A massive global cyber attack took down large IT systems in several major nations this weekend, and affected numerous others, including Israel, although attacks in the Jewish State were “minor so far.”
More than 75,000 attacks by a ransomware called #wannacry affected 99 countries around the world, including the United States, Russia, Ukraine, UK, Australia, Belgium, France, Germany, Italy, Mexico, Kazakhstan and Taiwan, according to multiple cyber security agencies, beginning Friday and galloping through the weekend.
Israeli Prime Minister Benjamin Netanyahu said in his opening remarks to Sunday’s cabinet meeting that Israel has been largely unaffected by the attack thus far but that doesn’t mean the country is not necessarily at risk.
“We are in the midst of a global cyber attack; almost 100 countries have been affected.
“As of now, in Israel, there have not been any attacks against our vital infrastructures. The other attacks have been minor so far, but everything could change,” Netanyahu said.
“Several years ago we established a defense network against cyber attacks. We also had the foresight to establish the National Cyber Defense Authority based on the understanding that we yet face a new threat.
“I can only request one thing from Israel’s citizens and Israel’s companies.” he continued, “Follow the directives of the National Cyber Defense Authority.
“There will yet be many developments and we will need to invest more resources in order to ensure that the State of Israel, vis-à-vis both its defense and civilian sectors, has the necessary defensive measures against this new type of threat.”
According to a security source, at least 150 commercial firms were affected by the attack, which shut down 200,000 computers.
Energy and Infrastructure Minister Yuval Steinitz declared a cyber alert for Israel’s energy and water infrastructure in response to the attack. Action was taken at the ministry, at the Israel Electric Company, at power stations and at various energy and water infrastructure stations to tighten cyber defenses.
The Globes business news site quoted Adam Feld, owner of the CyberGrip consultation and advanced cyber defense services firm as saying the attack was likely planned and executed just a few days after Wikileaks exposed the encryption methods used by the NSA (National Security Agency) in the United States. He praised Israel’s National Center for Cyber Threats (CERT), and said that Israel’s readiness for the attack was clear, given that it had anticipated and warned of such an event and its potential for damage ahead of time.
U.S. delivery giant FedEx was badly affected by this attack; so was the British National Health Service system, which was nearly shut down by the malware, as were a number of the country’s main hospitals and emergency rooms.
So how did this attack play out, and what was involved? Ransomware encrypts data on the infected computer and locks it before demanding payment to release it, sometimes via the bitcoin digital money.
The virus exploited a flaw in Windows that was discovered from the NSA. It produced a screen on the affected computer screen that said “Oops, your files have been encrypted!” Three paragraphs followed with explanations: What Happened to my Computer? Can I Recover My Files? How Do I Pay? Below, there was a button to pay in Bitcoin, and two other buttons, one for “Check Payment” and the other for “Decrypt.”
In a left-hand side column, ominously, were two boxes topped by a padlock icon, saying “Payment will be raised (doubled in three days) on …” and a digital time counter, and “Your files will be lost (if you don’t pay in seven days) on …” with a second time counter.
Although Microsoft issued a security patch this year, numerous media have said many systems did not update with it. The Kaspersky Anti-virus Lab said the malware was released this past April by a hackers group called Shadow Brokers.