U.K. health facilities crippled by a global cyber-attack that has affected upwards of 200,000 computers in more than 150 countries are finally getting back to normal. But Europol Executive Director Rob Wainwright warns that the worst has yet to come.
“At the moment, we’re in the face of an escalating threat,” he said, noting that there will likely be additional disruptions when the work week begins on Monday and people start turning on their computers.
Using a technique that was probably stolen from the U.S. National Security Agency, it was reported by Bloomberg that malware has infected computer systems in countries stretching from Eastern Europe to the U.S. and Asia, including the U.K.’s National Health Service, Russia’s Ministry of Interior, Germany’s Deutsche Bahn rail system, Nissan Motor Co., Renault SA, FedEx Corp., and many, many more.
Hackers were able to encrypt files within affected computers, thus making them inaccessible. To get them back to normal, they could demand a ransom, which usually cost victims $300 in bitcoins. Dutch security company Avast Software BV said that Russia and Ukraine have experienced a heavy concentration of infections.
“We’ve seen the rise of ransomware becoming the principal threat, I think, but this is something we haven’t seen before — the global reach is unprecedented,” Wainwright said.
The height of the attack took place on Friday and early Saturday. It has since been deemed the “biggest criminal cyber-attack in history,” according to U.K.’s Home Secretary Amber Rudd.
The initial attack targets personal computers with Microsoft Corp. operating systems. Microsoft released a “critical” security patch in March, but those who failed to install it were left unprotected. Microsoft said on Saturday that in light of the scope and seriousness of the breach, the company will provide the patch for older versions of Windows, including Windows XP and Windows Server 2003.
So far, criminals have raked in $30,000 worth of ransom money, and that amount is expected to rise substantially next week, according to Tom Robinson, chief operating officer and co-founder of Elliptic Enterprises Ltd., a ransomware consultant that works with banks and companies in the U.K., U.S. and Europe.
Companies such as FedEx have reported interference, and car manufacturer Renault was forced to stop production in some of its factories. In Germany, Deutsche Bahn experienced interference on train stations’ electronic displays, but travel was unaffected, according to the company’s website.
Ransomware tricks its victims into letting malicious software run on their computers. Some security expects predict that attackers could make as much as $1 billion a year from ransom payments.
A researcher in the U.K. has apparently stopped the attack by taking control of an Internet domain that acted as a kill switch for the worm’s propagation, according to Ars Technica.
“I will confess that I was unaware registering the domain would stop the malware until after I registered it, so initially it was accidental,” wrote the researcher, who goes by the Twitter handle @MalwareTechBlog. “So long as the domain isn’t revoked, this particular strain will no longer cause harm, but patch your systems ASAP as they will try again.”
Aleks Gostev, chief cybersecurity expert for Kaspersky Labs said that Russian-language cybercriminals were probably behind the attack, because they’ve been known to do it in the past. “Ransomware is traditionally their topic,” he said. “The geography of attacks that hit post-Soviet Union most also suggests that.”
To see more stories like this, sign up below for Dennis Michael Lynch’s email newsletter.
Sign up to get breaking news alerts from Dennis Michael Lynch.
Convicted terrorist elected as mayor