The seals of the U.S. Cyber Command, the National Security Agency and the Central Security Service are pictured outside the campus the three organizations share in Fort Meade, Maryland. | Getty
By Eric Geller
06/27/2017 12:16 PM EDT
Updated 06/27/2017 05:49 PM EDT
A potent ransomware attack has gripped organizations around the world for the second time in less than two months.
And like the first outbreak in mid-May which claimed hundreds of thousands victims in a game-changing cyberattack Tuesday's outburst is spreading via a Microsoft flaw originally exposed in a leak of apparent NSA hacking tools.
Story Continued Below
The latest malicious software battered companies in Russia, Ukraine and many other countries in Europe, according to cybersecurity researchers, sending law enforcement officials scrambling and sparking fears about how the world would contain the outbreak of the malware, which locks up computer systems and demands ransom payments.
While the U.S. has been largely unscathed to this point, major multinational energy, shipping, banking, pharmaceutical and law firms, as well as government agencies, have confirmed they are fighting off cyberattacks.
Security firm Kaspersky Lab estimated it had seen 2,000 victims, and counting, throughout the day. While the estimate is significantly lower than the massive numbers tied to May's attack which relied on malware dubbed WannaCry some researchers noted technical details of the new malware that might make it harder to kill.
Researchers have also not yet linked the latest attack to any specific hacking group or nation-state, unlike May's digital ambush, which technical specialists and reportedly intelligence officials in the U.S. and U.K. traced to North Korean-backed hackers.
But security specialists have been warning for weeks that the recent WannaCry ransomware virus was only the beginning of these fast-spreading digital sieges.
WannaCry was powered by a variant of apparent NSA cyber weapons that were dumped online, raising questions about whether the secretive hacking agency should sit on such powerful tools instead of alerting companies like Microsoft to the deficiencies in their software.
Experts say hackers have likely been working to tweak the WannaCry malware, potentially allowing new versions to skirt the digital defenses that helped stall the first global assault.
Sign up for POLITICO Playbook and get the latest news, every morning in your inbox.
By signing up you agree to receive email newsletters or alerts from POLITICO. You can unsubscribe at any time.
Indeed, the virus that proliferated Tuesday shares many similarities with WannaCry, but contains some striking differences.
For starters, Tuesday's virus proliferated using the same Microsoft Windows flaw as WannaCry, according to digital security firms Symantec and Bitdefender Labs. But researchers noted the malware is also capable of hopping around using multiple Microsoft flaws, not just the most famous one exposed in the online dump of the purported NSA cyber weapons.
Additionally, like WannaCry, this new malware demands that victims pay a ransom using the digital currency Bitcoin before their files can be unlocked. As of Tuesday evening, 32 victims had paid a ransom, with the number steadily climbing.
Unlike WannaCry, however, the rapidly spreading malware does not merely encrypt files as part of its ransom scheme. Rather, it changes critical system files so that the computer becomes unresponsive, according to John Miller, a senior manager for analysis at the security firm FireEye, which reviewed the malware.
Some researchers identified the infection as a novel variation of the so-called Petya malware, which has been around since 2016. But researchers at Kaspersky believe it is a totally new strain they are dubbing ExPetr.
A sample of the malware initially went undetected by nearly all antivirus software.
The digital weapon cloaks itself as a file that Microsoft has already approved as safe, helping it avoid detection, Costin Raiu, director of global research efforts at Kaspersky, said on Twitter.
The malware was written on June 18, according to a sample that Kaspersky has analyzed.
Most of the infections on Tuesday were in Ukraine, with Russia the next hardest hit, according to Kasperskys analysis. Russia was also a major victim during the WannaCry outbreak. Raiu told POLITICO that Belarus, Brazil, Estonia, the Netherlands, Turkey and the United States were also affected, but that those countries accounted for less than 1 percent of all victims.
A Department of Homeland Security spokesman said the agency was "monitoring reports" of the ransomware campaign and coordinating with international authorities.
Researchers suspect that Ukraine became the nexus of the outburst after companies using a popular tax program unknowingly downloaded an update that contained the ransomware. From there, the virus could have spread beyond those companies using various flaws in Windows.
The ransomware eruption may be responsible for several major cyber incidents that began Tuesday.
The global shipping and logistics firm Maersk which is based in Denmark confirmed that it was dealing with a intrusion affecting "multiple sites and business units." And the Russian oil company Rosneft said it was responding to "a massive hacker attack."
Ukraine's central bank and its capital city's main airport also said they were dealing with cyberattacks. The virus appeared to be hitting the country's government computers as well.
The cyberattack also forced the Ukraine-based Chernobyl nuclear power plant to revert to manual radiation monitoring, according to a Ukrainian journalist citing the country's state news service.
Elsewhere, the German pharmaceutical giant Merck said its network was compromised in the outbreak and that it was still investigating the incident.
A daily briefing on politics and cybersecurity weekday mornings, in your inbox.
By signing up you agree to receive email newsletters or alerts from POLITICO. You can unsubscribe at any time.
But the U.S. has been largely spared so far.
The American Gas Association said in a statement that no U.S. natural gas utilities have reported infections.
However, in Pennsylvania, the Heritage Valley Health System which operates two hospitals and 60 physician offices said it was grappling with a cyberattack. The incident is widespread and is affecting the entire health system, said spokeswoman Suzanne Sakson.
Multinational law firm DLA Piper was also experiencing computer and phone outages in multiple offices, including in Washington, D.C. The company did not respond to a request for comment.
But a photo shared with POLITICO showed a sign outside the firm's Washington office that read, "All network services are down, do not turn on your computers! Please remove all laptops from docking stations and keep turned off. No exceptions."
DLA Pipers secure document storage system for clients also went down, though the firm may have done that as a precaution. A bit stressed at moment as I am unsure if our docs there are safe, one client told POLITICO.
Tim Starks contributed to this report.
Missing out on the latest scoops? Sign up for POLITICO Playbook and get the latest news, every morning in your inbox.
Original post:
NSA-linked tools help power second global ransomware outbreak - Politico
- WikiLeaks' Julian Assange: NSA critics got lucky because agency had no PR strategy - April 26th, 2014 [April 26th, 2014]
- National Speakers Association New Jersey Chapter NSA - April 26th, 2014 [April 26th, 2014]
- National Security Agency - Wikipedia, the free encyclopedia - April 26th, 2014 [April 26th, 2014]
- NSA - Satu Hari Di Bulan Juni (TULUS) (COVER) - Video - April 26th, 2014 [April 26th, 2014]
- Hong Kong: Protesters blow whistles for NSA whistle blower - Video - April 26th, 2014 [April 26th, 2014]
- An Inside Look at the NSA With Whistleblower William Binney (Part 2 of 2) - Video - April 26th, 2014 [April 26th, 2014]
- UK: China will offer fig leaves to US exposed by NSA leaker - Assange - Video - April 26th, 2014 [April 26th, 2014]
- NSA ~ (Autodidactism) Whistleblowing - Video - April 27th, 2014 [April 27th, 2014]
- Dropping #NSA Knowledge Like a Clumsy Librarian - Video - April 27th, 2014 [April 27th, 2014]
- Full Show: Disband The NSA or; Corruption in the Capitol FO SHIZZLE {aTV002} - Video - April 27th, 2014 [April 27th, 2014]
- NSA DOCUMENTARY SIX YEARS BEFORE SNOWDEN - Video - April 27th, 2014 [April 27th, 2014]
- ShmooCon 2014: The NSA: Capabilities and Countermeasures - Video - April 27th, 2014 [April 27th, 2014]
- NSA Knew Of Heartbleed Bug, Refused To Protect Americans - Video - April 27th, 2014 [April 27th, 2014]
- Former NSA Head To Become Columnist For Conservative Paper To Discuss Intelligence - Video - April 27th, 2014 [April 27th, 2014]
- An Inside Look at the NSA With Whistleblower William Binney (Part 1 of 2) - Video - April 27th, 2014 [April 27th, 2014]
- Keynote Address by Shri Shivshankar Menon, NSA at International Seminar on Kautilya - Video - April 27th, 2014 [April 27th, 2014]
- NSA Wiretapping: A 4th Amendment Violation?: Blake Norvell at TEDxSMU - Video - April 27th, 2014 [April 27th, 2014]
- Hang with Rand: Email Privacy, NSA Spying, and Defending Our Civil Liberties - Video - April 27th, 2014 [April 27th, 2014]
- NSA Surveillance and What To Do About It - Bruce Schneier - Video - April 27th, 2014 [April 27th, 2014]
- READER SUBMITTED: NSA CT April 2014 Meeting - April 28th, 2014 [April 28th, 2014]
- MVI 1847 Obama's NSA Denies FOIA About MH 370! - Video - April 28th, 2014 [April 28th, 2014]
- George Galloway's Sputnik: Ewen MacAskill on Guardian / Edward Snowden NSA leaks (26Apr14) - Video - April 28th, 2014 [April 28th, 2014]
- CIA & NSA DIRECTED ENERGY WEAPON ATTACK ON WHISTLE BLOWER - Video - April 28th, 2014 [April 28th, 2014]
- Book TV - 2014 San Antonio Book Festival: Panel on the NSA, Big Brother, and Democracy - Video - April 28th, 2014 [April 28th, 2014]
- NSA Throwdown: John Oliver v. 60 Minutes - April 29th, 2014 [April 29th, 2014]
- NSA will sit on security vulnerabilities because of terrorism - April 29th, 2014 [April 29th, 2014]
- New water records show NSA Utah Data Center likely behind schedule - April 29th, 2014 [April 29th, 2014]
- MVI 1871 NSA Might Be OnTo Me! - Video - April 29th, 2014 [April 29th, 2014]
- ZyXEL NSA 325 v2 Hands On - Deutsch / German notebooksbilliger.de - Video - April 29th, 2014 [April 29th, 2014]
- German opposition says US should destroy Merkel's NSA file - Video - April 29th, 2014 [April 29th, 2014]
- Germany: NSA spying "unacceptable" says SPD - Video - April 29th, 2014 [April 29th, 2014]
- NSA Surveillance 2 - Video - April 29th, 2014 [April 29th, 2014]
- NSA Surveillance Panel 1 - Video - April 29th, 2014 [April 29th, 2014]
- Chalk Talk How Snowden Breached NSA Security - Video - April 29th, 2014 [April 29th, 2014]
- NSA reveals some cyber security flaws are left secret - April 30th, 2014 [April 30th, 2014]
- NSA data center uses less water than expected - April 30th, 2014 [April 30th, 2014]
- April 2014 Breaking News Do you use Google or Yahoo? NSA Intercepts Google And Yahoo Traffic - Video - April 30th, 2014 [April 30th, 2014]
- Supreme Court could weigh in on NSA case, justice says - May 1st, 2014 [May 1st, 2014]
- New NSA chief: Agency has lost trust - May 1st, 2014 [May 1st, 2014]
- NSA on Heartbleed: 'We're not legally allowed to lie to you' - May 1st, 2014 [May 1st, 2014]
- What's The NSA Doing Now? Training More Cyberwarriors - May 1st, 2014 [May 1st, 2014]
- Anonymous NSA - Video - May 1st, 2014 [May 1st, 2014]
- Cutting off H2O to the NSA - Video - May 1st, 2014 [May 1st, 2014]
- Brazil: Greenwald slams US media, shares tips to avoid NSA - Video - May 1st, 2014 [May 1st, 2014]
- NSA IS TRYINGG 2 KILL ME FAMS - Video - May 1st, 2014 [May 1st, 2014]
- What was more popular on Twitter, NSA, NRA or NBA..today? - Video - May 1st, 2014 [May 1st, 2014]
- CIS111: NSA Uncovered - Video - May 1st, 2014 [May 1st, 2014]
- Views from the Street on NSA Activities and Liberty (6/6) - Video - May 1st, 2014 [May 1st, 2014]
- Views from the Street on NSA Activities and Liberty (4/6) - Video - May 1st, 2014 [May 1st, 2014]
- Views from the Street on NSA Activities and Liberty (3/6) - Video - May 1st, 2014 [May 1st, 2014]
- Views from the Street on NSA Activities and Liberty (2/6) - Video - May 1st, 2014 [May 1st, 2014]
- Views from the Street on NSA Activities and Liberty (1/6) - Video - May 1st, 2014 [May 1st, 2014]
- Germany: NSA may have accidentally outed secret base - Video - May 1st, 2014 [May 1st, 2014]
- ZyXEL NSA 325 v2 Installations-Wizard - Deutsch / German notebooksbilliger.de - Video - May 1st, 2014 [May 1st, 2014]
- Tech firms to increase alerts about police requests for data -- report - May 2nd, 2014 [May 2nd, 2014]
- German Chancellor Angela Merkel visits US, after the NSA eavesdropping scandal - Video - May 2nd, 2014 [May 2nd, 2014]
- NSA spies on more US citizens than Russians Snowden - May 3rd, 2014 [May 3rd, 2014]
- THE NEXT NSA?Police under scrutiny for using spying technology - May 3rd, 2014 [May 3rd, 2014]
- Ukraine and NSA will test Merkel - Video - May 3rd, 2014 [May 3rd, 2014]
- The Latest Attacks On NSA Whistleblower Edward Snowden - Kevin Gosztola Discusses - Video - May 3rd, 2014 [May 3rd, 2014]
- Still Report #246 - NSA Classifies MH370 Material - Video - May 4th, 2014 [May 4th, 2014]
- Code Talker Induction into NSA Hall of Honor - Video - May 4th, 2014 [May 4th, 2014]
- NSA ( National Security Agency ) refusal to release documents on UFO's - Video - May 4th, 2014 [May 4th, 2014]
- Obama & NSA Refuse FOIA Request on Malaysia Flight deemed classified - Video - May 4th, 2014 [May 4th, 2014]
- Kafkawinstons World`s Channel Terminated NSA is replacing Channel`s with Sockpuppet Channel`s - Video - May 4th, 2014 [May 4th, 2014]
- NSA Volunteer Justin Hall at the NSA Comedy Tour February 2014 - Video - May 4th, 2014 [May 4th, 2014]
- Barack Obama on NSA Surveillance I'd Be Concerned Too If I Wasn't in Government - Video - May 4th, 2014 [May 4th, 2014]
- GBPPR Vision #26: Overview of the NSA's TAWDRYYARD Radar Retro-Reflector - Video - May 4th, 2014 [May 4th, 2014]
- NSA proof phone Case - Video - May 5th, 2014 [May 5th, 2014]
- 2014 NSA 2014 Million Dollar Publisher's Lab - Video - May 5th, 2014 [May 5th, 2014]
- Gen. Michael Hayden - the Former Director of NSA and the CIA - Video - May 5th, 2014 [May 5th, 2014]
- REVEALED: Here's The Solution To That Encoded NSA Puzzle Tweet - May 5th, 2014 [May 5th, 2014]
- Michael Hayden's Unwitting Case Against Secret Surveillance - May 5th, 2014 [May 5th, 2014]
- NSA's Encrypted Tweet: We're Hiring Code Breakers - May 5th, 2014 [May 5th, 2014]
- Russ Tice: Life as a NSA Whistleblower - Video - May 5th, 2014 [May 5th, 2014]
- What Is Going on at NSA These Days - Video - May 5th, 2014 [May 5th, 2014]
- What is the Role of the NSA? AFF Dallas Debates - Video - May 5th, 2014 [May 5th, 2014]
- Edward Snowden said CIA , and NSA had 52. 6 Billion for black budget - Video - May 5th, 2014 [May 5th, 2014]
- NSA looks to appeal to young cryptographers through coded ads - May 6th, 2014 [May 6th, 2014]
- Code Cracked: Mysterious NSA Tweet Is Decrypted in Seconds - May 6th, 2014 [May 6th, 2014]