Companies prepare for more ransomware attacks on Monday
May 17 2017 by Kate Woods
The attack, already believed to be the biggest online extortion scheme ever recorded, is an "escalating threat" after hitting 200,000 victims across the world since Friday, according to Rob Wainwright, the head of Europol, Europe's policing agency.
Mr Wainwright said what was unique about the attack was that the ransomware was used in combination with "a worm functionality" so the infection spread automatically.
"The recent attack is at an unprecedented level and will require a complex global investigation to identify the culprits", it said in a statement.
Governments and computer experts girded Monday for a possible worsening of the global cyberattack that has hit more than 150 countries, as Microsoft warned against stockpiling vulnerabilities like the one at the heart of the crisis.
David Kennedy, formerly with the US National Security Agency said the software has stopped from spreading thanks to a "kill switch", but a hacker could change the code and resume the attack at any moment.
Clapper and Europol say the scope of the problem may become bigger Monday when people switch on their computers.
NHS Lanarkshire, Fife, Tayside, Forth Valley, Western Isles and Dumfries and Galloway have also been hit, as well as 16 NHS organisations in England.
In Australia, Alistair MacGibbon, special advisor to Prime Minister Malcolm Turnbull on Cyber Security, said some small businesses would likely be hit "but as a whole of nation we can be confident, so far, that we have missed the worst of this".
The virus took control of users' files, demanding payments.
USA and European officials scrambled to catch the culprits behind a massive ransomware worm that caused damage across the globe over the weekend, stopping auto factories, hospitals, shops and schools, as Microsoft pinned blame on governments for not disclosing more software vulnerabilities. "If NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened", he tweeted.
Russian Railways: State media said a virus attacked the IT system of Russian Railways, but it did not affect operations due to a prompt response. It spread to so many computers so rapidly by using an exploit - software capable of burrowing unseen into Windows computer operating systems.
Attackers have demanded $300 to $600 to unlock encrypted files.
About 97 percent of United Kingdom facilities and doctors disabled by the attack were back to normal operation, Home Secretary Amber Rudd said Saturday after a government meeting.
Only one WannCry cyber attack has been confirmed in Thailand, raising suspicion Thai companies are once again paying ransom and keeping their problems secret. And many computer networks, particularly those in less developed parts of the world, still use an older version of Microsoft software, Windows XP, that the company no longer updates.
The Scottish Government is confident that no more public services will be affected after it acted to boost computer security in 120 public bodies following the weekend news that 13 health boards in Scotland had been subjected to infection by the Wanna Decryptor ransomware, also known as WannaCry.
Wainwright said Europol provided free downloads of decryption programmes for most ransomware. Brad Smith criticized USA intelligence agencies, including the CIA and National Security Agency, for "stockpiling" software code that can be used by hackers.
"There are three pieces of important advice to help protect your organisation: make sure your security software patches are up to date; make sure that you are running proper anti-virus software; back up your data somewhere else because you can't be held to ransom if you've got the data somewhere else".
He said the motivation remained unknown but ransomware attacks were normally "criminally minded".