Workweek may bring a new cyber threat
Small businesses, hospitals at risk as virus may expand
USA TODAY
Computers shut down over the weekend may be harboring a virulent ransomware virus ready to attack Monday as a new workweek kicks in, officials warned.
A massive attack Friday from the “WannaCry” malware crippled more than 20% of hospitals in the United Kingdom and affected more than 200,000 victims in 150 countries, said Rob Wainwright, the head of the European Union’s “Europol” law enforcement agency. The software, which spreads among Windows computers, infects and then locks up individual machines, demanding a ransom to be paid in the electronic currency Bitcoin. The attack mostly affected computers in Europe and Asia and spared North America.
In some cases, hospital staff in England were forced to take notes with pens and paper and had to cancel or reschedule procedures because their computers weren’t working. Computers are often needed to control diagnostic or surgical equipment. Wainwright said banks have been unaffected because they invested heavily in computer security following previous attacks.
A computer security expert on Friday afternoon managed to blunt the attack, but Wainwright said the virus was changed over the weekend and could be poised to expand what he called an already “unprecedented” attack.
“It sends a very clear message, I think, that all sectors are vulnerable and all sectors should take seriously the need to run updated systems and patch when they can do that,” Wainwright told a British TV station Sunday.
Experts say hospitals and smaller businesses have been lax about updating their software and warn that failure to act endangers lives. Europol is sharing a tool to prevent further virus spread, but it could be too late for computers that are already infected but not yet switched on.
Monday could bring fresh problems as users restart their computers at the start of the workweek, especially if they haven’t been “patched” to remove the vulnerability the virus exploits.
American computers appeared unaffected, said Michael Daly, the chief technology officer of Raytheon Cybersecurity and Special Missions, largely because of more diligent protections.
“Gone are the days of simple annoyance with viruses and worms (like) flashing screens and website defacement,” he said. “With ransomware and other destructive malware, time is of the essence.”
At its core, the attack is an extortion scheme aimed at forcing hospitals and other organizations to pay a ransom to avoid having their data deleted. Infected computers showed a screen giving the user three days to pay up. After that, the price would be doubled. After seven days the files would be deleted, it threatened.
But ransom aside, the virus caused widespread problems for everything from transport facilities to universities across Europe and in Ukraine, India and Russia. The attack apparently exploited a flaw exposed in documents leaked from the U.S. National Security Agency.
What’s worse is that even though this specific flaw may have been “patched,” hackers may be able to use similar techniques to strike again, said Craig Williams of Cisco Talso, a San Jose, Calif.-based security firm. “I expect we’re going to see new variants roll out soon.”