Ransomware hack fallout far from over Global rush to fix computers
TECHNICAL staff scrambled yesterday to patch computers and restore infected ones, amid fears that a ransomware worm that stopped car factories, hospitals, shops and schools could wreak fresh havoc today when employees log back on.
Cybersecurity experts said the spread of the virus dubbed WannaCry – “ransomware” that locked more than 100 000 computers – had slowed, but the respite might only be brief.
New versions of the worm were expected, they said, and the extent of the damage from Friday’s attack remained unclear.
Marin Ivezic, cybersecurity partner at PwC, said some clients had been “working around the clock” to restore systems and install software updates, or patches, or restore systems from backups.
Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm to spread across networks, a rare and powerful feature that caused infections to surge on Friday.
The code for exploiting that bug, known as “Eternal Blue”, was released on the internet in March by a hacking group known as the Shadow Brokers.
The group claimed it was stolen from a repository of National Security Agency hacking tools. The agency has not responded to requests for comment.
Hong Kong-based Ivezic said the ransomware was forcing some more “mature” clients affected by the worm to abandon their usual cautious testing of patches “to do unscheduled downtime and urgent patching”. He declined to identify which clients had been affected.
The head of the EU police agency said yesterday the cyber assault hit 200 000 victims in at least 150 countries and that number would grow when people returned to work today.
“The global reach is unprecedented… and among the victims count businesses, including large corporations,” said Europol director Rob Wainwright.
“At the moment, we face an escalating threat.
“The numbers are going up. I am worried about how the numbers will continue to grow when people go back to work and turn (on) their machines.”
Today was expected to be a busy day, especially in Asia which may not have seen the worst of the impact yet, as companies and organisations turned on their computers.
“Expect to hear a lot more when users are back in their offices and might fall for phishing e-mails” or other as yet unconfirmed ways the worm may propagate, said Christian Karam, a Singapore-based security researcher.
Targets large and small have been hit.
Renault said it had halted manufacturing at plants in France and Romania to prevent the spread of ransomware in its systems. Among the other victims is a Nissan manufacturing plant in Sunderland, England.
Hundreds of hospitals and clinics in the British National Health Service were infected on Friday, forcing them to send patients to other facilities.
German rail operator Deutsche Bahn said some electronic signs at stations announcing arrivals and departures were infected.
In Asia, some hospitals, schools, universities and other institutions were affected. International shipper FedEx Corp said some of its Windows computers were also breached.
Telecommunications company Telefonica was among the targets in Spain. Portugal Telecom and Telefonica Argentina were both targeted.
A Jakarta hospital said the cyber virus had infected 400 computers. It expected big queues today when about 500 people were due to register.
In Singapore, a company that supplies digital signage, MediaOnline, was rushing to fix its systems after a technician’s error had led to 12 kiosks being infected in two malls. The systems were not connected to the malls’ or tenants’ networks.