RANSOMWARE THREAT LINGERS
Spread of WannaCry has slowed but experts warn of new virus versions
SINGAPORE/TORONTO
TECHNICAL staff scrambled yesterday to patch computers and restore infected ones, amid fears that the ransomware worm that stopped car factories, hospitals, shops and schools could wreak fresh havoc today when employees log back on.
The spread of the virus dubbed WannaCry — “ransomware” which locked up more than 100,000 computers — had slowed, said cybersecurity experts, but they warned that the respite might be brief.
New versions of the worm are expected and the extent of the damage from Friday’s attack was still unclear.
PwC cybersecurity partner Marin Ivezic said some had been “working around the clock” to restore systems and install software updates, or patches, or restore systems from backups.
Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm to spread across networks, a rare and powerful feature that caused infections to surge on Friday.
Code for exploiting that bug, which is known as “Eternal Blue”, was released on the Internet in March by a hacking group known as the Shadow Brokers.
Hong Kong-based Ivezic said the ransomware was forcing some more “mature” clients to abandon their usual cautious testing of patches “to do unscheduled downtime and urgent patching which is causing inconvenience”.
Today is expected to be a busy day, especially in Asia, which may not have seen the worst of the impact yet, as firms and organisations turn on their computers.
“Expect to hear a lot more about this in the morning when users are back in their offices and might fall for phishing emails” or other as yet unconfirmed ways the worm might propagate, said Singapore-based security researcher Christian Karam.
Targets both large and small have been hit. Renault on Saturday said it had halted manufacturing at Sandouville and Romania plants to prevent the spread.
Among the other victims is a Nissan plant in Sunderland, northeast England. Hundreds of hospitals and clinics in the British National Health Service were infected on Friday, forcing them to send patients to other facilities.
German rail operator Deutsche Bahn said some electronic signs at stations announcing arrivals and departures were infected.
FedEx Corp said some Windows computers were breached.
Telefonica was among the targets in Spain. Portugal Telecom and Telefonica Argentina both said they were also targeted.
A Jakarta hospital said the cyber virus had infected 400 computers, disrupting the registration and records of patients.
In Singapore, a digital signage supplier MediaOnline was rushing to fix its systems after a technician’s error had led to 12 kiosks being infected in two malls.
Symantec predicted infections so far would cost tens of millions of dollars, mostly from cleaning corporate networks. Reuters