Cyberattack havoc could grow as work week begins: Experts
LONDON — An unprecedented “ransomware” cyberattack that has already hit tens of thousands of victims in 150 countries could wreak even more havoc Monday as people return to their desks and power up their computers at the start of the work week.
Officials and experts on Sunday urged organizations and companies to update their operating systems immediately to ensure they aren’t vulnerable to a second, more powerful version of the malicious software. The cyberattack paralyzed computers that run Britain’s hospital network, Germany’s national railway and scores of other companies and government agencies worldwide.
The attack, already believed to be the biggest online extortion scheme ever recorded, is an “escalating threat” after hitting 200,000 victims across the world since Friday, according to the head of Europol, Europe’s policing agency.
“The numbers are still going up,” he said. “We’ve seen that the slowdown of the infection rate over Friday night, after a temporary fix around it, has now been overcome by a second variation the criminals have released.”
His concerns were echoed by James Clapper, former director of national intelligence under President Barack Obama. In an interview on ABC’s This Week, Clapper said the worry was “this ransomware attack will be even larger” as people return to their desks after the weekend.
The 200,000 victims included more than 100,000 organizations, Europol spokesman Jan Op Gen Oorth told The Associated Press. He said it was too early to say who was behind the onslaught and what their motivation was, aside from the obvious demand for money. So far, he said, not many people have paid the ransom demanded by the malware.
The attack held users hostage by freezing their computers, encrypting their data and demanding money through online bitcoin payment — $300 at first, rising to $600 before it destroys files hours later.
The effects were felt across the globe, with Britain’s National Health Service, Russia’s Interior Ministry and companies including Spain’s Telefonica, FedEx Corp. in the U.S. and French carmaker Renault all reporting disruptions.
Chinese media reported Sunday that students at several universities were hit, blocking access to their thesis papers and dissertation presentations.
Had it not been for a young British cybersecurity researcher’s accidental discovery of a so-called “kill switch,” the malicious software likely would have spread much farther and faster.
The 22-year-old researcher known as “MalwareTech,” who wanted to remain anonymous, said he spotted a hidden web address in the “WannaCry” code and made it official by registering its domain name. That move, which cost just $10.69, redirected the attacks to the server of Kryptos Logic, the security company where he works. The server operates as a “sinkhole” to collect information about malware — and in Friday’s case kept the malware from escaping.
While that quick thinking may have slowed the outbreak, MalwareTech said he was now looking into a possible second wave of attacks.
“It’s quite an easy change to make, to bypass the way we stopped it,” he told the AP.
Darien Huss, a 28-year-old research engineer who helped MalwareTech, agreed the threat was far from over.
“We could potentially see copycats mimic the delivery or exploit method they used,” he said.
Both joined security officials in urging organizations to protect themselves by installing security fixes right away, running antivirus software and backing up data elsewhere.
“Just patch their systems as soon as possible,” MalwareTech said. “It won’t be too late as long as they’re not infected. It should just be a case of making sure installing updates is enabled, installing the updates, and reboot.”
The ransomware appeared to exploit a vulnerability in Microsoft Windows that was purportedly identified by the U.S. National Security Agency for its own intelligence-gathering purposes. The NSA tools were stolen by hackers and dumped on the internet.