Businesses scrambling to protect systems as ransomware threat lingers

Businesses scrambling to protect systems as ransomware threat lingers
This photograph, posed as an illustration on May 12, shows the website of Britain's state-run National Health Service (NHS) notifying users of a problem in its network. (AFP)
Updated 15 May 2017
Follow

Businesses scrambling to protect systems as ransomware threat lingers

Businesses scrambling to protect systems as ransomware threat lingers

SINGAPORE/TORONTO: Technical staff scrambled on Sunday to patch computers and restore infected ones, amid fears that the ransomware worm that stopped car factories, hospitals, shops and schools could wreak fresh havoc on Monday when employees log back on.
Cybersecurity experts said the spread of the virus dubbed WannaCry ransomware, which locked up more than 200,000 computers, had slowed but the respite might only be brief.
New versions of the worm are expected, they said, and the extent of the damage from Friday’s attack remains unclear.
Infected computers appear to largely be out-of-date devices that organizations deemed not worth the price of upgrading or, in some cases, machines involved in manufacturing or hospital functions that proved too difficult to patch without possibly disrupting crucial operations, security experts said.
Marin Ivezic, a cybersecurity partner at PwC, said that some clients had been “working around the clock since the story broke” to restore systems and install software updates, or patches, or restore systems from backups.
Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm to spread across networks, a rare and powerful feature that caused infections to surge on Friday.
Code for exploiting that bug, which is known as “Eternal Blue,” was released on the Internet in March by a hacking group known as the Shadow Brokers. The group claimed it was stolen from a repository of National Security Agency (NSA) hacking tools. The agency has not responded to requests for comment.
Hong Kong-based Ivezic said that the ransomware was forcing some more “mature” clients affected by the worm to abandon their usual cautious testing of patches “to do unscheduled downtime and urgent patching, which is causing some inconvenience.”
He declined to identify which clients had been affected.
The head of the EU police agency said on Sunday the cyber assault hit 200,000 victims in at least 150 countries and that number will grow when people return to work on Monday.
“The global reach is unprecedented ... and those victims, many of those will be businesses, including large corporations,” Europol Director Rob Wainwright told Britain’s ITV.
“At the moment, we are in the face of an escalating threat. The numbers are going up, I am worried about how the numbers will continue to grow when people go to work and turn (on) their machines on Monday morning.”
Monday was expected to be a busy day, especially in Asia which may not have seen the worst of the impact yet, as companies and organizations turned on their computers.
In Asia, some hospitals, schools, universities and other institutions were affected. International shipper FedEx Corp said some of its Windows computers were also breached.
Account addresses hardcoded into the malicious WannaCry software code appear to show the attackers had received just under $32,500 in anonymous bitcoin currency as of 1100 GMT on Sunday, but that amount could rise as more victims rush to pay ransoms of $300 or more to regain access to their computers, just one day before the threatened deadline expires.
The threat receded over the weekend after a British-based researcher, who declined to give his name but tweets under the profile @MalwareTechBlog, said he stumbled on a way to at least temporarily limit the worm’s spread by registering a web address to which he noticed the malware was trying to connect.
Security experts said his move bought precious time for organizations seeking to block the attacks.
Researchers remained on high alert for new variants that could lead to a fresh wave of infections. Researchers from three security firms dismissed initial reports on Saturday that a new version of WannaCry/WannaCrypt had emerged, saying this was based on a rushed analysis of code data that proved erroneous.
The MalwareTech researcher warned on Twitter on Sunday: “Version 1 of WannaCrypt was stoppable but version 2.0 will likely remove the flaw. You’re only safe if you patch ASAP.”