World & Canada News - June 29, 2017

In the World

'It's like Wanna Cry all over again': New ransom ware attack infects computers around the world

Victims include hospitals, government offices and major corporations, from Ukraine to U.S.

The Associated Press/June 27, 2017 

A new and highly virulent outbreak of ransomware - apparently sown in Ukraine - caused disruption across the world Tuesday. Following a similar attack in May, the fresh cyber-assault paralyzed some hospitals, government offices and major multinational corporations in a dramatic demonstration of how easily malicious programs can bring daily life to a halt.

Ukraine and Russia appeared hardest hit by the new strain of ransomware - malicious software that locks up computer files with all-but-unbreakable encryption and then demands a ransom for its release. In the United States, the malware affected companies such as the drugmaker Merck and Mondelez International, the owner of food brands such as Oreo and Nabisco.

Its pace appeared to slow as the day wore on, in part because the malware appeared to require direct contact between computer networks, a factor that may have limited its spread in regions with fewer connections to Ukraine.

The malware's origins remain unclear. Researchers picking the program apart found evidence its creators had borrowed from leaked National Security Agency code, raising the possibility that the digital havoc had spread using U.S. taxpayer-funded tools.

"The virus is spreading all over Europe and I'm afraid it can harm the whole world," said Victor Zhora, the chief executive of Infosafe IT in Kyiv, where reports of the malicious software first emerged early afternoon local time Tuesday.

In Ukraine, victims included top-level government offices, where officials posted photos of darkened computer screens, as well as energy companies, banks, cash machines, gas stations and supermarkets. Ukrainian Railways and the communications company Ukrtelecom were among major enterprises hit, Infrastructure Minister Volodymyr Omelyan said in a Facebook post.

The virus hit the radiation-monitoring at Ukraine's shuttered Chornobyl power plant, site of the world's worst nuclear accident, forcing it into manual operation.

Multinational companies, including the global law firm DLA Piper and Danish shipping giant A.P. Moller-Maersk were also affected, although the firms didn't specify the extent of the damage.

Ukraine bore brunt of attacks but U.S. also hit

Ukraine bore the brunt with more than 60 per cent of the attacks, followed by Russia with more than 30 per cent, according to initial findings by researchers at the cybersecurity firm Kaspersky Lab. It listed Poland, Italy and Germany, in that order, as the next-worst affected.

In the U.S, two hospitals in western Pennsylvania were hit; patients reported on social media that some surgeries had to be rescheduled. A spokesperson for Heritage Valley Health System would say only that operational changes had to be made. 

Security experts said Tuesday's global cyberattack shares something in common with last month's outbreak of ransomware, dubbed WannaCry . Both spread using digital lock picks originally created by the NSA and later published to the web by a still-mysterious group known as the Shadowbrokers.

Security vendors including Bitdefender and Kaspersky said the NSA exploit, known as EternalBlue, lets malware spread rapidly across internal networks at companies and other large organizations. Microsoft issued a security fix in March, but Chris Wysopal, chief technology officer at the security firm Veracode, said it would only be effective if every single computer on a network were patched - otherwise, a single infected machine could infect all others.

"Once activated, the virus can automatically and freely distribute itself on your network," Ukraine's cyberpolice tweeted.

Self-spreading software like a contagious disease

Bogdan Botezatu, an analyst with Bitdefender, compared such self-spreading software to a contagious disease. "It's like somebody sneezing into a train full of people," he said.

Ryan Kalember, a security expert at Proofpoint, said one reason the attacks appeared to be slowing down was that the ransomware appears to spread only when a direct contact exists between two networks - such as when a global company's Ukraine office interacts with headquarters.

But once it hits a computer on a network, it spreads quickly, even among computers that have applied the fix for the NSA exploit.

"It's more harmful to the organization that it affects, but because it's not randomly spreading over the internet like WannaCry, it's somewhat contained to the organizations that were connected to each other," Kalember said.

$300 in bitcoin demanded

Botezatu said the new program appeared nearly identical to GoldenEye, a variant of a known family of hostage-taking programs known as "Petya." It demanded $300 in bitcoin.

Unlike typical ransomware, which merely scrambles personal data files, the program wreaking havoc Tuesday overwrites a computer's master boot record, making it tougher to restore even a machine that has been backed up, said Kalember.

It may have first spread through a rogue update to a piece of Ukrainian accounting software called MEDoc, according to tweets by the country's cyberpolice unit. It said a rogue update seeded the infection across Ukraine. In a lengthy statement posted to Facebook, MEDoc acknowledged having been hacked.

The motives of those behind the malware remain unknown. Ukraine has been a persistent target of pro-Russian hackers, who are blamed for twice shutting down large swaths of its power grid in the dead of winter and sabotaging its elections system in a bid to disrupt May 2014 national elections.

In an interview with CBC News, cybersecurity expert Mark Rasch said, "This could have been a targeted attack at, say, ... Ukraine, or particular infrastructure, that simply got away from the author and now has all these secondary consequences."

Rasch said to expect more of these kinds of cyberattacks in the future. "The problem here is this - the tools that we developed to be able to protect ourselves, like encrypts of our data so nobody can read it, can then be used against us by the bad guys who will encrypt our data so we can't read it."

Emails sent Tuesday to an address posted to the bottom of ransom demands went unreturned. That might be because the email provider hosting that address, Berlin-based Posteo, pulled the plug on the account before the infection became widely known.

In an email, a Posteo representative said it had blocked the email address "immediately" after learning that it was associated with ransomware. The company added that it was in contact with German authorities "to make sure that we react properly."

And in Canada

Trevor Redmond is taking his 22,000-km journey across Canada one step at a time

By Alexander Quon Online Producer/Reporter/Global News/June 27, 2017

Most people wouldn’t imagine walking across Canada even if they were in perfect health, but for Trevor Redmond it’s almost become a way of life.

Later this week he’ll embark on a 22,000-kilometre journey across Canada despite being struck by a car at the age of 15. He was left with injuries that should’ve left him incapable of walking without assistance.

“They said I’d be using a cane to maneuver for the rest of my life with,” said the 46-year-old Nova Scotia-born traveller. “Instead, I’m about to put more kilometers on my leg.”

Redmond, who now lives in Calgary, is hoping to inspire all Canadians to move and grow. On the way, he’ll be raising funds and awareness for Brigadoon Village - a non-profit facility for children living with chronic illness.

While he is a veteran of traversing Canada - having walked 11,421 kilometres across Canada in 2006 and bicycled 14,632 kilometres in 2009 - Redmond says that he’s determined to visit more rural and underserved communities in Canada.

“I’m not sure how many more trips I’m going to be able to take,” he said.

Redmond will be starting off on his journey from G.R. Saunders Elementary school in Stellarton, N.S., on Canada’s 150th birthday.

He said it’s the perfect place for him for his journey to begin and end. The school is near Pleasant Street, something that he hopes will translate to the long road ahead of him.

It’ll take about 850 days to complete the round trip. If everything goes according to plan he should arrive in Vancouver, B.C., in late 2018 before turning around and heading back to Stellarton.

When Redmond leaves he’ll take part in Stellarton’s Canada Day parade before continuing on his journey. He says the support he gets from the people he meets on the way is what keeps him going.

“I can say for at least the first half of the day [of the trip] I don’t think I’ll be lonely,” he said. “I think that event will carry me onwards … to where there will be more people who can see me go forward.”