World braces for cyberbug
SINGAPORE/TORONTO: The ransomware worm that stopped car factories, hospitals, shops and schools over the weekend could wreak fresh havoc on Monday when employees log back on, cyber security experts warned.
The spread of the virus ‘WannaCry’, which locked up more than 100,000 computers, had slowed on Sunday, but new versions of the worm were expected even while the world was yet to take stock of the extent of damage from Friday’s attack.
Marin Ivezic, cybersecurity partner at PwC, said some clients had been “working around the clock since the story broke” to restore systems and install software updates or restore systems from backups.
Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm to spread across networks.
Code for exploiting that bug, known as “Eternal Blue,” was released in March by a hacking group known as the Shadow Brokers.
The group claimed it was stolen from a repository of National Security Agency hacking tools.
The agency has not responded to requests for comment.
The US cybersecurity researcher who helped halt the WannaCry attack, Darien Huss, said on Sunday that it wouldn’t be difficult for those responsible to re-release it or for others to mimic it — and this time it would not be reined in.
“This particular attack was relatively easy to shut down,” agreed Bryce Boland, Asia Pacific chief technology officer for FireEye.
MONDAY MORNING RUSH?
Monday is expected to be a busy day, especially in Asia which may not have seen the worst of the impact yet, as companies and organisations turn on their computers.
Some of the world’s largest institutions and government agencies have been affected so far, including the Russian interior ministry, FedEx in the US and Britain’s National Health Service.
Other major hits included automaker Renault and its arm Dacia, the Nissan plant in northeast England, German rail operator Deutsche Bahn, Spain’s telecom giant Telefonica, Portugal Telecom and Telefonica Argentina, and a hospital in Jakarta that cautioned of big queues on Monday when about 500 people were due to register.
Cybersecurity company Symantec predicted infections so far would cost tens of millions of dollars, mostly from cleaning corporate networks.
Ransoms paid amount to tens of thousands of dollars, one analyst said, but it is generally predicted to surge when the deadline to pay the ransom approaches, and people start paying up once news spreads that payment solves the problem. One estimate put it as high as a billion dollars, but till Saturday, some $33,000 had been paid into the several bitcoin accounts associated with the ransomware, according to Elliptic, a company that tracks online financial transactions involving virtual currencies
The US government on Saturday issued a technical alert with advice on how to protect against the attacks, asking victims to report attacks to the FBI.