The Latest: More US firms believed hit by cyberattack
Posted May 15
NEW YORK — The latest on the global extortion cyberattack that hit dozens of countries (all times local):
A law enforcement official says investigators believe additional companies in the United States have been affected by the global "ransomware" software cyberattack but have not yet come forward to report the attacks.
The official spoke to The Associated Press on condition of anonymity because the official was not authorized to speak publicly about an ongoing investigation.
The official says that investigators have obtained some of the phishing emails and are analyzing them for "bread crumbs" that may lead them to the attackers.
Authorities have been encouraging affected companies to contact law enforcement and not pay the ransom.
While the attack that emerged Friday hitting companies and governments around the world ebbed in intensity Monday, experts warned that new versions of the virus could emerge.
Investigators fear the ransomware can be re-released without a kill switch that allowed researchers to interrupt the malware's initial spread.
President Donald Trump's homeland security adviser says that so far, no U.S. federal systems have been affected by the global cyberattack.
Tom Bossert says the U.S. government has been closely monitoring the attack, which has affected an estimated 300,000 machines in 150 countries. He noted a few U.S. businesses, including Fed Ex, were affected.
Computers across the world were locked up Friday and users' files held for ransom when dozens of countries were hit in a cyber-extortion attack that targeted hospitals, companies and government agencies. Cybersecurity experts say the unknown hackers who launched the "ransomware" attacks used a hole in Microsoft software that was discovered by the National Security Agency and exposed when NSA documents were leaked online.
Neither the FBI or NSA would comment Monday.
Investigators looking to catch the perpetrators of the global "ransomware" attack will be looking for digital clues, including monitoring the bitcoin accounts used to collect ransom payments.
It'll be tough, but not impossible.
Security experts say that bitcoin is often believed to be anonymous, but the transactions are highly traceable. What's not known is who's behind a particular account. But the bitcoin money often has to be converted into real-world currency at some point.
Steve Grobman of the security company McAfee says forensics experts will also be looking for clues in the structure of the malware, including how it was written and how it was run. He says the malware was sophisticated, helping to rule out pranksters and lower-level thieves.
The cyberattack that emerged Friday has paralyzed computers running factories, banks, government agencies and transport systems around the world.
(previously from LONDON)
Interpol's cybercrime unit, based in Singapore, said it is working on information provided by the private Kaspersky Lab to assist investigations in the countries affected. Europol has said the same. But neither agency has actual enforcement capabilities, instead acting more as information clearinghouses and organizers in the complex world of international law enforcement, where police from different countries rarely have a language in common — and few speak the languages of computer programming.
Costin Raiu, head of Kaspersky's global research and analysis, whose group has two analysts directly embedded with Interpol, said a main pitfall will be sharing intelligence in real time, and then being able to follow the accumulated evidence to a suspect. Raiu said investigators are scouring the Tor darknet to trace the command and control servers. The attackers are believed to be relatively new at the ransomware business, he said.
"The attack appears to be slowing down anyway. What we are afraid of are copycats," he said.
Germany's interior ministry says software companies need to do their own homework, rather than blame governments for security breaches.
Microsoft's top lawyer, Brad Smith, had criticized governments Sunday for "hoarding" vulnerabilities and urged authorities to report security problems to IT firms "rather than stockpile, sell, or exploit them."
Interior ministry spokesman Tobias Plate said "someone who doesn't do their homework trying to make others responsible for not pointing out this homework needs to be done seems to me to mix up cause and effect."
Plate told reporters in Berlin on Monday that the German government had published a new cybersecurity strategy last year that includes a proposal to hold IT companies liable for security flaws.
German rail company Deutsche Bahn's platform displays were hit by the global "ransomware" cyberattack.
Tom Bossert, a homeland security adviser to U.S. President Donald Trump, says the recent global cyberattack is something that "for right now, we've got under control" in the United States.
Bossert tells ABC's "Good Morning America" that the malware is an "extremely serious threat" that could inspire copycat attacks. But Microsoft's security patch released in March should protect U.S. networks for those who install it.
Micrsoft's top lawyer has criticized U.S. intelligence for "stockpiling" software code that can aid hackers. Cybersecurity experts say the unknown hackers behind the latest attacks used a vulnerability exposed in U.S. government documents leaked online.
Bossert said "criminals" are responsible, not the U.S. government. Bossert says the U.S. hasn't ruled out involvement by a foreign government, but that the recent ransom demands suggest a criminal network.
Indian authorities were on high alert for news of malfunctioning computers Monday, after experts estimated 5 percent of affected computers were in the country.
The Computer Emergency Response Team of India issued a red-colored "critical alert" — it's highest alarm level — and urged computer users to update their systems and use protective software.
But few major problems were reported. The head of the government response team told Press Trust of India news agency that "everything seems to be normal, so far. No reports have come in" detailing cyberattacks in the country.
The Kaspersky Lab, a security solutions firm, had estimated that up to 5 percent of computers affected globally could be in India. The country is considered vulnerable thanks to a large number of computers running on older Microsoft operating systems.
Britain's health service says most hospitals hit by the global "ransomware" attack are back up and running, but seven are still experiencing IT disruption and canceling appointments.
About a fifth of NHS trusts — the regional bodies that run hospitals and clinics — were hit by the attack on Friday, leading to thousands of canceled appointments and operations.
Health officials say seven of the 47 affected are still having IT problems and have asked for "extra support" from the National Health Service.
Barts Health, which runs five London hospitals, says it is still sending some ambulances to other hospitals and has canceled some surgeries and outpatient appointments.
Ciaran Martin, chief executive of the U.K.'s National Cyber Security Centre, has warned that more computers could be infected Monday as doctors' practices re-opened after the weekend.
In France, auto manufacturer Renault said one of its plants, which employs 3,500 people in Douai, northern France, wasn't reopening Monday as technicians continued to deal with the aftermath of the global cyberattack.
The company described the temporary halt in production as a "preventative step." The company gave no details on the degree to which the plant was affected by the malware. Renault said all of its other plants in France were open Monday.
The problem with its home page wasn't ransomware after all, Osaka city hall said. The site is now back up but the real cause of the problem is not yet clear, said spokesman Hajime Nishikawa.
Kyodo News said one personal computer was affected at one office at East Japan Railway Co., but train services were not affected.
A Japanese nonprofit says computers at 600 locations had been hit in the global "ransomware" cyberattack.
Nissan Motor Co. confirmed Monday some units had been targeted, but there was no major impact on its business.
Hitachi spokeswoman Yuko Tainiuchi said emails were slow or not getting delivered, and files could not be opened. The company believes the problems are related to the ransomware attack, although no ransom is being demanded. They were installing software to fix the problems.
The Japan Computer Emergency Response Team Coordination Center said 2,000 computers in Japan were reported affected so far, citing an affiliate foreign security organization that it cannot identify.
At least one hospital was affected, according to police. The city of Osaka said its home page went blank, although problems had not been detected otherwise.
South Korea has been mostly spared from the global cyber chaos that crippled scores of governments and companies in 150 countries.
Director Shin Dae Kyu at the state-run Korea Internet & Security Agency who monitors the private sector said Monday that five companies have reported they were targeted by a global "ransomware" cyberattack. While some companies did not report damages to the government, South Korea was yet to see crippling damages, he said.
The most public damage was on the country's largest movie chain. CJ CGV Co. was restoring its advertising servers at dozens of its movie theaters after the attack left the company unable to display trailers of upcoming movies. Its movie ticket systems were unaffected.
Another government security official said no government systems were affected.
Global cyber chaos is spreading Monday as companies boot up computers at work following the weekend's worldwide "ransomware" cyberattack.
The extortion scheme has created chaos in 150 countries and could wreak even greater havoc as more malicious variations appear. The initial attack, known as "WannaCry," paralyzed computers running Britain's hospital network, Germany's national railway and scores of other companies and government agencies around the world.
As a loose global network of cybersecurity experts fought the ransomware hackers, in China, state media said more than 29,000 institutions had been infected along with hundreds of thousands of devices.
The Japan Computer Emergency Response Team Coordination Center, a nonprofit providing support for computer attacks, said 2,000 computers at 600 locations in Japan were reported affected so far.