57,000 Detections, 74 Countries Affected by Global Ransomware

 

Go here for more information on malware affections.

Further, US-CERT, by DHS has this information.

 

 

Older machines running XP do not appear to be affected. Meanwhile, about a month ago:

Microsoft responds to NSA’s Windows exploits, urges customers to upgrade to supported versions

Remember, this NSA vault toolkit was stolen, leaked and published by WikiLeaks, Julian Assange. In some cases, it could be a deadly threat to life considering the intrusions into hospitals. The other blame goes to the Russian cyber gang, ShadowBrokers.

Russian-linked cyber gang Shadow Brokers blamed for NHS computer hack 

Ransom message found on NHS computersCourtesy: TelegraphUK: Ransom message found on NHS computers

CyberScoop: Large organizations on every continent are being hit by a global campaign of ransomware attacks on Friday, unfortunately, average ransomware demand has increased significantly. Machines are being infected using exploits developed by the U.S. National Security Agency and leaked by the group known as ShadowBrokers, according to authorities.

More than 57,000 detections in 74 countries have been recorded. Russia appears to be the most infected country by far, according to cybersecurity firms Kaspersky and Avast.

The “number [is] still growing fast,” according to Costin Raiu, Kaspersky’s director of research.

Hospitals across England were forced to divert emergency patients, according to the National Health Service. Other hospitals are asking patients to avoid coming in except for emergencies, news reports said.

In Spain, victims including the telecommunications company Telefónica told employees to shut down machines and networks in an effort to stop the spread of the malware. Other victims include Gas Natural and Iberdrola, an electric utility firm.

The ransomware campaign is caused by “exploiting the vulnerability described in bulletin MS17-010 using EternalBlue / DoublePulsar,”Spain’s Computer Emergency Readiness Team explained on Friday. “Infection of a single computer can end up compromising the entire corporate network.”

EternalBlue and DoublePulsar are code names for NSA hacking tools used to infect thousands of machines around the world since the NSA tools leaked in April.

That description from Spanish authorities and the work of several researchers point directly to NSA tools hacked and leaked by ShadowBrokers. The patch that Microsoft published in March assigned the designation MS17-010 to the vulnerability.

A widespread “bloodbath” from criminals has been expected by experts since the leak.

The ransomware “infects the machine by encrypting all its files and, using a remote command execution vulnerability through SMB, is distributed to other Windows machines on the same network. Microsoft published the vulnerability on March 14 in its bulletin and a few days ago a proof of concept was released that seems to have been the trigger of the campaign.” SMB is Microsoft’s Server Message Block protocol for network file sharing.

The attacks in different countries have been linked to the same group, according to the Financial Times.

The U.S. Department of Homeland Security is “coordinating with our international cyber partners” in Europe and Asia, a spokesperson told CyberScoop. “The Department of Homeland Security stands ready to support any international or domestic partner’s request for assistance. We routinely provide cybersecurity assistance upon request, including technical analysis and support.  Information shared with DHS as part of these efforts, including whether a request has been made, is confidential.”

Security researcher Kevin Beaumont advised patching machines immediately:

** Kevin Beaumont?Verified account @GossiTheDog5h5 hours ago 

Confirmed – wcry ransomware spreading across Europe uses EternalBlue/MS17-010/SMB. PATCH NOW EVERYWHERE.

Spanish authorities confirmed the ransomware is a version of WannaCry (also known as WannaCrypt0r), according to the National Cryptology Center. In Spain, the newspaper El Mundo is reporting that “early indications point to an attack originating in China.”

“Given the rapid, prolific distribution of this ransomware, we consider this activity poses high risks that all organizations using potentially vulnerable Windows machines should address,” a spokesperson from the cybersecurity firm FireEye told CyberScoop. “Organizations seeking to take risk management steps related to this campaign can implement patching for the MS17-010 Microsoft Security bulletin and leverage the indicators of compromise identified as associated with this activity.”

FireEye has yet to see a U.S.-based company be affected by the ransomware worm.

An estimated 25 health facilities in London and across England have been hit, according to the NHS. St Bartholomew’s Hospital in London, one of the victims, received warnings earlier this year that computers using Windows XP were vulnerable, reported the technology news site the Inquirer. Increasingly, some infected hospitals are not accepting phone calls or internet communications. The Derbyshire Community Health Services NHS Trust has reportedly shut down all of its IT systems.

“At this stage we do not have any evidence that patient data has been accessed,” an NHS statement said. “We will continue to work with affected organizations to confirm this.”

East and North Hertfordshire NHS trust, a hospital just north of London, publicly acknowledged “a major IT problem” that is “believed to be caused by a cyber attack.”

“The trust is postponing all non-urgent activity for today and is asking people not to come to A&E – please ring NHS111 for urgent medical advice or 999 if it is a life-threatening emergency,” according to a statement. “To ensure that all back-up processes and procedures were put in place quickly, the trust declared a major internal incident to make sure that patients already in the trust’s hospitals continued to receive the care they need.”

News of the English hospitals being hit with ransomware spread quickly among doctors and hospital employees, including in a widely shared message from an English doctor now making the rounds on social media.

**

If.ra? @asystoly6h6 hours ago  Why would you cyber attack a hospital and hold it for ransom? The state of the world ?

“So our hospital is down,” the doctor wrote. “We got a message saying your computers are now under their control and pay a certain amount of money. And now everything is gone.”

DoJ, AG Sessions, Effectively Immediately

Read the 2 page memo here.

Sessions ends Obama-era leniency on sentencing, infuriating civil rights groups

FNC: Attorney General Jeff Sessions announced Friday that he has told prosecutors to pursue the most serious charges possible against criminal suspects – a stunning reversal of Obama-era policies, and a move that infuriated civil rights groups.

“We will enforce the laws passed by Congress pure and simple,” he said at an awards ceremony in Washington D.C, adding that prosecutors deserved to be “unhandcuffed and not micro-managed from Washington.”

“This is a key part of President Trump’s promise to keep America safe,” Sessions said. “We’re seeing an increase in violent crime in our cities – in Baltimore, Chicago, Memphis, Milwaukee, St. Louis and many others.  The murder rate has surged 10 percent nationwide – the largest increase since 1968.”

In a letter to 94 U.S. attorneys Thursday night, Sessions called it a “core principle” that prosecutors charge and pursue “the most serious and readily provable offense.” Sessions defined the most serious offenses as those that carry the most substantial guidelines sentence.

Sessions noted that “there will be circumstances in which good judgment would lead a prosecutor to conclude that a strict application” of the policy is not warranted, but that any exceptions must first be approved by a U.S. attorney, assistant attorney general, or a designated supervisor.

The move, which will send more criminals to jail and for longer terms by triggering mandatory minimum sentences, explicitly reverses policies set in motion by President Obama’s former Attorney General Eric Holder – who implemented the “Smart on Crime” drug sentencing policy that focused on not incarcerating people who committed low level, non-violent crimes. DOJ officials call it a “false narrative” and say unless a gun is involved, most of those cases aren’t charged period.

Officials say Holder’s “Smart on Crime” policy “convoluted the process,” and left prosecutors applying the law unevenly, which they said “is not Justice.”

But civil rights groups blasted the process, with the American Civil Liberties Union describing the move as a move that will “reverse progress” and repeat the War on Drugs, which it called a “failed experiment.”

“With overall crime rates at historic lows, it is clear that this type of one-dimensional criminal justice system that directs prosecutors to give unnecessarily long and unfairly harsh sentences to people whose behavior does not call for it did not work,” Udi Ofer, director of the American Civil Liberties Union’s Campaign for Smart Justice.

The policy was also criticized by Sen. Rand Paul, R-Ky., who said mandatory minimums have “unfairly and disproportionately incarcerated too many minorities for too long.”

“Attorney General Sessions new policy will accentuate that injustice. Instead we should treat our nation’s drug epidemic as a health crisis and less as a lock ‘em up and throw away the key problem,” he said.

However, the National Association of Assistant United States Attorneys backed the move, saying it would make the public safer and give prosecutors to “tools that Congress intended” to lock up drug dealers and dismantle gangs.

 


Wait for it…nah never mind…former DOJ AG, Eric Holder has already responded.

Former Attorney General Eric Holder blasts Sessions memo as ‘dumb on crime’

Former Attorney General Eric Holder blasted a new Justice Department policy on prosecutions and sentencing, calling it “dumb on crime.”

“The policy announced today is not tough on crime. It is dumb on crime. It is an ideologically motivated, cookie-cutter approach that has only been proven to generate unfairly long sentences that are often applied indiscriminately and do little to achieve long-term public safety,” Holder said in a statement Friday shortly after the new department memo.

Attorney General Jeff Sessions released a memo early Friday directing prosecutors to “charge and pursue the most serious, readily provable offense” in all cases going forward.

The Sessions memo reverses one issued by Holder in 2013 that encouraged federal prosecutors to seek the most harsh punishment for only “serious, high-level, or violent drug traffickers” instead of lower-level offenders.

Holder cited department data showing that since the implementation of his memo — the Smart on Crime directive — prosecutors have been able to successfully focus more resources on higher level drug offenders such as kingpins and cartel leaders.

“The data showed that while they brought fewer indictments carrying a mandatory minimum sentence, the prosecutions of high-level drug defendants had risen and that cooperation and plea rates remained effectively the same,” Holder said. “These reversals will be both substantively and financially ruinous, setting the Department back on track to again spending one-third of its budget on incarcerating people, rather than preventing, detecting, or investigating crime.”

2008, the Russians Hacked Obama’s Campaign Too

Why are we learning this now? It is a dereliction of duty to advise the American electorate, campaign operators and all later political candidates, regardless of the kind of race. Further, should we be blaming Obama on this and did he invite the FBI to investigate? If so, the matters of phishing operations and Russia should have been a clarion call.

Further, why would Obama and Hillary even consider ‘resetting’ relations with Russia? Oh yeah……’cut it out Vladimir’..remember that?

Okay read on….the anger mounts.

Exclusive: Russian Hackers Attacked the 2008 Obama Campaign

Jeff Stein: Russian hackers targeted the 2008 Barack Obama campaign and U.S. government officials as far back as 2007 and have continued to attack them since they left their government jobs, according to a new report scheduled for release Friday.

The targets included several of the 2008 Obama campaign field managers, as well as the president’s closest White House aides and senior officials in the Defense, State and Energy Departments, the report says.

It names several officials by title, but not by name, including “several officials involved in Russian policy, including a U.S. ambassador to Russia,” according to a draft version of the report, authored by Area 1 Security, a Redwood City, California, company founded by former National Security Agency veterans.

“They’re still getting fresh attacks,” the company says.

The attacks on their email accounts have continued as the officials migrated to think tanks, universities and private industry, the company says. The favored weapon of the Russians and other hackers is the so-called “phishing” email, in which the recipient is invited to click on a innocent-looking link, which opens a door to the attackers.

China can’t be excluded as a perpetrator in those attacks, Area 1 Security’s report says, but its new data “show that Russia tried to hack several members of the Obama campaign and could have done so at the same time as someone that achieved massive data exfiltration.”

Blake Darché, a former NSA technical analyst who co-founded Area 1 Security, tells Newsweek that “state-sponsored Russian hackers have been targeting United States officials and politicians since at least 2007 through phishing attacks.” Russian hackers reportedly breached the Joint Chiefs of Staff email system in 2015.

The company says one of the Russian targets was a “deputy campaign manager” in the 2008 Obama campaign, but was otherwise unidentified in its report. There were a number of them over a period of time. One was Steve Hildebrand. Reached in Sioux Falls, South Dakota, where he now runs a specialty bakery and coffee shop, Hildebrand says he was “not aware” that he might have been a Russian target and didn’t remember being warned about cyberattacks of any kind during the campaign. Another senior 2008 campaign aide (and later White House National Security Council spokesman), Tommy Vietor, tells Newsweek he had “no knowledge” of Russian hacking at the time.

Besides top officials in the Energy, Defense and State departments, the Area 1 Security report cites a half-dozen positions in the Obama White House that were targeted from 2008 through 2016, including the president’s deputy assistant, special assistant, the special assistant to the political director, advance team leaders for first lady Michelle Obama, and the White House deputy counsel. None of them could immediately be reached for comment.

Among the State Department targets named by Area 1 Security were three top offices dealing with Russia and Europe. Evelyn Farkas, who served as the Obama administration’s deputy assistant secretary of defense for Russia/Ukraine/Eurasia from 2012 to 2015, says she could not discuss matters that remain classified, but says “the biggest impact” she remembered offhand was the Russian hack of the Joint Chiefs.

Among the three top, unnamed targets at the Energy Department was the director of the Office of Nuclear Threat Science, which is responsible for overseeing the U.S. Nuclear Counterterrorism Program.

The Area 1 Security report names the “Dukes,” also known as “Cozy Bear” and APT-29, for the Obama attacks, the same Russian actors named in the 2015 and 2016 hacking of the Democratic National Committee (DNC) and the State Department.

In an interview, Darché calls the Dukes a front for Russia’s “premier intelligence-gathering arm,” which would be the SVR, or External Intelligence Service, the Kremlin equivalent to the CIA, although he declined to specifically name it. As opposed to the DNC hacks launched to steal and publicize information damaging to the campaign of Hillary Clinton, he says, the Russian offensives that Area 1 Security uncovered were clandestine “intelligence gathering operations” designed to secretly penetrate a wide variety of institutions and industry.

Oren Falkowitz, a former analyst at the National Security Agency who co-founded Area 1 Security, says he launched the company to stop phishing attacks, which until then was thought to be impossible because so many employees continue to click on risky links in emails. The key to the company’s success was persuading clients to let it monitor its servers, he told The New York Times in a 2016 interview.

In Friday’s report, Area 1 Security says it uses a “vast active sensor network” to detect and trace phishing attacks. It says it could imagine the Dukes “operating a giant spreadsheet where new targets are added, but never leave.” It “moves quickly, compromising a server or service to send out phishing emails from it, and then leaves, never returning to check for  bounced email messages to cull from its list.”

Most ex-officials don’t realize they are carrying “the blemish of being a Russian target into their new workplace,” the Area 1 Security report says.  As a result, “they give the Dukes beachheads in companies and organizations they never even planned on or imagined hacking,” such as Washington think tanks, defense contractors, lobbyist offices,  financial institutions and pharmaceutical companies stocked with high ranking former political, military and intelligence  officials.

Russia is “notoriously persistent in pursuing targets,” the report says. “It’s a lesson on why every organization needs great security.”

***

FireEye CEO: Russians are at Work in Election Hacking

FireEye CEO Kevin Mandia said Thursday that strengthening U.S. cybersecurity defenses begins with protecting the country’s own systems first, and he is hopeful the Trump administration will implement a strategy to defend from cyber threats, during an interview on FOX Business’ “Countdown to the Closing Bell.”

“You gotta protect critical infrastructure and under times of duress, you have to be able to have shields up as a nation, and I think this order is going to move toward that,” he said, referring to the executive order President Trump signed Thursday, aimed at strengthening the America’s infrastructure to help prevent cyberattacks.

Cyber hacking has been in the forefront of an FBI investigation over Russia’s alleged involvement in the 2016 presidential election. Mandia said he believes acting FBI Director Andrew McCabe will continue the investigation into these claims.

“When you awake the sleeping giant, they get the job done and I think the FBI, whenever they apply the resources at their disposal and their capability, they can get the job done as they see fit,” he said.

Mandia believes the Russians are at work in election hacking and thinks it will continue to happen.

“The tool in every emerging nation’s tool box now [is] a cyber component,” he said.

The FireEye CEO added that the risks from cyberattacks can’t be eliminated because persistent hackers are exploiting human trust and not exploiting systems.

DHS Project New Dawn 1,378 Arrests

Image result for homeland security investigations

U.S. Immigration and Customs Enforcement Officials are revealing details of a massive anti-gang operation that’s resulted in 1,378 arrests nationwide.

The six week long operation, which began March 26th, targeted violent criminal street gangs in the DC metro area, San Antonio, San Diego, and Newark.

“The primary purpose of the operation was to identify, arrest, and prosecute gang members and associates who threaten our communities,” Thomas Homan, ICE’s Acting Director told reporters.

The operation, called “Project New Dawn” was led by ICE’s Homeland Security Investigations section, known as HCI.

In the DC area alone, agents arrested 52 people, including 29 members of the El Salvador-controlled MS-13 gang.

“Nearly 1100 were arrested on federal or state criminal charges, including murder, assault and other crimes of violence,” says DHS Deputy Executive Associate Director Derek Benner.

Authorities arrested 21 people on murder related charges, and seven for rape and sexual assault charges.

Others face drug trafficking, weapons smuggling, human smuggling, sex trafficking, and racketeering charges.

Police say more than 1000 of those arrested had gang affiliations: connections to MS-13, and the Crips, Bloods, and the Surenos street gangs.

“Let me be clear that these violent criminal street gangs are the biggest threat facing our communities,” Homan says.

DC-based HSI agents arrested eleven MS-13 gang members in April at a home in Falls Church, police say.

Ten of those actions were ‘administrative arrests’, for immigation violations, the eleventh was a criminal arrest.

Investigators say federal agents and Fairfax County Police were keeping the home under surveillance because of reports about alleged sex trafficking.

“Our goal at the end of the day is to arrest, prosecute, imprison, deport and remove trans-national gang members as well as to supress violence, and prosecute crimial enterprises,” Benner says.

ICE says during the operation, officers seized 238 guns and $492,000 in cash.

But the agency also revealed a troubling trend.

Investigators in the San Diego area found street gangs are bucking the idea of turf or territory, and instead, are acting in concert, with different groups using each other’s expertise to maximize illegal profits.

“One gang, they specialize in narcotics smuggling, one may specialize in weapons trafficking,” Benner explains. “They’re using each other in this particular case, to further their own enterprises.”

Authorities say of those arrested, 933 are U.S. citizens, and 445 are foreign nationals from Central America, South America, Asia, Africa, Europe, and the Caribbean.

ICE’s Acting Director says the notion of sanctuary cities, where local authorities don’t cooperate with, or take part in ICE operations, is making these investigations more difficult.

“One officer can make (an) arrest inside the jail, turn him over to us, we can remove that person from the country,” Homan says. “When they get released without our attention, they’re back on the streets.”

He says after an initial arrest, 30 to 40 percent of gang-related suspects are repeat offenders.

Some of those in custody face federal re-entry charges, for returning to the U.S. after they were kicked out of the country for immigration or criminal violations.

ICE officials say this is not over, that there will be more operations like this in the future.

“We are not done,” Homan says. “We have a laser focus on these groups, and we will continue to actively pursue them, wherever they are in the United States.”

*** In 2016, ICE had a similar success. Image result for homeland security investigations

WASHINGTON — A five-week operation, dubbed Project Shadowfire, netted 1,133 arrests, including more than 900 transnational criminal gang members and others associated with transnational criminal activity, like drug trafficking, human smuggling and sex trafficking, murder and racketeering. The operation was led by U.S. Immigration and Customs Enforcement’s (ICE) Homeland Security Investigations (HSI) and concluded March 21.

“This operation is the latest example of ICE’s ongoing efforts, begun more than a decade ago under Operation Community Shield, to target violent gang members and their associates, to eradicate the violence they inflict upon our communities and to stop the cash flow to transnational organized crime groups operating overseas,” said ICE Director Sarah R. Saldaña.

Since the inception of Operation Community Shield in February 2005, HSI special agents, working in conjunction with federal, state and local law enforcement agencies, have made more than 40,000 gang-related arrests and seized more than 8,000 firearms.

Project Shadowfire was a surge operation conducted under Operation Community Shield, and led by the HSI National Gang Unit. Between Feb. 15 and March 21, HSI special agents worked with numerous state, local and federal law enforcement partners, including ICE’s Enforcement and Removal Operations (ERO), to apprehend individuals from various gangs.

Most of the individuals arrested during Project Shadowfire were U.S. citizens, but 239 foreign nationals from 13 countries in Central America, Asia, Europe and the Caribbean were also arrested. Of the 1,133 arrests, 915 were gang members and associates, 1,001 were charged with criminal offenses and 132 were arrested administratively for immigration violations.

The majority of arrestees were affiliated with gangs like MS-13, Sureños, Norteños, Bloods and several prison-based gangs. Enforcement actions occurred around the country, with the greatest activity taking place in the Los Angeles, San Juan, Atlanta, San Francisco, Houston, and El Paso areas.

The National Gang Unit oversees HSI’s expansive transnational gang portfolio and enables special agents to bring the fight to these criminal enterprises through the development of uniform enforcement and intelligence-sharing strategies.

Recent National Gang Unit-led operations include: Southern Tempest in 2011, targeting gangs affiliated with drug trafficking; Project Nefarious in 2012, targeting gangs involved in human smuggling and trafficking; Project Southbound in 2014, targeting the Sureños, the fasting growing transnational gang in the U.S., and Project Wildfire in 2015, the largest gang surge conducted by HSI to date.

Additionally, for the past three years, ICE has held an anti-gang conference with the U.S. Department of State in Mexico City to provide training and capacity building for international law enforcement officers to combat and prevent gang activities.