Log in, look out: Cyberattack havoc may grow at week’s start
‘Escalating threat’ has hit 200,000 victims since Friday
LONDON — Employees booting up computers at work today could see red as they discover they’re victims of a global “ransomware” cyberattack that has created chaos in 150 countries and could wreak even greater havoc as more malicious variations appear.
While a loose global network of cybersecurity experts fought a rearguard battle against ransomware hackers, officials and experts on Sunday urged organizations and companies to update operating systems immediately to ensure they aren’t vulnerable to a second, more powerful version of the software — or to future versions that can’t be stopped.
The initial attack, known as “WannaCry,” paralyzed computers that run Britain’s hospital network, Germany’s national railway and scores of other companies and government agencies worldwide in what was believed to be the biggest online extortion scheme ever recorded.
At least two variants of the rapidly replicating worm were discovered Sunday, and one did not include the so-called kill switch that allowed researchers to interrupt its spread Friday by diverting it to a dead end on the internet.
Ryan Kalember, senior vice president at Proofpoint Inc., which helped stop its spread, said the version without a kill switch was able to spread but was benign because it contained a flaw that wouldn’t allow it to take over a computer and demand ransom to unlock files. However, he said it’s only a matter of time before a malevolent version exists.
“I still expect another to pop up and be fully operational,” Kalember said. “We haven’t fully dodged this bullet at all until we’re patched against the vulnerability itself.”
The attack held users hostage by freezing their computers, popping up a red screen with the words, “Oops, your files have been encrypted!” and demanding money through online bitcoin payment — $300 at first, rising to $600 before it destroys files hours later.
It hit 200,000 victims across the world since Friday and is seen as an “escalating threat,” said Rob Wainwright, the head of Europol, Europe’s policing agency.
The effects were felt around the globe, disrupting computers that run factories, banks, government agencies and transport systems in nations as diverse as Russia, Ukraine, Brazil, Spain, India and the U.S. Britain’s National Health Service was hit hard, while Russia’s Interior Ministry and companies including Spain’s Telefonica, FedEx Corp. in the U.S. and French carmaker Renault all reported disruptions.
Chinese media reported Sunday that students at several universities were hit, blocking access to their thesis papers and dissertation presentations.
The full extent of the attack won’t become fully clear until today, when millions of workers return to the office for the first time after the attacks. By going online, they will open more avenues to spread the malicious software.
It was too early to say who was behind the onslaught, which struck 100,000 organizations, and what their motivation was, aside from the obvious demand for money. So far, not many people have paid the ransom demanded by the malware, Europol spokesman Jan Op Gen Oorth said.
Businesses, government agencies and other organizations were urged to quickly implement a patch released by Microsoft Corp. The ransomware exploits older versions of Microsoft’s operating system software, such as Windows XP.
Installing the patch is one way to secure computers against the virus. The other is to disable a type of software that connects computers to printers and faxes, which the virus exploits.