Ransomware: Businesses brace for Monday as cyberattack threat lingers
15 May, 2017, 19:39
It hit 200,000 victims across the world since Friday and is seen as an "escalating threat", said Rob Wainwright, the head of Europol, Europe's policing agency.
He said Russian Federation and India were hit particularly hard, largely because Microsoft's Windows XP - one of the operating systems most at risk - was still widely used there.
Experts said it appeared that the ransomware had made just over $32,000, although they expected that number to pop when people went back into the office Monday.
"It is important to understand that the way these attacks work means that compromises of machines and networks that have already occurred may not yet have been detected, and that existing infections from the malware can spread within networks", the UK's National Cyber Security Centre said in a statement.
Given the attack's widespread nature, even such a small sum would stack up quickly, though few victims seem to be paying up so far.
The attacks used ransomware that apparently exploited a security flaw in Microsoft operating systems, locking users' files unless they pay the attackers a designated sum in the virtual currency Bitcoin.
Microsoft said it had taken the "highly unusual step" of releasing a patch for computers running older operating systems.
The National Cyber Security Centre said: "That, as a new working week begins it is likely, in the United Kingdom and elsewhere that further cases of ransomware may come to light, possibly at a significant scale".
"We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits", Smith wrote. Payments were demanded for access to be restored.
The 22-year-old British cyber researcher who found the kill switch said he was now looking into a possible second wave of attacks. This attack has impacted many large services and organizations, including hospitals in England, a telecom and natural gas company in Spain, and FedEx. It has been suspected for some time now that the malware came from a cache of hacking tools reportedly stolen by hacking group Shadow Brokers from the NSA and leaked on the internet.
"The government has also taken additional security measures at public institutions, which include reinforcing their firewalls", he added.
"This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem", Microsoft President and Chief Legal Officer Brad Smith said in a blog post on Sunday, comparing the recent leaks of NSA and Central Intelligence Agency hacking tools to, in the real world, the theft of cruise missiles.
Microsoft released a further patch on Friday in an attempt to stop the massive ransomeware worm from spreading across networks.
Ransomware encrypts a computer hard drive and then demands an online payment for a key to unlock the data.