Monday blues: Damage may escalate; new ransomware attack possible, says Europol
The virus, which took control of users' files, spread to 100 countries, including India, the UK, Spain, France and Russia.
The “unprecedented” ransomware cyberattack has hit as many as 200,000 victims in over 150 countries, Europe’s leading security chief said on Sunday and warned of another “imminent attack”.
The countries, including India, were hit by what is believed to be the biggest-ever recorded cyberattack on Friday with investigators looking for those behind the hack that affected systems at banks, hospitals and government agencies globally, media reports said.
“At the moment, we are in the face of an escalating threat. The numbers are going up, I am worried about how the numbers will continue to grow when people go to work and turn (on) their machines on Monday morning,” Europol Director Rob Wainwright said.
The threat was “escalating” as cyber experts warned that another attack was imminent in coming days, he said.
“The global reach is unprecedented. The latest count is over 200,000 victims in at least 150 countries and those victims many of those will be businesses including large corporations,” Wainwright told ITV news channel.
U.K.’s NHS hit
Friday’s ransomware attack hit over 125,000 computer systems, with 48 National Health Service (NHS) trusts having to cancel appointment and operations. Patients of the state-funded countrywide service faced chaos as appointments and surgeries had to be cancelled.
The virus, which took control of users’ files, spread to 100 countries, including India, the UK, Spain, France and Russia.
Oliver Gower of the UK’s National Crime Agency said, “Cyber criminals may believe they are anonymous, but we will use all the tools at our disposal to bring them to justice.”
After taking computers over, the virus displayed messages demanding a payment of $300 in virtual currency Bitcoin to unlock files and return them to the user.
BBC analysis of three accounts linked with the global attack suggests the hackers have already been paid the equivalent of £22,080 ($28,458).
Individuals and organisations were discouraged from paying the ransom, as it was not guaranteed that the access would be restored.
MalwareTech, who wants to remain anonymous, was hailed as an “accidental hero” after registering a domain name to track the spread of the virus, which actually ended up halting it.
Investigators are working to track down those responsible for the ransomware used on Friday, known as Wanna Decryptor or WannaCry.
Vulnerable Microsoft software
The virus exploits a vulnerability in Microsoft Windows software, first identified by the US National Security Agency.
A security update was released by Microsoft in March to protect against the virus.
However, it seems that many NHS trusts had not applied it or were using an older version of the operating system which is no longer supported — Windows XP.
NHS Digital said that 4.7 per cent of devices within the NHS use Windows XP, with the figure continuing to decrease.
Microsoft has now sent out patches for WindowsXP in an attempt to limit the damage, while the NHS took steps over the weekend to send out the recent security updates for trusts who had not put it in place.
The hackers are believed to have used “cyber weapons” stolen from the US’ National Security Agency to lock up computers and hold users’ files for ransom.
The most disruptive attacks were reported in the UK, where hospitals and clinics were forced to turn away patients after losing access to computers.
Prior warning
An Indian-origin doctor based in London had warned against the cyber-hack of the NHS just days before it crippled the country’s network.
Dr Krishna Chinthapalli, a neurology registrar at the National Hospital for Neurology and Neurosurgery in London, had warned that an increasing number of hospitals could be shut down by ransomware attacks in an article on the vulnerability of the NHS network in the ‘British Medical Journal’ on Wednesday, two days before the major cyber-hack.
He had highlighted an incident at Papworth Hospital near Cambridge where a nurse clicked on a malicious link and malware infected her computer and started to encrypt sensitive files.