Fox News: After NSA tool used in Petya cyberattack, congressman urges agency to thwart malware

June 29, 2017
In The News

Democratic Congressman Ted Lieu wants the National Security Agency to stop the crippling Petya ransomware from spreading, if it can.

Petya sparked mass disruption after it emerged Tuesday. The first infections were seen in Ukraine, where Petya attacked 12,500 computers, according to Microsoft. The ransomware subsequently spread to 64 other countries, including Russia, Germany and the U.S. 

In a letter sent to NSA Director Adm. Mike Rogers, Lieu highlighted the suspected role of leaked NSA code in the ransomware attack. “My first and urgent request is that if the NSA knows how to stop this global malware attack, or has information that can help stop the attack, then NSA should immediately disclose it,” Lieu wrote in the letter. “If the NSA has a kill switch for this new malware attack, the NSA should deploy it now.”

“Given the ongoing threat, I urge NSA to continue actively working with companies like Microsoft to notify them of software vulnerabilities of which the Agency is aware,” Lieu added. “ I also urge the NSA to disclose to Microsoft and other entities what it knows that can help prevent future attacks based on malware created by the NSA.”

Experts have reported that latest round of ransomware harnesses the same NSA-developed EternalBlue Windows exploit as the WannaCry ransomware that wreaked havoc across the globe last month. This raises the possibility that the latest round of digital chaos is spreading using U.S. taxpayer-funded tools.

Security experts say that a digital "vaccine" can protect individual computers from the crippling Petya ransomware. However, experts have not yet found the so-called “kill switch” that would completely stop the ransomware attack.

Microsoft issued a patch for EternalBlue in March, although security researchers say that Petya highlights that many organizations have not addressed the vulnerabilities in their IT systems.

Citing various reports, Lieu noted that the global Petya and WannaCry ransomware attacks likely occurred because the NSA’s hacking tools were released to the public by a shadowy organization called the Shadow Brokers.

On Wednesday, the mysterious Shadow Brokers group re-emerged to taunt the NSA. The group, which has spent nearly a year publishing some of the American intelligence community's most closely guarded secrets, posted a new message to the user-driven news service Steemit carrying new threats, a new money-making scheme and nudge-nudge references to the ransomware explosion that caused disruption from Pennsylvania to Tasmania.

"Another global cyber attack is fitting end for first month of theshadowbrokers dump service," the group said, referring to a subscription service which purportedly offers hackers early access to some of the digital NSA's break-in tools. "There is much theshadowbrokers can be saying about this but what is point and having not already being said?"

Corey Thomas, CEO of cybersecurity specialist Rapid7, warns that yet more powerful cyber threats are likely to emerge. “In general, combined with the Shadow Brokers release, I think you’re going to continue to see people take creative approaches to leverage a new set of compromising techniques or vulnerabilities,” he said in an interview with Fox News.