(source  :  pixabay.com)

BITCOIN - Last Friday, the hospital in the UK was made a mist by the ransomware malware attacks. The reason, the patient data in the computer systems become locked and inaccessible.

Medical activity was affected. The ambulance was diverted from several hospitals. Meanwhile, doctors participate in the interruption because the computer only raises messages from ransomware.

"We can not access the patient's record because everything is computerized," complained Emma Fardon, a doctor in Dundee. "We do not know what medication they're taking or what allergies they have, we can not access the visitation schedule system."

Ransomware known as "Wanna Decryptor" is attacking the 16 hospitals attached incorporated in the National Health Service (NHS) network in the UK.

The malicious program locks the data and hospital computer system with encryption, then asks for "ransom" of 300 US dollars in the form of Bitcoin which must be sent to a certain Bitcon wallet address.

If the victim wants to save his computer "hostage" ransomware Want decryption, then this ransom must be sent in a short time.

You only have 3 days to make the payment. After that period, the fee will double. If you do not pay within 7 days, your data will be lost forever, "the ransomware maker wrote in a message displayed on the victim's computer screen.

The Bitcoin is a cryptocurrency aka digital money that can be exchanged for real money. Bitcoin transactions can not be tracked so popular among the black world, including cyber attackers.

Global attacks

(source)

British Prime Minister Theresa May says the British government is now working with the NHS to investigate the Wanna Decryptor ransomware outbreak. National Cyber Security Center and Deparment of Health are involved. Meanwhile, patients are encouraged to continue to visit the hospital as usual.

Until Friday noon, Pacific time, cyber security firm Avast has recorded 75,000 Ways Decryptor infection cases in 99 countries.

Most infections occur in Tusia, Ukraine and Taiwan, but the ransomware also infects computers in other countries such as Britain, as well as the Spanish telecommunications company Telefonica. Its distribution also reaches Italy, Egypt, to the United States.

Cyber weapons

(source)

Wanna Decryptor is also known by some other names, including "WannaCry", "WannaCrypt0r", and "WCry". This malicious program is a derivative of the tool "cyber weapons" belonging to the US intelligence service, the NSA, which was stolen and leaked by a group of hackers named Shadow Broker, last April.

Because of that, NSA whistleblower Edward Snowden blamed the NSA for the ransomware attacks that hit the hospital system in the UK.

"If only @NSAGov had told us about a weakness that could be used to attack the hospital when it found it - not even when it lost its weapon - it would not happen," Snowden chirped

"NHS Digital is investigating the incident. In the NHS we have tried and tested a backup plan in order to keep providing services, "said the NHS.

So far there is no indication that patient data has been leaked ransomware. May explains that hospitals in Britain are only part of the Wife Decryptor victim who apparently launches attacks in different parts of the world simultaneously.

"This is a global attack, a number of countries and other organizations also affected," said May in a statement summarized KompasTekno from the BBC on Saturday (13/07/2017).

Kaspersky security firm explains that Wanna Decryptor infects the computer through remote code execution SMBv2 on Microsoft Windows operating system. Exploit coded the name "EternalBlue" it is leaked by the hacker group Shadow Broker.

Microsoft actually has released patches to patch the intended weakness. However, it seems that not all organizations or companies or hospitals have installed these patches on their own computer systems.

Markus Jakobsson, principal investigator of the Agari security firm, said that Wanna Decryptor attacks may not be targeted specifically at a particular organization, but are simply dispersed without specific targets.

Jakobsson's allegations are based on the requested ransom, which he calls "relatively small". "This is not an attack aimed at big institutions, but for anyone who is infected," he said, as KompasTekno summarizes from The Guardian. []