Cybersecurity Experts Warn Of Next Attack
The apparent lull in ransomware strikes could be temporary, observers say
Businesses around the world are seeking to boost their cyber defense systems following a massive wave of cyber attacks that seemed to level off over the weekend.
Marin Ivezic, a cybersecurity partner at the multi-national professional services company PwC, told Reuters that clients had been “working around the clock since the story broke” to restore systems and install software updates, or restore systems from backups, ahead of the restart of the workweek on Monday. Cybersecurity experts said that the attack on more than a hundred thousand computers across the world had mostly slowed as of Saturday, but that businesses on Monday will need to be wary of attempts by those same attackers to launch new invasions, or, alternatively, by other ransomware attackers looking to carry out copy-cat missions.
MalwareTech, an anonymous 22-year-old malware analysis expert, was hailed as an “accidental hero” after registering a domain name to track the spread of the virus, which could have helped to neutralize the massive strike.
Because the attackers were blocked from connecting with the registered domain, the number of infections have plummeted, Vikram Thakur, principal research manager at cybsersecurity firm Symantec, told Reuters.
But MalwareTech warned on his website that the counter-efforts against this particular instance only “stops this sample and there is nothing stopping them removing the domain check and trying again, so it’s incredibly important that any unpatched systems are patched as quickly as possible.”
Version 1 of WannaCrypt was stoppable but version 2.0 will likely remove the flaw. You're only safe if you patch ASAP.
— MalwareTech (@MalwareTechBlog) May 14, 2017
According to security software company Avast, more than 126,000 WanaCrypt0r 2.0 ransomware infections had been detected in 104 countries as of Saturday. The ransomware, stolen from the National Security Agency, tricked users into opening malware that then encrypted data on computers. Users had to pay a $300 or more ransom in bitcoin if they want their files to be decrypted.
In addition to two major Indonesian hospitals being impacted by the cyberattack on Saturday, the French car company Renault halted production at several factories due to the ransomware. Additionally, a plant owned by Nissan in England was also affected.
The extent of the damage in Asia, including in companies closed over the weekend, will only be fully assessed on Monday.
“Ransomware attacks happen every day — but what makes this different is the size and boldness of the attack,” Robert Pritchard, a cybersecurity expert at the Royal United Services Institute, told the New York Times. “Despite people’s best efforts, this vulnerability still exists, and people will look to exploit it.”