Ransomware attack: Brace for Monday, experts warn after cyber worm affects 2 lakh victims in 150 countries
“Expect to hear a lot more about this Monday morning when users are back in their offices and might fall for phishing emails” or other as yet unconfirmed ways the worm may propagate,” a Singapore-based security researcher said.
An unprecedented ransomware attack has hit 200,000 victims in at least 150 countries and that number could grow when people return to work on Monday, the head of the European Union’s police agency said on Sunday.
Cyber security experts say the spread of the virus dubbed WannaCry – “ransomware” which locked up computers in car factories, hospitals, shops and schools in several countries - has slowed, but that any respite might be brief.
Europol Director Rob Wainwright told ITV’s Peston on Sunday programme the attack was unique in that the ransomware was used in combination with “a worm functionality” so the infection spread automatically.
“The global reach is unprecedented. The latest count is over 200,000 victims in at least 150 countries, and those victims, many of those will be businesses, including large corporations,” he said.
“At the moment, we are in the face of an escalating threat. The numbers are going up; I am worried about how the numbers will continue to grow when people go to work and turn (on) their machines on Monday morning.”
He said Europol and other agencies did not yet know who was behind the attack but “normally it is criminally minded and that is our first working theory for obvious reasons”.
“Of course there are amounts that are being demanded, in this case relatively small amounts - $300 rising to $600 if you don’t pay within three days,” he said.
“(There have been) remarkably few payments so far that we’ve noticed as we are tracking this, so most people are not paying this, so there isn’t a lot of money being made by criminal organisations so far.”
Wainwright said Europol had been concerned about cyber security in the healthcare sector, which deals with a lot of sensitive data, but declined to comment on whether Britain’s National Health Service had been adequately funded.
Defence minister Michael Fallon told the BBC the government under Prime Minister Theresa May was spending around 50 million pounds on improving the computer systems in the NHS after warning the service that it needed to reduce its exposure to “the weakest system, the Windows XP”.
“The NHS was not particularly targeted. There were the same attacks applied to Nissan on Friday and in other areas of the economy and indeed around the world,” Fallon said.
“But let me just assure you, we are spending money on strengthening the cyber defence of our hospital system.”
In India, a red-coloured ‘critical alert’ has been issued by the Computer Emergency Response Team (CERT-In), the nodal agency that combats hacking, phishing and fortifies security-related defences of the Indian Internet domain.
Monday morning rush
Monday was expected to be a busy day, especially in Asia which may not have seen the worst of the impact yet, as companies and organisations turned on their computers.
“Expect to hear a lot more about this tomorrow morning when users are back in their offices and might fall for phishing emails” or other as yet unconfirmed ways the worm may propagate, said Christian Karam, a Singapore-based security researcher.
Symantec, a cybersecurity company, forecast infections so far would cost tens of millions of dollars, mostly from cleaning corporate networks. Ransoms paid amount to tens of thousands of dollars, one analyst said, but he predicted they would rise.
Governments and private security firms said on Saturday that they expected hackers to tweak the malicious code used in Friday’s attack, restoring the ability to self-replicate.
“This particular attack was relatively easy to shut down,” said Bryce Boland, Asia Pacific chief technology officer for FireEye, a cybersecurity company.
But he said it would be straightforward for the existing attackers to launch new releases or for other ransomware authors to start copying the way the malware replicated.
The US government on Saturday issued a technical alert with advice on how to protect against the attacks, asking victims to report any to the Federal Bureau of Investigation or Department of Homeland Security.