NHS organisations across the country are braced for a possible recurrence of Friday's cyberattack when staff return to work today.
Cyber security experts have warned that the ransomware virus, which affected one in five NHS Trusts, could be reactivated by computers and devices that have not yet been switched on.
On Sunday evening seven acute hospital Trusts continued to experience major disruption and were diverting patients away from A&E for a third consecutive day.
:: Cyberattacks: How to protect your computer from infection
In total 47 organisations reported being affected by the cyberattack and the disruption will continue into the new working week.
NHS regional director for London, Anne Rainsberry, told Sky News: "If you have not heard from your hospital and you have an appointment, our message is you should attend as normal."
But she warned patients: "It may be a little bit slower when you get there because hospitals are using different systems, so please be patient."
Trusts in Lincolnshire and Southport and Ormskirk cancelled all routine appointments for Monday, and staff have been warned to exercise caution when logging in.
United Lincolnshire Trust and Northumbria Healthcare NHS Trust used social media to warn staff that they should not switch on any devices unless they have been specifically cleared by their manager.
Northumbria Healthcare said: "All staff should report for duty tomorrow as usual - however please DO NOT switch on or log in to any laptops, mobile devices or desktop PCs until advised to do so by your line manager."
Ciaran Martin, chief executive of the National Cyber Security Centre, warned there could be a fresh wave of victims on Monday.
Monday, May 15, 2017
Man 'covered in blood and holding human head stabs store worker' in Oregon
A man is reportedly in custody after walking into a US supermarket covered in blood, holding a knife and what looked like a human head, and stabbing a worker.
Police responded to a call about the attack at the Harvest Market Thriftway in Estacada, Oregon, at around 2.15pm on Sunday.
Other staff reportedly held the knifeman down until police arrived.
The store worker was airlifted to Emanuel Hospital for treatment.
The suspect was also taken to a nearby hospital.
Within minutes of the report of the supermarket attack, officers were called to Elwood Road, Colton, around 10 miles away, where a woman was found dead inside a home.
Police are investigating both incidents which investigators say are connected, according to reports.
Police responded to a call about the attack at the Harvest Market Thriftway in Estacada, Oregon, at around 2.15pm on Sunday.
Other staff reportedly held the knifeman down until police arrived.
The store worker was airlifted to Emanuel Hospital for treatment.
The suspect was also taken to a nearby hospital.
Within minutes of the report of the supermarket attack, officers were called to Elwood Road, Colton, around 10 miles away, where a woman was found dead inside a home.
Police are investigating both incidents which investigators say are connected, according to reports.
Sunday, May 14, 2017
North Korea launches a ballistic missile that flies about 435 miles
TOKYO — North Korea fired a ballistic missile early Sunday, sending it from a launch site near its border with China some 450 miles into the sea between the Korean Peninsula and Japan.
It was launched from the same site where North Korea fired two mystery missiles that some analysts thought could have been intercontinental ballistic missiles capable of reaching the mainland United States.
But the U.S. military said that the flight pattern was “not consistent” with an ICBM and did not threaten the United States.
Regardless, the apparent success of the launch and the steady pace of firings will only heighten tensions in the region.
Sunday’s launch is the first since Moon Jae-in, a liberal who is promoting engagement with North Korea, took office as South Korea’s new president Wednesday. Moon immediately convened an emergency meeting of his national security council to discuss the launch.
It also comes after repeated warnings from President Trump to North Korea to stop — and China to crack down on its errant neighbor. Trump will likely urge Beijing to use its leverage over Pyongyang to punish it for this latest provocation.
In a statement late Saturday, the White House said, “North Korea has been a flagrant menace for far too long...Let this latest provocation serve as a call for all nations to implement far stronger sanctions against North Korea.”
The statement also noted the missile’s proximity to Russia: “With the missile impacting so close to Russian soil – in fact, closer to Russia than to Japan – the President cannot imagine that Russia is pleased.”
[ North Korea fires another ballistic missile, the 75th of Kim Jong Un’s tenure ]
Analysts were still working to identify the kind of missile launched Sunday morning local time.
U.S. Pacific Command, based in Hawaii, said it had detected and assessed the missile, and “the flight was not consistent with an intercontinental ballistic missile.” However, it did not state what kind of missile it appeared to be.
“The North American Aerospace Defense Command determined the missile launch from North Korea did not pose a threat to North America,” Pacific Command spokesman Rob Shuford said in a statement.
South Korea’s Joint Chiefs of Staff said that the missile was fired shortly after 5 a.m. North Korea time, from Kusong, an area not far from the border with China.
In Tokyo, the Japanese government said that the missile flew for 30 minutes. It strongly condemned the “absolutely unacceptable” behavior.
“These repeated missile launches by North Korea are a grave threat to our country and are in clear violation of U.N. Security Council resolutions,” Japanese Prime Minister Shinzo Abe told reporters.
North Korea has been testing missiles at a rapid rate over the past year, apparently working toward leader Kim Jong Un’s ambition to develop an ICBM that can reach the United States.
The two most recent launches last month were deemed to have failed, as they exploded within seconds. However, Sunday’s missile appears to have been successful.
The site of the latest launches is raising suspicions.
North Korea launched two missiles in October last year from an air base in Kusong on North Korea’s west coast, on the other side of the country from the usual intermediate-range Musudan test site near Wonsan, on the east coast.
U.S. Strategic Command said they were “presumed” to be Musudans, which are technically capable of flying as far as 2,400 miles, putting Guam within range and almost reaching Alaska.
But Jeffrey Lewis, director of the East Asia nonproliferation program at the Middlebury Institute of International Studies at Monterey in California, said at the time that there was an “even chance” that they were intercontinental ballistic missiles (ICBMs).
[ U.S. starts ‘swiftly’ installing controversial antimissile battery in South Korea ]
At a huge military parade that Kim presided over last month, North Korea displayed two of its newest model missiles, including the submarine-launched ballistic type it successfully fired last year and the land-based version it launched last month.
One of the missiles looked similar to the KN-08 intercontinental ballistic missile that North Korea had included in previous parades. This missile has a theoretical range of about 7,500 miles, which is enough to reach all of the United States from North Korea.
It also put two ICBM canisters, which protect solid-fueled missiles from the effects of the environment, on the trucks that had carried the ICBMs previously. One may have been a KN-14, another missile capable of reaching the U.S. mainland, although it has a slightly shorter range
Although there are still plenty of technical hurdles to be overcome, many analysts believe North Korea will eventually achieve Kim’s stated goal of developing an ICBM that can reach the mainland United States.
It was launched from the same site where North Korea fired two mystery missiles that some analysts thought could have been intercontinental ballistic missiles capable of reaching the mainland United States.
But the U.S. military said that the flight pattern was “not consistent” with an ICBM and did not threaten the United States.
Regardless, the apparent success of the launch and the steady pace of firings will only heighten tensions in the region.
Sunday’s launch is the first since Moon Jae-in, a liberal who is promoting engagement with North Korea, took office as South Korea’s new president Wednesday. Moon immediately convened an emergency meeting of his national security council to discuss the launch.
It also comes after repeated warnings from President Trump to North Korea to stop — and China to crack down on its errant neighbor. Trump will likely urge Beijing to use its leverage over Pyongyang to punish it for this latest provocation.
In a statement late Saturday, the White House said, “North Korea has been a flagrant menace for far too long...Let this latest provocation serve as a call for all nations to implement far stronger sanctions against North Korea.”
The statement also noted the missile’s proximity to Russia: “With the missile impacting so close to Russian soil – in fact, closer to Russia than to Japan – the President cannot imagine that Russia is pleased.”
[ North Korea fires another ballistic missile, the 75th of Kim Jong Un’s tenure ]
Analysts were still working to identify the kind of missile launched Sunday morning local time.
U.S. Pacific Command, based in Hawaii, said it had detected and assessed the missile, and “the flight was not consistent with an intercontinental ballistic missile.” However, it did not state what kind of missile it appeared to be.
“The North American Aerospace Defense Command determined the missile launch from North Korea did not pose a threat to North America,” Pacific Command spokesman Rob Shuford said in a statement.
South Korea’s Joint Chiefs of Staff said that the missile was fired shortly after 5 a.m. North Korea time, from Kusong, an area not far from the border with China.
In Tokyo, the Japanese government said that the missile flew for 30 minutes. It strongly condemned the “absolutely unacceptable” behavior.
“These repeated missile launches by North Korea are a grave threat to our country and are in clear violation of U.N. Security Council resolutions,” Japanese Prime Minister Shinzo Abe told reporters.
North Korea has been testing missiles at a rapid rate over the past year, apparently working toward leader Kim Jong Un’s ambition to develop an ICBM that can reach the United States.
The two most recent launches last month were deemed to have failed, as they exploded within seconds. However, Sunday’s missile appears to have been successful.
The site of the latest launches is raising suspicions.
North Korea launched two missiles in October last year from an air base in Kusong on North Korea’s west coast, on the other side of the country from the usual intermediate-range Musudan test site near Wonsan, on the east coast.
U.S. Strategic Command said they were “presumed” to be Musudans, which are technically capable of flying as far as 2,400 miles, putting Guam within range and almost reaching Alaska.
But Jeffrey Lewis, director of the East Asia nonproliferation program at the Middlebury Institute of International Studies at Monterey in California, said at the time that there was an “even chance” that they were intercontinental ballistic missiles (ICBMs).
[ U.S. starts ‘swiftly’ installing controversial antimissile battery in South Korea ]
At a huge military parade that Kim presided over last month, North Korea displayed two of its newest model missiles, including the submarine-launched ballistic type it successfully fired last year and the land-based version it launched last month.
One of the missiles looked similar to the KN-08 intercontinental ballistic missile that North Korea had included in previous parades. This missile has a theoretical range of about 7,500 miles, which is enough to reach all of the United States from North Korea.
It also put two ICBM canisters, which protect solid-fueled missiles from the effects of the environment, on the trucks that had carried the ICBMs previously. One may have been a KN-14, another missile capable of reaching the U.S. mainland, although it has a slightly shorter range
Although there are still plenty of technical hurdles to be overcome, many analysts believe North Korea will eventually achieve Kim’s stated goal of developing an ICBM that can reach the mainland United States.
Ransomware cyber-attack threat escalating - Europol
Friday's cyber-attack has affected more than 200,000 victims in 150 countries, Europol chief Rob Wainwright says.
He told the BBC the act was "unprecedented in its scale" and warned more people could find themselves affected on Monday morning.
The virus took control of users' files, demanding payments; Russia and the UK were among the worst-hit countries.
Experts say another attack could be imminent and have warned people to ensure their security is up to date.
Mr Wainwright said that the ransomware was being combined with a worm application allowing the "infection of one computer to quickly spread across the networks".
He added: "That's why we're seeing these numbers increasing all the time."
'Patch before Monday'
Although a temporary fix earlier slowed the infection rate, the attackers had now released a new version of the ransomware, he said.
Companies need to make sure they have updated their systems and "patched where they should" before staff arrived for work on Monday morning, the EU law enforcement agency head said.
In England, 48 National Health Service (NHS) trusts reported problems at hospitals, GP surgeries or pharmacies, and 13 NHS organisations in Scotland were also affected.
What occurred was an "indiscriminate attack across the world on multiple industries and services", Mr Wainwright said, including Germany's rail network Deutsche Bahn, Spanish telecommunications operator Telefonica, US logistics giant FedEx and Russia's interior ministry.
However, he said that so far "remarkably" few payments had been made by victims of the attack.
BBC analysis of three accounts linked with the global attack suggests the hackers have been paid the equivalent of £22,080.
Blogger halts ransomware 'by accident'
The ransomware causing chaos
Analysis: How it started
NHS 'repeatedly warned' of cyber-attack
The Europol chief said his agency was working with the US Federal Bureau of Investigation to find those responsible, and that more than one person was likely to be involved.
The virus exploits a vulnerability in Microsoft Windows software, first identified by the US National Security Agency, experts have said.
After taking computers over, it displayed messages demanding a payment of $300 (£230) in virtual currency Bitcoin to unlock files and return them to the user.
Microsoft released security updates last month to address the vulnerability, with another patch released on Friday.
The UK security researcher known as "MalwareTech", who helped to limit the ransomware attack, predicted "another one coming... quite likely on Monday".
MalwareTech, who wants to remain anonymous, was hailed as an "accidental hero" after registering a domain name to track the spread of the virus, which actually ended up halting it.
The 22-year-old told the BBC it was very important for people to patch their systems as soon as possible.
He told the BBC the act was "unprecedented in its scale" and warned more people could find themselves affected on Monday morning.
The virus took control of users' files, demanding payments; Russia and the UK were among the worst-hit countries.
Experts say another attack could be imminent and have warned people to ensure their security is up to date.
Mr Wainwright said that the ransomware was being combined with a worm application allowing the "infection of one computer to quickly spread across the networks".
He added: "That's why we're seeing these numbers increasing all the time."
'Patch before Monday'
Although a temporary fix earlier slowed the infection rate, the attackers had now released a new version of the ransomware, he said.
Companies need to make sure they have updated their systems and "patched where they should" before staff arrived for work on Monday morning, the EU law enforcement agency head said.
In England, 48 National Health Service (NHS) trusts reported problems at hospitals, GP surgeries or pharmacies, and 13 NHS organisations in Scotland were also affected.
What occurred was an "indiscriminate attack across the world on multiple industries and services", Mr Wainwright said, including Germany's rail network Deutsche Bahn, Spanish telecommunications operator Telefonica, US logistics giant FedEx and Russia's interior ministry.
However, he said that so far "remarkably" few payments had been made by victims of the attack.
BBC analysis of three accounts linked with the global attack suggests the hackers have been paid the equivalent of £22,080.
Blogger halts ransomware 'by accident'
The ransomware causing chaos
Analysis: How it started
NHS 'repeatedly warned' of cyber-attack
The Europol chief said his agency was working with the US Federal Bureau of Investigation to find those responsible, and that more than one person was likely to be involved.
The virus exploits a vulnerability in Microsoft Windows software, first identified by the US National Security Agency, experts have said.
After taking computers over, it displayed messages demanding a payment of $300 (£230) in virtual currency Bitcoin to unlock files and return them to the user.
Microsoft released security updates last month to address the vulnerability, with another patch released on Friday.
The UK security researcher known as "MalwareTech", who helped to limit the ransomware attack, predicted "another one coming... quite likely on Monday".
MalwareTech, who wants to remain anonymous, was hailed as an "accidental hero" after registering a domain name to track the spread of the virus, which actually ended up halting it.
The 22-year-old told the BBC it was very important for people to patch their systems as soon as possible.
Emmanuel Macron proclaimed France's next president
Emmanuel Macron has been proclaimed France's new president at the Élysée Palace, a week after his resounding victory in last week's run-off poll.
Mr Macron, the country's youngest-ever elected president, has vowed to shake up the country's political order and reinvigorate its economy.
He beat the far-right candidate Marine Le Pen with 66% of the vote.
He takes over from François Hollande, whose five-year term was plagued by high unemployment figures.
The former investment banker had never contested an election before and only formed his centrist political movement a year ago.
Mr Macron, the country's youngest-ever elected president, has vowed to shake up the country's political order and reinvigorate its economy.
He beat the far-right candidate Marine Le Pen with 66% of the vote.
He takes over from François Hollande, whose five-year term was plagued by high unemployment figures.
The former investment banker had never contested an election before and only formed his centrist political movement a year ago.
Tight security was in place across Paris for the ceremony at the president's official residence, with hundreds of extra police on patrol.
Live updates from the ceremony
France has been under a state of emergency since terror attacks in 2015 and a large section of the city centre was closed to traffic all morning.
Live updates from the ceremony
France has been under a state of emergency since terror attacks in 2015 and a large section of the city centre was closed to traffic all morning.
Former NHS hacker: I gained access in less than an hour
A hacker who cracked into an NHS website three months ago has said it took him less than an hour to get through the out-of-date security.
Speaking exclusively to Sky News on the condition of anonymity, the teenager described the defences protecting the confidential details of thousands of patients as "vulnerable to basic attacks that have been around for years".
It comes as NHS security is being criticised for being susceptible to the widespread "ransomware" attack that is still causing problems in hospitals.
Barts Health NHS Trust, the largest NHS trust in the country, has said it was continuing to experience IT disruption, leading to delays and cancellations for patients.
It has advised the public to use other NHS services where possible.
A cyber security expert has also told Sky News there is "no reason" why the hackers would not launch another attack and warned: "It's going to be another tough week".
The huge hack also targeted organisations and companies worldwide, with up to 99 countries possibly affected, according to some researchers.
It is believed to be the biggest attack of its kind.
The hacker said he could have asked for a ransom when he gained access to the NHS database but, on this occasion, he got in touch with the administrator to offer his help.
"At the time, the NHS was under a lot of controversy in the media as some areas had been victim to state-sponsored hacking so I thought I would try and help them.
"It took me less than an hour to find the first vulnerability and the second one I found was extremely serious.
"I had access to anything on the server - patient records or virtually anything that was hosted on that server."
:: Accidental hero finds virus 'kill switch'
Sky News has seen the email chain between the hacker and NHS administrator whom he helped to fix the issue.
It took around 12 hours for the NHS administrator to respond to the initial whistleblowing email and a further three hours for the hole in the system to be patched with the guidance of the hacker.
Although NHS web systems are overseen by NHS Digital, all trusts are responsible for their own IT systems and security.
The website that was hacked months ago is an affiliate of one of the NHS trusts that was badly affected by the weekend's cyberattack. It's unclear if the website itself was compromised again.
Speaking about the current large-scale attack, the hacker says the timing of the launch could give us clues as to what the culprits are like.
:: Strike gives glimpse of 'cyber-apocalypse'
The untraceable crypto-currency Bitcoin was at a near all-time high when the criminals launched their ransomware, which implies an element of planning. However, the hackers did not ask for their payment in Bitcoin, but US dollars.
"I think (it shows) a lack of understanding from them. It doesn't make sense why they would do that because if they were after money then it would have made a lot more sense to demand the payment in actual Bitcoin."
The hacker also said the attack has angered many in his community and could explain why so many have given up their time to fight back and try to stop the virus spreading.
"I think it's extremely dangerous what they've done," he said. "They're putting people's lives at risk. It's just sad really."
Speaking to Sky News, Dr Markus Jakobsson, chief scientist at the cyber security firm Agari, said the malware strike had been shut off "temporarily", but added: "There is no reason why the attacker won't come back and decide to pull another one on us all.
"It's going to be another tough week I think."
He stressed the importance of organisations taking action to safeguard their data.
Dr Jakobsson said: "There's absolutely no excuse for any business not to have up to date systems. This is critical."
He added: "The real problem is that there's the human factor.
People are making mistakes. Whether it's about not patching things like in this situation or clicking on things in emails.
"And the attackers know this very well and they take advantage of it in a very clever way.
"Psychology is against us in a sense."
He went on: "This is a watershed event and we need to fear what this will do to the trust of the infrastructure."
Speaking exclusively to Sky News on the condition of anonymity, the teenager described the defences protecting the confidential details of thousands of patients as "vulnerable to basic attacks that have been around for years".
It comes as NHS security is being criticised for being susceptible to the widespread "ransomware" attack that is still causing problems in hospitals.
Barts Health NHS Trust, the largest NHS trust in the country, has said it was continuing to experience IT disruption, leading to delays and cancellations for patients.
It has advised the public to use other NHS services where possible.
A cyber security expert has also told Sky News there is "no reason" why the hackers would not launch another attack and warned: "It's going to be another tough week".
The huge hack also targeted organisations and companies worldwide, with up to 99 countries possibly affected, according to some researchers.
It is believed to be the biggest attack of its kind.
The hacker said he could have asked for a ransom when he gained access to the NHS database but, on this occasion, he got in touch with the administrator to offer his help.
"At the time, the NHS was under a lot of controversy in the media as some areas had been victim to state-sponsored hacking so I thought I would try and help them.
"It took me less than an hour to find the first vulnerability and the second one I found was extremely serious.
"I had access to anything on the server - patient records or virtually anything that was hosted on that server."
:: Accidental hero finds virus 'kill switch'
Sky News has seen the email chain between the hacker and NHS administrator whom he helped to fix the issue.
It took around 12 hours for the NHS administrator to respond to the initial whistleblowing email and a further three hours for the hole in the system to be patched with the guidance of the hacker.
Although NHS web systems are overseen by NHS Digital, all trusts are responsible for their own IT systems and security.
The website that was hacked months ago is an affiliate of one of the NHS trusts that was badly affected by the weekend's cyberattack. It's unclear if the website itself was compromised again.
Speaking about the current large-scale attack, the hacker says the timing of the launch could give us clues as to what the culprits are like.
:: Strike gives glimpse of 'cyber-apocalypse'
The untraceable crypto-currency Bitcoin was at a near all-time high when the criminals launched their ransomware, which implies an element of planning. However, the hackers did not ask for their payment in Bitcoin, but US dollars.
"I think (it shows) a lack of understanding from them. It doesn't make sense why they would do that because if they were after money then it would have made a lot more sense to demand the payment in actual Bitcoin."
The hacker also said the attack has angered many in his community and could explain why so many have given up their time to fight back and try to stop the virus spreading.
"I think it's extremely dangerous what they've done," he said. "They're putting people's lives at risk. It's just sad really."
Speaking to Sky News, Dr Markus Jakobsson, chief scientist at the cyber security firm Agari, said the malware strike had been shut off "temporarily", but added: "There is no reason why the attacker won't come back and decide to pull another one on us all.
"It's going to be another tough week I think."
He stressed the importance of organisations taking action to safeguard their data.
Dr Jakobsson said: "There's absolutely no excuse for any business not to have up to date systems. This is critical."
He added: "The real problem is that there's the human factor.
People are making mistakes. Whether it's about not patching things like in this situation or clicking on things in emails.
"And the attackers know this very well and they take advantage of it in a very clever way.
"Psychology is against us in a sense."
He went on: "This is a watershed event and we need to fear what this will do to the trust of the infrastructure."
Mummies found in Egypt ancient burial site
Egyptian archaeologists have discovered an ancient burial site holding at least 17 mummies, most of them fully intact, which could date back two millennia.
The funerary site also includes six sarcophagi, two clay coffins, two papyri written in demotic script as well as a number of vessels, according to the antiquities ministry.
It was uncovered eight metres below ground in the Touna-Gabal district of Minya, a province about 250 km (150 miles) south of Cairo.
The mummies were elaborately preserved, therefore likely belong to officials and priests.
Work at the site, which is close to an ancient animal cemetery, is only at a preliminary stage, so the discovery could be much bigger.
As many as 32 mummies may be in the chamber, including mummies of women, children and infants, said Salah al Kholi, a Cairo University Egyptology professor who led the mission.
The mummies have not yet been dated but are believed to date to Egypt's Greco-Roman period, a roughly 600-year span that followed the country's conquest by Alexander the Great in 332 BC, the researchers said.
Egypt hopes that recent discoveries can help revive its crucial tourism sector, which was hit hard by political turmoil since the 2011 uprising.
Archaeologists have excavated a slew of relics in recent months that include a nobleman's tomb from more than 3,000 years ago; 12 cemeteries that date back about 3,500 years; and a giant colossus believed to depict King Psammetich I, who ruled from 664 to 610 BC.
The funerary site also includes six sarcophagi, two clay coffins, two papyri written in demotic script as well as a number of vessels, according to the antiquities ministry.
It was uncovered eight metres below ground in the Touna-Gabal district of Minya, a province about 250 km (150 miles) south of Cairo.
The mummies were elaborately preserved, therefore likely belong to officials and priests.
Work at the site, which is close to an ancient animal cemetery, is only at a preliminary stage, so the discovery could be much bigger.
As many as 32 mummies may be in the chamber, including mummies of women, children and infants, said Salah al Kholi, a Cairo University Egyptology professor who led the mission.
The mummies have not yet been dated but are believed to date to Egypt's Greco-Roman period, a roughly 600-year span that followed the country's conquest by Alexander the Great in 332 BC, the researchers said.
Egypt hopes that recent discoveries can help revive its crucial tourism sector, which was hit hard by political turmoil since the 2011 uprising.
Archaeologists have excavated a slew of relics in recent months that include a nobleman's tomb from more than 3,000 years ago; 12 cemeteries that date back about 3,500 years; and a giant colossus believed to depict King Psammetich I, who ruled from 664 to 610 BC.
Subscribe to:
Posts (Atom)