Sun Sentinel Palm Beach Edition
Global cyberattack could grow worse
Officials worry “ransomware” will infect more vulnerable computers.
LONDON — An unprecedented “ransomware” cyberattack that has already hit tens of thousands of victims in 150 countries could wreak greater havoc as more malicious variations appear and people return to their desks Monday and power up computers at the start of the workweek.
As a loose global network of cybersecurity experts battled ransomware hackers, officials on Sunday urged organizations and companies to update operating systems immediately to ensure they aren’t vulnerable to a more powerful version of the software or to future versions.
The initial ransomware attack, known as “WannaCry,” paralyzed computers that run Britain’s hospital network, Germany’s national railway and scores of other companies and government agencies worldwide in what was believed to be the biggest online extortion scheme ever recorded.
It hit 200,000 victims across the world since Friday and is seen as an “escalating threat,” said Rob Wainwright, the head of Europol, Europe’s policing agency.
“The numbers are still going up,” Wainwright said. “We’ve seen that the slowdown of the infection rate over Friday night, after a temporary fix around it, has now been overcome by a second variation the criminals have released.”
At least two variants of the rapidly replicating worm were discovered Sunday, and one did not include the so-called kill switch that allowed researchers to interrupt its spread by diverting it to a dead end on the internet.
Ryan Kalember, senior vice president at Proofpoint Inc. which helped stop its spread, said the version without a kill switch was able to spread but that it contained a flaw that wouldn’t allow it to take over a computer and demand ransom to unlock files. However, he said it’s only a matter of time before a malevolent version exists.
“I still expect another to pop up and be fully operational,” Kalember said. “We haven’t fully dodged this bullet at all until we’re patched against the vulnerability itself.”
The attack held users hostage by freezing their computers, encrypting their data and demanding money through online bitcoin payment — $300 at first and increasing to $600 before it destroys files hours later.
It was too early to say who was behind the onslaught, which struck 100,000 organizations, and to establish any motivation aside from demand for money. So far, not many people have paid the ransom demanded by the malware, said Europol spokesman Jan Op Gen Oorth.
The effects were felt around the globe, disrupting computers that run factories, banks, government agencies and transport systems in nations including Russia, Ukraine, Brazil, Spain, India and the U.S. Britain’s National Health Service was hit hard, while Russia’s Interior Ministry and companies including Spain’s Telefonica, FedEx Corp. in the U.S. and French carmaker Renault all reported disruptions.
Chinese media reported Sunday that students at several universities were hit, blocking access to their thesis papers and dissertation presentations.
Researchers who helped prevent the spread of the malware and cybersecurity firms worked around the clock during the weekend to monitor the situation and install a software patch in corporations across the U.S., Europe and Asia that would block the worm from infecting computers.
Businesses, government agencies and other organizations were urged to implement a patch released by Microsoft Corp. The ransomware exploits older versions of Microsoft’s operating system software, such as Windows XP.
Microsoft distributed a patch that could have forestalled much of the attack, but in many organizations it was likely lost among the blizzard of updates and patches that large corporate and government IT departments strain to manage.