous, said the attack began at about 12.30 pm and appeared to have been the result of phishing. 'The computers were affected after someone opened an email attachment.'

  • "NHS cyber attack: Edward Snowden says NSA should have prevented cyber attack". The Independent. Retrieved 13 May 2017.

  • "NHS cyber attack: Everything you need to know about 'biggest ransomware' offensive in history". The Daily Telegraph. Retrieved 13 May 2017.

  • Larson, Selena (12 May 2017). "Massive ransomware attack hits 74 countries". CNNMoney. Retrieved 12 May 2017.

  • "Microsoft Security Bulletin MS17-010 – Critical". Retrieved 13 May 2017.

  • 15:58, 12 May 2017 at; tweet_btn(), John Leyden. "WanaCrypt ransomware snatches NSA exploit, fscks over Telefónica, other orgs in Spain". The Register. Retrieved 12 May 2017.

  • Surur (13 May 2017). "Microsoft release Wannacrypt patch for unsupported Windows XP, Windows 8 and Windows Server 2003". Retrieved 13 May 2017.

  • Khandelwal, Swati. "It's Not Over, WannaCry 2.0 Ransomware Just Arrived With No 'Kill-Switch'". The Hacker News. Retrieved 14 May 2017.

  • "Erpressungssoftware: Experten fürchten neue "WannaCry"-Attacken – SPIEGEL ONLINE – Netzwelt". Der Spiegel. Retrieved 14 May 2017.

  • Shieber, Jonathan. "Companies, governments brace for a second round of cyberattacks in WannaCry's wake". TechCrunch. Retrieved 14 May 2017.

  • Chan, Sewell; Scott, Mark (14 May 2017). "Cyberattack's Impact Could Worsen in 'Second Wave' of Ransomware". The New York Times. Retrieved 14 May 2017.

  • "Warning: Blockbuster 'WannaCry' malware could just be getting started". NBC News. Retrieved 14 May 2017.

  • "NSA-leaking Shadow Brokers just dumped its most damaging release yet". Ars Technica. Retrieved 15 April 2017.

  • Fox-Brewster, Thomas (16 February 2015). "Equation = NSA? Researchers Uncloak Huge 'American Cyber Arsenal'". Forbes. Retrieved 24 November 2015.

  • "Latest Shadow Brokers dump – owning SWIFT Alliance Access, Cisco and Windows". Medium. 14 April 2017. Retrieved 15 April 2017.

  • "Dona Sarkar on Twitter".


  • Goodin, Dan. ">10,000 Windows computers may be infected by advanced NSA backdoor". ARS Technica. Retrieved 14 May 2017.

  • Goodin, Dan. "NSA backdoor detected on >55,000 Windows boxes can now be remotely removed". ARS Technica. Retrieved 14 May 2017.

  • Broersma, Matthew. "NSA Malware 'Infects Nearly 200,000 Systems'". Silicon. Retrieved 14 May 2017.

  • Cameron, Dell (13 May 2017). "Today's Massive Ransomware Attack Was Mostly Preventable; Here's How To Avoid It". Gizmodo. Retrieved 15 May 2017.

  • "How One Simple Trick Just Put Out That Huge Ransomware Fire". Forbes. 24 April 2017. Retrieved 15 May 2017.

  • "Cyber-attack: Europol says it was unprecedented in scale". BBC. 13 May 2017.

  • Newman, Lily Hay. "The Ransomware Meltdown Experts Warned About Is Here". Wired. Retrieved 13 May 2017.

  • Goodin, Dan. "An NSA-derived ransomware worm is shutting down computers worldwide". ARS Technica. Retrieved 14 May 2017.

  • "Russian-linked cyber gang blamed for NHS computer hack using bug stolen from US spy agency". The Telegraph. Retrieved 12 May 2017.

  • "What you need to know about the WannaCry Ransomware". Symantec Security Response. Retrieved 14 May 2017.

  • Bilefsky, Dan; Perlroth, Nicole (12 May 2017). "Hackers Hit Dozens of Countries Exploiting Stolen N.S.A. Tool". The New York Times. ISSN 0362-4331. Retrieved 12 May 2017.

  • Clark, Zammis. "The worm that spreads WanaCrypt0r". Malwarebytes Labs. Retrieved 13 May 2017.

  • Samani, Raj. "An Analysis of the WANNACRY Ransomware outbreak". McAfee. Retrieved 13 May 2017.

  • Thomas, Andrea; Grove, Thomas; Gross, Jenny (13 May 2017). "More Cyberattack Victims Emerge as Agencies Search for Clues". The Wall Street Journal. ISSN 0099-9660. Retrieved 14 May 2017.

  • "WannaCry Ransomware Attack Hits Victims With Microsoft SMB Exploit". eWeek. Retrieved 13 May 2017.

  • "WannaCry: BSI ruft Betroffene auf, Infektionen zu melden" (in German). heise online. Retrieved 14 May 2017.

  • "NHS Hospitals Are Running Thousands of Computers on Unsupported Windows XP". Motherboard. Retrieved 13 May 2017.

  • "Windows XP End of Support". Microsoft. Retrieved 13 May 2017.

  • Collins, Keith. "Watch as these bitcoin wallets receive ransomware payments from the global cyberattack". Quartz. Retrieved 14 May 2017.

  • "Bitcoin Address 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw". Retrieved 2017-05-15.

  • "Bitcoin Address 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94". Retrieved 2017-05-15.

  • "Bitcoin Address 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn". Retrieved 2017-05-15.

  • "WannaCry — New Variants Detected!".

  • "Global cyberattack strikes dozens of countries, cripples U.K. hospitals". CBS News. Retrieved 13 May 2017.

  • Ungoed-Thomas, Jon; Henry, Robin; Gadher, Dipesh (14 May 2017). "Cyber-attack guides promoted on YouTube". The Sunday Times. Retrieved 14 May 2017.

  • Wong, Julia Carrie; Solon, Olivia (12 May 2017). "Massive ransomware cyber-attack hits 74 countries around the world". The Guardian. London. Retrieved 12 May 2017.

  • Sharman, Jon (13 May 2017). "Cyber-attack that crippled NHS systems hits Nissan car factory in Sunderland and Renault in France". The Independent. Retrieved 13 May 2017.

  • Rosemain, Mathieu; Le Guernigou, Yann; Davey, James (13 May 2017). "Renault stops production at several plants after ransomware cyber attack as Nissan also hacked". Daily Mirror. Retrieved 13 May 2017.

  • "Lucky break slows global cyberattack; what's coming could be worse". Chicago Tribune. Retrieved 14 May 2017.

  • Helmore, Edward (13 May 2017). "Ransomware attack reveals breakdown in US intelligence protocols, expert says". The Guardian. Retrieved 14 May 2017.

  • "The Latest: Researcher who helped halt cyberattack applauded". Star Tribune. Retrieved 14 May 2017.

  • "Wannacry ATM Attack". ManoramaOnline (in Malayalam). 15 May 2017. Retrieved 15 May 2017.

  • "WannaCry no Brasil e no mundo". O Povo (in Portuguese). 13 May 2017. Retrieved 13 May 2017.

  • "Ontario health ministry on high alert amid global cyberattack". Toronto Star.

  • Mimi Lau (14 May 2017). "Chinese police and petrol stations hit by ransomware attack". South China Morning Post. Retrieved 15 May 2017.

  • "Global cyber attack: A look at some prominent victims" (in Spanish). 13 May 2017. Retrieved 14 May 2017.

  • "Instituto Nacional de Salud, entre víctimas de ciberataque mundial". El Tiempo (in Spanish). 13 May 2017.

  • "France's Renault hit in worldwide 'ransomware' cyber attack" (in Spanish). France 24. 13 May 2017. Retrieved 13 May 2017.

  • "Weltweite Cyberattacke trifft Computer der Deutschen Bahn". Frankfurter Allgemeine Zeitung (in German). 13 May 2017. Retrieved 13 May 2017.

  • Balogh, Csaba (12 May 2017). "Ideért a baj: Magyarországra is elért az óriási kibertámadás". HVG (in Hungarian). Retrieved 13 May 2017.

  • "Andhra police computers hit by cyberattack". The Times of India. 13 May 2017. Retrieved 13 May 2017.

  • "Il virus Wannacry arrivato a Milano: colpiti computer dell'università Bicocca". la Repubblica (in Italian). 12 May 2017. Retrieved 13 May 2017.

  • "Parkeerbedrijf Q-Park getroffen door ransomware-aanval". (in Dutch). 13 May 2017. Retrieved 14 May 2017.

  • "PT Portugal alvo de ataque informático internacional". Observador (in Portuguese). 12 May 2017. Retrieved 13 May 2017.

  • "Atacul cibernetic global a afectat și Uzina Dacia de la Mioveni. Renault a anunțat că a oprit producția și în Franța". Pro TV (in Romanian). 13 May 2017.

  • "UPDATE. Atac cibernetic la MAE. Cine sunt hackerii de elită care au falsificat o adresă NATO". Libertatea (in Romanian). 12 May 2017.

  • "Massive cyber attack creates chaos around the world". Retrieved 13 May 2017.

  • "Researcher 'accidentally' stops spread of unprecedented global cyberattack". ABC News. Retrieved 13 May 2017.

  • "Компьютеры РЖД подверглись хакерской атаке и заражены вирусом". Radio Free Europe/Radio Liberty. Retrieved 13 May 2017.

  • "LATAM Airlines también está alerta por ataque informático". Fayerwayer. Retrieved 13 May 2017.

  • "Hackerský útok zasiahol aj Fakultnú nemocnicu v Nitre". (in Slovak). 15 May 2017. Retrieved 15 May 2017.

  • "Un ataque informático masivo con 'ransomware' afecta a medio mundo" (in Spanish). 12 May 2017. Retrieved 13 May 2017.

  • "Timrå kommun drabbat av utpressningsattack" (in Swedish). Sveriges Television. 13 May 2017. Retrieved 15 May 2017.

  • "เซิร์ฟเวอร์เกม Blade & Soul ของ Garena ประเทศไทยถูก WannaCrypt โจมตี" (in Thai). 13 May 2017. Retrieved 14 May 2017.

  • "Cyber-attack that crippled NHS systems hits Nissan car factory in Sunderland and Renault in France". The Independent. 13 May 2017. Retrieved 13 May 2017.

  • "What is Wannacry and how can it be stopped?". Financial Times. 12 May 2017. Retrieved 13 May 2017.

  • Amjad Shacker [AmjadShacker] (14 May 2017). "⁥⁥" (Tweet) – via Twitter.

  • "Korean gov't computers safe from WannaCry attack". The Korea Herald. Retrieved 15 May 2017.

  • "日立製作所 サイバー攻撃で社内システム一部に障害". NHK News Web (in Japanese). 15 May 2017. Retrieved 15 May 2017.

  • "Ransomware WannaCry Surfaces In Kerala, Bengal: 10 Facts". New Delhi Television Limited (NDTV). Retrieved 15 May 2017.

  • "Ransomware WannaCry Surfaces In Kerala, Bengal: 10 Facts". New Delhi Television Limited (NDTV). Retrieved 15 May 2017.

  • MalwareTech (13 May 2017). "How to Accidentally Stop a Global Cyber Attacks".

  • "Government under pressure after NHS crippled in global cyber attack as weekend of chaos looms". The Telegraph. 12 May 2017.

  • Thomson, Iain (13 May 2017). "74 countries hit by NSA-powered WannaCrypt ransomware backdoor: Emergency fixes emitted by Microsoft for WinXP+". The Register.

  • Francisco, Nadia Khomami Olivia Solon in San (13 May 2017). "'Accidental hero' halts ransomware attack and warns: this is not over". The Guardian.

  • Newman, Lily Hay. "How an Accidental 'Kill Switch' Slowed Friday's Massive Ransomware Attack". Wired Security. Retrieved 14 May 2017.

  • Solon, Olivia (13 May 2017). "'Accidental hero' finds kill switch to stop spread of ransomware cyber-attack". The Guardian. London. Retrieved 13 May 2017.

  • Foxx, Chris (13 May 2017). "Global cyber-attack: Security blogger halts ransomware 'by accident'". BBC. Retrieved 13 May 2017.

  • Kan, Micael. "A 'kill switch' is slowing the spread of WannaCry ransomware". PC World. Retrieved 13 May 2017.

  • McCausland, Phil; Petulla, Sam. "After Huge Global Cyberattack, Countries Scramble to Halt Spread of Ransomware". NBC News. Retrieved 14 May 2017.

  • "Customer Guidance for WannaCrypt attacks".

  • Wong, Julia Carrie; Solon, Olivia (12 May 2017). "Massive ransomware cyber-attack hits 74 countries around the world". The Guardian. Retrieved 12 May 2017.

  • Heintz, Sylvia Hui, Allen G. Breed and Jim. "Lucky break slows global cyberattack; what's coming could be worse". Chicago Tribune. Retrieved 14 May 2017.

  • "Ransomware attack 'like having a Tomahawk missile stolen', says Microsoft boss". The Guardian. 14 May 2017. Retrieved 15 May 2017.

  • Smith, Brad. "The need for urgent collective action to keep people safe online". Microsoft. Retrieved 14 May 2017.

  • "WannaCry: What is ransomware and how to avoid it". Al Jazeera. Retrieved 14 May 2017.

  • Smith-Spark, Laura; Veselinovic, Milena; McGann, Hilary. "UK prime minister: Ransomware attack is global". CNN. Retrieved 13 May 2017.

  • "The ransomware attack is all about the insufficient funding of the NHS". The Guardian. 13 May 2017. Retrieved 14 May 2017.

  • "Jeremy Hunt 'ignored warning signs' before cyber-attack hit NHS". The Guardian. 13 May 2017. Retrieved 14 May 2017.

  • "Ransomware: Latest NCSC Guidance". National Cyber Security Centre. GCHQ. 14 May 2017. Retrieved 15 May 2017.

    No comments: