Beware world
Cyberattack hero warns of a second wave
THE 22-YEAR-OLD British computer nerd who stopped a historic global cyberattack warned Sunday that a second wave of more malicious software is on the horizon.
The tech whiz — known by his Twitter handle, MalwareTech — tweeted that “version 2.0” of the ransom software “will likely remove the flaw” that allowed him to disable the wave of infections that began Friday.
The malware encrypts users’ files and demands a ransom of $300 to $600 in Bitcoin to unlock it. At least 200,000 computers in more than 150 countries have been infected, according to the European Union’s police agency, Europol.
The savvy techie was able to halt the malware by buying a web domain name that held the “kill switch” for the attack. By owning a URL appearing in the software’s code, he created what’s called a “sinkhole,” halting the infections from that version of the malware.
But Windows users should download the latest security updates as soon as possible, he said.
“One thing that is very important to note is our sinkholing only stops this sample and there is nothing stopping them removing the domain check and trying again, so it’s incredibly important that any unpatched systems are patched as quickly as possible,” he warned.
The malicious software exploited a vulnerability in Windows, which was exposed through a leak of National Security Agency cyberweapons in April. Microsoft released a security update to fix the problem, but computers that haven’t installed the latest updates remain vulnerable.
Microsoft criticized the NSA’s practice of keeping vulnerabilities it discovers secret so spies can use them to the government’s advantage.
“This most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today — nation-state action and organized criminal action,” Brad Smith, Microsoft’s president and chief legal officer, said in a statement.
Experts feared that Monday — the start of the workweek — would reveal the attack was even worse than believed. Many office workers, especially in Asia, may return to work to find their computers infected, they said.
Variants of the malware, known as WanaCryptor 2.0 or WannaCry, have already begun appearing, as well.
“It really would not be so difficult for the actors behind this to re-release their code without a kill switch or with a better kill switch,” said Darien Huss, a 28-year-old research engineer who helped stop the attack.
The attack is believed to be the biggest online extortion ever recorded, disrupting services in nations as diverse as the U.S., Ukraine, Brazil, Spain and India.