No current indication Israel was hit in global cyberattack, official says
search

No current indication Israel was hit in global cyberattack, official says

Head of National Cyber Authority says picture will become clearer after Sabbath, when many networks come back online

A woman points to the website of the NHS: East and North Hertfordshire notifying users of a problem in its network, in London on May 12, 2017. (AFP PHOTO / Daniel LEAL-OLIVAS)
A woman points to the website of the NHS: East and North Hertfordshire notifying users of a problem in its network, in London on May 12, 2017. (AFP PHOTO / Daniel LEAL-OLIVAS)

There is no evidence so far that Israel fell victim to the global cyberattack that has hit over 70 countries, the nation’s top cyber security official said Saturday.

Baruch Carmeli, the head of the National Cyber Authority, said in a statement that there was “no indication” that Israeli bodies and companies had been compromised in the massive electronic assault.

Carmeli noted, however, that many of the country’s computer networks were currently inactive due to the Sabbath, and thus a definite assessment could only be made Sunday. “We are preparing,” he noted.

He added that the authority was in contact with cyber officials in Israel and around the world in order to minimize any potential damage.

Meanwhile Energy Minister Yuval Steinitz announced an increased state of alert throughout Israel’s energy and water infrastructure.

Baruch Carmeli, Head of National Cyber Authority, attends a meeting of the Conference of Presidents of Major American Jewish Organizations at the Inbal Hotel in Jerusalem, on February 20, 2017. (Yonatan Sindel/Flash90)
Baruch Carmeli, Head of National Cyber Authority, attends a meeting of the Conference of Presidents of Major American Jewish Organizations at the Inbal Hotel in Jerusalem, on February 20, 2017. (Yonatan Sindel/Flash90)

Maps released by several security firms had earlier marked Israel as one of the countries which had fallen victim to the attack — although on a low scale. Carmeli’s statement appeared to refute this.

The extortion attack, which locked up computers and held users’ files for ransom, was believed the biggest of its kind ever recorded, disrupting services from the US to Russia, the UK, Spain and India. It appeared to exploit a vulnerability purportedly identified for use by the US National Security Agency and later leaked to the internet.

Britain’s National Cyber Security Center said Saturday teams were working “round the clock” to restore hospital computer systems after the attack forced British hospitals to cancel and delay treatment for patients. In Russia, where a wide array of systems came under attack, officials said services had been restored or the virus contained.

Two security firms — Kaspersky Lab and Avast — said they had identified the malicious software behind the attack in upward of 70 countries, although both said the attack has hit Russia hardest.

The Russian Interior Ministry, which runs the country’s police, confirmed it was among those that fell victim to the “ransomware,” which typically flashes a message demanding payment to release the user’s data. Spokeswoman Irina Volk was quoted by the Interfax news agency Saturday as saying the problem had been “localized” and that no information was compromised.

A spokesman for the Russian Health Ministry, Nikita Odintsov, said on Twitter that the cyber attacks on his ministry were “effectively repelled.” The national railway system said that although it was attacked, rail network operations were unaffected.

British Home Secretary Amber Rudd said Saturday that 45 public health organizations were hit, but she stressed that no patient data had been stolen. The attack froze computers at hospitals across the country, with some canceling all routine procedures. Patients were asked not to come to hospitals unless it was an emergency.

British media had reported last year that most public health organizations were using an outdated version of Microsoft Windows that was not equipped with security updates.

Elsewhere in Europe, the attack hit companies including Spain’s Telefonica, a global broadband and telecommunications company.

Germany’s national railway said Saturday that departure and arrival display screens at its stations were affected, but there was no impact on actual train services. Deutsche Bahn said it deployed extra staff to busy stations to provide customer information, and recommended that passengers check its website or app for information on their connections.

Other European organizations hit included football clubs in Norway and Sweden, with IF Odd, a 132-year-old Norwegian football club, saying its online ticketing facility was down.

The US Department of Homeland Security’s computer emergency response team said it was aware of ransomware infections “in several countries around the world.”

Jakub Kroustek of the security firm Avast said in a blog post update around 2000 GMT Friday, “We are now seeing more than 75,000 detections… in 99 countries.”

Kaspersky researcher Costin Raiu cited 45,000 attacks in 74 countries, saying that the malware, a self-replicating “worm,” was spreading quickly.

In a statement, Kaspersky Labs said it was “trying to determine whether it is possible to decrypt data locked in the attack — with the aim of developing a decryption tool as soon as possible.”

Pictures posted on social media showed screens of NHS computers with images demanding payment of $300 (275 euros) in bitcoin, saying: “Ooops, your files have been encrypted!”

This image provided by the Twitter page of @fendifille shows a computer at Greater Preston CCG as Britain's National Health Service is investigating 'an issue with IT' on Friday May 12, 2017. (@fendifille via AP)
This image provided by the Twitter page of @fendifille shows a computer at Greater Preston CCG as Britain’s National Health Service is investigating ‘an issue with IT’ on Friday May 12, 2017. (@fendifille via AP)

It demands payment in three days or the price is doubled, and if none is received in seven days, the files will be deleted, according to the screen message.

A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the NSA, Kaspersky said.

Although Microsoft released a security patch for the flaw earlier this year, many systems have yet to be updated, researchers said.

“Unlike most other attacks, this malware is spreading primarily by direct infection from machine to machine on local networks, rather than purely by email,” Lance Cottrell, chief scientist at the US technology group Ntrepid.

“The ransomware can spread without anyone opening an email or clicking on a link.”

read more:
comments