Cyberattack wave ebbs; experts see risk of more
LONDON: The “ransomware” cyberattack that hit companies and governments around the world ebbed in intensity on Monday, though experts warned that new versions of the virus could emerge.
Thousands more infections were reported Monday, largely in Asia, which had been closed for business when the malware first struck on Friday. The cases were more contained, however, than the systemic outbreak that last week paralyzed computers running factories, banks, government agencies and transport systems around the world. Many of the 200,000 victims in more than 150 countries were still struggling to recover from the first attack of the socalled “WannaCry” virus.
Carmaker Renault said one of its French plants, which employs 3,500 people, did not reopen on Monday as a “preventative step.”
Britain’s National Health Service (NHS) said about a fifth of NHS trusts were hit by the attack on Friday, leading to thousands of canceled appointments and operations. Seven of the 47 affected trusts were still having IT problems on Monday. As cybersecurity firms worked around the clock to monitor the situation and install a software patch, new variants of the rapidly replicating malware were discovered on Sunday. One did not include the so-called kill switch that allowed researchers to interrupt the malware’s spread by diverting it to a dead end on the Internet.
Ryan Kalember, senior vice president at Proofpoint Inc., which helped stop its spread, said the version without a kill switch could spread. It was benign because it contained a flaw that prevented it from taking over computers and demanding a ransom to unlock files but other more malicious ones will likely pop up.
Lynne Owens, director-general of Britain’s National Crime Agency (NCA), said there was no indication of a second surge of the cyberattack. “But that does not mean there won’t be one.”
On Monday, Chinese state media said 29,372 institutions there had been infected along with hundreds of thousands of devices.
In Japan, 2,000 computers at 600 locations were reported to have been affected. Companies including Hitachi and Nissan Motor Co. reported problems but said they had not seriously affected their operations. In Indonesia, the malware locked patient files on computers in two hospitals in the capital, Jakarta, causing delays.
In Britain, the government denied allegations that lax cybersecurity in the financially stretched, state-funded health service had helped the attack spread.
Experts urged organizations and companies to immediately update older Microsoft operating systems, such as Windows XP, with a patch released by Microsoft Corp. to limit vulnerability to a more powerful version of the malware — or to future versions that cannot be stopped.
The attack held users hostage by freezing their computers, popping up a red screen with the words, “Oops, your files have been encrypted!” and demanding money through online bitcoin payment — $300 at first, rising to $600 before it destroys files hours later.
Microsoft distributed a patch two months ago that protected computers from such an attack but in many organizations, it was likely lost among the blizzard of updates and patches that large corporations and governments strain to manage.