NEW YORK (AP) — The latest on the global extortion cyberattack that hit dozens of countries (all times local):
President Donald Trump’s homeland security adviser says that so far, no U.S. federal systems have been affected by the global cyberattack.
Tom Bossert says the U.S. government has been closely monitoring the attack, which has affected an estimated 300,000 machines in 150 countries. He noted a few U.S. businesses, including Fed Ex, were affected.
Computers across the world were locked up Friday and users’ files held for ransom when dozens of countries were hit in a cyber-extortion attack that targeted hospitals, companies and government agencies. Cybersecurity experts say the unknown hackers who launched the “ransomware” attacks used a hole in Microsoft software that was discovered by the National Security Agency and exposed when NSA documents were leaked online.
Neither the FBI or NSA would comment Monday.
Investigators looking to catch the perpetrators of the global “ransomware” attack will be looking for digital clues, including monitoring the bitcoin accounts used to collect ransom payments.
It’ll be tough, but not impossible.
Security experts say that bitcoin is often believed to be anonymous, but the transactions are highly traceable. What’s not known is who’s behind a particular account. But the bitcoin money often has to be converted into real-world currency at some point.
Steve Grobman of the security company McAfee says forensics experts will also be looking for clues in the structure of the malware, including how it was written and how it was run. He says the malware was sophisticated, helping to rule out pranksters and lower-level thieves.
The cyberattack that emerged Friday has paralyzed computers running factories, banks, government agencies and transport systems around the world.
(previously from LONDON)
Interpol’s cybercrime unit, based in Singapore, said it is working on information provided by the private Kaspersky Lab to assist investigations in the countries affected. Europol has said the same. But neither agency has actual enforcement capabilities, instead acting more as information clearinghouses and organizers in the complex world of international law enforcement, where police from different countries rarely have a language in common — and few speak the languages of computer programming.
Costin Raiu, head of Kaspersky’s global research and analysis, whose group has two analysts directly embedded with Interpol, said a main pitfall will be sharing intelligence in real time, and then being able to follow the accumulated evidence to a suspect. Raiu said investigators are scouring the Tor darknet to trace the command and control servers. The attackers are believed to be relatively new at the ransomware business, he said.
“The attack appears to be slowing down anyway. What we are afraid of are copycats,” he said.