The so-called “ransomware” cyberattack which paralyzed computers at factories, banks, government agencies and transport systems in countries around the world, has dropped in intensity today, although experts warn that new versions of the virus could emerge.
The cyberattack has hit at least 150 countries since Friday and infected 200,000 machines, according to European law enforcement agency Europol. The “WannaCry” worm locks users out of their computers and demands that victims pay hundreds of dollars to regain control of their information. Cybersecurity experts say the worm affects computers using Microsoft operating systems and takes advantage of a vulnerability in the software to spread the infection.
WannaCry is particularly malicious because it takes just one person to click on an infected link or email attachment to cause the virus to spread to other machines on the same network. Infected computers are frozen and display a big message in red informing users, “Oops, your files have been encrypted!” and demands about $300 in online bitcoin payment. Victims have only hours to pay the ransom, which rises to $600 before the files are destroyed.
Just who is behind the attack is still unknown. However, Europol warns that paying the ransom doesn’t guarantee that users will get everything back. And giving the hackers what they want proves the worm is effective, the agency said.
“As a result, cybercriminals will continue their activity and look for new ways to exploit systems that result in more infections and more money in their accounts,” Europol said in a statement.
The agency said Monday that “very few” people have paid the ransom. Experts say the attackers have made just over $51,000.
The cyberattack seems to have been stopped by an anonymous researcher, who goes by the name “MalwareTech”, who found an unregistered domain name in the ransomware and bought it for $10.69. Then, he or she explained in a blog post over the weekend, they pointed the domain to a sinkhole, or a server that collects and analyzes malware traffic. What they didn’t realize was that the domain was actually a kill switch—a way for someone to take control of the ransomware.
Experts now urge organizations and companies to immediately update older Microsoft operating systems, such as Windows XP, with a patch released by Microsoft Corp. to limit vulnerability to a more powerful version of the malware. Microsoft distributed a patch two months ago that protected computers from such an attack, but many organizations may have missed it among other updates and patches.
In the meantime, as CNN reports, Microsoft’s top lawyer said Sunday that the on-going cyberattacks, which experts call the largest in history, should be a “wake-up call” for governments—especially the U.S. Brad Smith, Microsoft’s chief legal officer, said Sunday in a blog post that Microsoft, its customers and the government all share the blame.
Smith said Microsoft has the “first responsibility” to address the problem. But he also placed fault in national governments. The security flaw that hackers used to launch the attacks Friday was made public after information was stolen from the U.S. National Security Agency, which routinely searches for flaws in software and builds tools to exploit them.
“This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem,” Smith posted, while adding that “repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage.” Smith further wrote that “an equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.”
The government isn’t legally bound to notify at-risk companies, and that’s wrong, Smith posted, before explaining that it is Microsoft’s position that cyberattack protection is a “shared responsibility” between companies and customers. He said tech companies, customers and the government need to “work together” to protect against cyberattacks.
“More action is needed, and it’s needed now,” Smith posted.
What are your thoughts on ransomware attacks and potential impact on supply chains? Do you believe tech firms, the government and private companies should work together to protect future cyberattacks?