RAN­SOMWARE THREAT LINGERS

Spread of Wan­naCry has slowed but ex­perts warn of new virus ver­sions

New Straits Times - - Business -

SIN­GA­PORE/TORONTO

TECH­NI­CAL staff scram­bled yes­ter­day to patch com­put­ers and re­store in­fected ones, amid fears that the ran­somware worm that stopped car fac­to­ries, hos­pi­tals, shops and schools could wreak fresh havoc to­day when em­ploy­ees log back on.

The spread of the virus dubbed Wan­naCry — “ran­somware” which locked up more than 100,000 com­put­ers — had slowed, said cy­berse­cu­rity ex­perts, but they warned that the respite might be brief.

New ver­sions of the worm are ex­pected and the ex­tent of the dam­age from Fri­day’s at­tack was still un­clear.

PwC cy­berse­cu­rity part­ner Marin Ivezic said some had been “work­ing around the clock” to re­store sys­tems and in­stall soft­ware up­dates, or patches, or re­store sys­tems from back­ups.

Mi­crosoft re­leased patches last month and on Fri­day to fix a vul­ner­a­bil­ity that al­lowed the worm to spread across net­works, a rare and pow­er­ful fea­ture that caused in­fec­tions to surge on Fri­day.

Code for ex­ploit­ing that bug, which is known as “Eter­nal Blue”, was re­leased on the In­ter­net in March by a hack­ing group known as the Shadow Bro­kers.

Hong Kong-based Ivezic said the ran­somware was forc­ing some more “ma­ture” clients to aban­don their usual cau­tious test­ing of patches “to do un­sched­uled down­time and ur­gent patch­ing which is caus­ing in­con­ve­nience”.

To­day is ex­pected to be a busy day, es­pe­cially in Asia, which may not have seen the worst of the im­pact yet, as firms and or­gan­i­sa­tions turn on their com­put­ers.

“Ex­pect to hear a lot more about this in the morn­ing when users are back in their of­fices and might fall for phish­ing emails” or other as yet un­con­firmed ways the worm might prop­a­gate, said Sin­ga­pore-based se­cu­rity re­searcher Chris­tian Karam.

Tar­gets both large and small have been hit. Re­nault on Satur­day said it had halted man­u­fac­tur­ing at San­dou­ville and Ro­ma­nia plants to pre­vent the spread.

Among the other vic­tims is a Nissan plant in Sun­der­land, north­east Eng­land. Hun­dreds of hos­pi­tals and clin­ics in the Bri­tish Na­tional Health Ser­vice were in­fected on Fri­day, forc­ing them to send pa­tients to other fa­cil­i­ties.

Ger­man rail op­er­a­tor Deutsche Bahn said some elec­tronic signs at sta­tions an­nounc­ing ar­rivals and depar­tures were in­fected.

FedEx Corp said some Win­dows com­put­ers were breached.

Tele­fon­ica was among the tar­gets in Spain. Por­tu­gal Tele­com and Tele­fon­ica Ar­gentina both said they were also tar­geted.

A Jakarta hospi­tal said the cy­ber virus had in­fected 400 com­put­ers, dis­rupt­ing the regis­tra­tion and records of pa­tients.

In Sin­ga­pore, a dig­i­tal sig­nage sup­plier Me­di­aOn­line was rush­ing to fix its sys­tems after a tech­ni­cian’s er­ror had led to 12 kiosks be­ing in­fected in two malls.

Sy­man­tec pre­dicted in­fec­tions so far would cost tens of mil­lions of dol­lars, mostly from clean­ing cor­po­rate net­works. Reuters

Newspapers in English

Newspapers from Malaysia

© PressReader. All rights reserved.