Putin points finger at U.S. intel as cyberattacks ease but threat of repeat looms

15 May


The world’s biggest ransomware attack leveled off on Monday after wreaking havoc in 150 countries and causing political acrimony, with Russian President Vladimir Putin blaming U.S. intelligence services.

The indiscriminate attack struck hundreds of thousands of computers worldwide Friday by exploiting known vulnerabilities in older Microsoft computer operating systems.

Microsoft’s president and chief legal officer Brad Smith said the U.S. National Security Agency developed the original code used in the attack, which later leaked in a document dump.

The admission was leaped on by Putin.

“Microsoft’s leadership stated this directly, they said the source of the virus was the special services of the United States,” the Russian leader said on the sidelines of a summit in Beijing.

“A genie let out of a bottle of this kind, especially created by secret services, can then cause damage to its authors and creators.”

Russia has recently been accused of cybermeddling in several countries, but Putin said they had nothing to do with the attack.

Tom Bossert, President Donald Trump’s top cyber and homeland security adviser, denied that the U.S. was to blame.

“This was not a tool developed by the NSA to hold ransom data,” he said, noting that no U.S. government systems had been hit.

“This is a global attack,” he added.

Microsoft’s Smith earlier said he hoped the attacks would serve as “a wake-up call,” warning governments against stockpiling code that could be misused if it fell into the wrong hands.

Vulnerabilities should be pointed out to manufacturers, he said.

“An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen,” Smith wrote.

There had been concern that Monday’s start of the working week would see an upsurge in attacks.

But the cross-border police agency Europol said the situation was “stable,” after attacks that struck computers in British hospital wards, European car factories and Russian banks.

“The number of victims appears not to have gone up,” a senior spokesman for Europol, Jan Op Gen Oorth, told AFP.

But according to Michel Van Den Berghe, director of telecom group Orange’s cybersecurity arm, a “second wave” is to be expected.

“Loads of people will use the original to generate variations … to re-create the panic and try to get some money for themselves,” he said.

U.S. package delivery giant FedEx, Spanish telecoms giant Telefonica and Germany’s Deutsche Bahn rail network were among those hit. The attackers demanded money to unblock their computers.

In China, “hundreds of thousands” of computers were affected, including petrol stations, cash machines and universities, according to Qihoo 360, one of the country’s largest providers of antivirus software.

Russia said its banking and railway systems were targeted.

A fifth of regional hospital associations in Britain’s National Health Service were affected and several still had to cancel appointments on Monday.

French carmaker Renault shut its Douai plant — one of its biggest sites, employing 5,500 people — on Monday as systems were upgraded.

The attack blocks computers and puts up images on victims’ screens demanding payment of $300 (€275) in the virtual currency bitcoin, saying: “Ooops, your files have been encrypted!”

Payment is demanded within three days or the price is doubled, and if none is received within seven days the locked files will be deleted, according to the screen message.

Bitcoin, the world’s most-used virtual currency, allows anonymous transactions via heavily encrypted codes.

Experts and governments alike warn against ceding to the demands and few victims so far had been paying up.

Security firm Digital Shadows said on Sunday that transactions totaling $32,000 had taken place through Bitcoin addresses used by the ransomware.

A hacking group called Shadow Brokers released the malware in April, claiming to have discovered the flaw from the NSA, according to researchers at the Moscow-based computer security firm Kaspersky Lab.

The attack is unique, according to Europol, because it combines ransomware with a worm function, meaning once one machine is infected, the entire internal network is scanned and other vulnerable machines are infected.

Although the economic fallout is still unknown, the political fallout “will be significant” according to the Eurasia consultancy.

As well as Russia, China and India have blamed the U.S. government for developing the original code.

It also predicted a review in the United States about when to inform software vendors of vulnerabilities in their systems and increased funding to ensure timely patches to protect computer systems.

No comments yet

Leave a Reply