() A major hack is affecting businesses, governments, banks, and at least one airport and hospital system around the world — and the NSA may be to blame.
The attack, which freezes computer screens and demands a ransom from the victim to restore access, has hit Ukraine the hardest, as the Independentreported Tuesday:
“Ukraine’s national bank, state power company and largest airport are among the targets of a huge cyber attack on government infrastructure.”
Russia, Europe, and to a lesser extent, the United States and other countries have been affected. Outfits in Brazil, India, Estonia, Belarus, and the Netherlands were subject to attacks, though according to Costin Raiu, director of global research efforts at Kaspersky Labs, an Internet security firm, attacks in these countries and the U.S. made up less than one percent of all victims.
“The attack was reportedly affecting websites in Great Britain, Norway and India, as well, and at least one major U.S. company said it was affected. The New Jersey-based pharmaceutical company Merck confirmed that its computer network was compromised as part of what it called a ‘global hack,’ and said it was investigating.”
Further, Maersk, a massive shipping and logistics company based in Denmark, was also hit.
The global attack has been compared to the WannaCry attack last month, a hack that was directly traced back to the NSA’s hacking tool, EternalBlue, which was exposed in a leak from the hacking group Shadow Brokers. As Politicoexplained:
“[L]ike WannaCry, this new malware demands that victims pay a ransom using the digital currency Bitcoin before their files can be unlocked. As of Tuesday evening, 32 victims had a ransom, with the number steadily climbing.
“Unlike WannaCry, however, the rapidly spreading malware does not merely encrypt files as part of its ransom scheme. Rather, it changes critical system files so that the computer becomes unresponsive, according to John Miller, a senior manager for analysis at the security firm FireEye, which reviewed the malware.”
Though the current attack has been referred to as a Petya ransomware hack, Kaspersky believes it is actually a variant of EternalBlue.
As the Washington Post reported in May amid the WannaCry crisis:
“When the National Security Agency began using a new hacking tool called EternalBlue, those entrusted with deploying it marveled at both its uncommon power and the widespread havoc it could wreak if it ever got loose.
“Some officials even discussed whether the flaw was so dangerous they should reveal it to Microsoft, the company whose software the government was exploiting, according to former NSA employees who spoke on the condition of anonymity given the sensitivity of the issue.”
But the NSA kept this vulnerability a secret for more than five years, and as the Post noted in May:
“The malicious code at the heart of the WannaCry virus that hit computer systems globally late last week was apparently stolen from the NSA, repackaged by cybercriminals and unleashed on the world for a cyberattack that now ranks as among the most disruptive in history.”
It now appears the current attack is using abilities provided by the same leaked tools. Though and the reported that the hack is rooted in Petya ransomware and some experts believe Petya is the source, other outlets and cyber security experts believe it is traceable to EternalBlue. As ABC News reported:
“Like the WannaCry attack in May, today’s ransomware appears to be using the hacking tools EternalBlue and DoublePulsar developed by the U.S. National Security Agency and leaked to the public by The Shadow Brokers hacker group.”
“What makes the rapid escalation of Petya both surprising and alarming is its similarity to the recent worldwide WannaCry ransomware crisis, primarily in its use of NSA exploit EternalBlue to spread through networks.
“‘It is definitely using EternalBlue to spread,’ says Fabian Wosar, a security researcher at the defense firm Emsisoft, which specializes in malware and ransomware. ‘I confirm, this is a WannaCry situation,’ Matthieu Suiche, the founder of security firm Comae Technologies, on Twitter.”
Nicole Perlroth, a cybersecurity expert at the New York Times, tweeted that “This ransomware is WannaCry on crack, using Eternal Blue and can spread via PSEXEC, meaning MS-17 patched machines are also vulnerable.”
This ransomware is Wannacry on crack, using Eternal Blue and can spread via PSEXEC, meaning MS-17 patched machines are also vulnerable.
“Time to wonder when the U.S. government is going to even acknowledge that it’s the NSA’s hoarded exploits taking us down,” she also tweeted.
Time to wonder when the U.S. government is going to even acknowledge that its the NSA’s hoarded exploits taking us down.
Upon news that Heritage Valley Health Systems in Pennsylvania appeared to be a victim of the hack, NSA whistleblower Edward Snowden tweeted about the spy agency’s culpability.
“Looks like the first US Hospital system shut down by today’s -enabled ransomware disaster,” he said.
In another tweet, he commented on the NSA’s responsibility. “Listen, people can disagree on surveillance. But when ‘s focus on offense over defense shuts down US hospitals, it’s time to act,” he said.
Listen, people can disagree on surveillance. But when @NSAGov’s focus on offense over defense shuts down US hospitals, it’s time to act. https://t.co/4LL0CHFKOO
If it turns out EternalBlue is behind the current attack, it wouldn’t be particularly surprising. “Digital security specialists say hackers have…been working to tweak the WannaCry malware, potentially allowing it to skirt the digital defenses that helped stall the global assault,”Politicoreported. “WannaCry was powered by a variant of apparent NSA cyber weapons that were dumped online, raising questions about whether the secretive hacking agency should be sitting on such powerful tools.”
If these cybersecurity experts are correct, and EternalBlue is behind the massive attack this week, it appears the NSA has once again failed to fulfill its responsibilities to provide security and protect civil liberties.
As the Washington Post observed amid the WannaCry attack:
“The failure to keep EternalBlue out of the hands of criminals and other adversaries casts the NSA’s decisions in a harsh new light, prompting critics to question anew whether the agency can be trusted to develop and protect such potent hacking tools.”