Technicians around the world are scrambling to apply computer patches and restore systems amid fears that a global malware attack could wreak a new round of havoc as businesses reopened on Monday morning.
Computer technicians around the world are scrambling to apply computer patches and restore infected systems, amid fears that the ransomware worm that seized-up 200,000 computer systems in more than 150 countries would wreak a new round of havoc Monday after businesses reopened and employees logged on.
The spread of the virus dubbed WannaCry had slowed but cybersecurity experts have warned that new versions of the worm are likely, even as the extent of the damage caused by Friday's attack remains unclear.
Meanwhile, a global manhunt is on for the perpetrators of the attack that is being described as the biggest-ever cyber ransom attack.
"The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits," said a statement issued by Europol, Europe's police agency.
Europol said a special task force at its European Cybercrime Centre was "specially designed to assist in such investigations and will play an important role in supporting the investigation."
Payment via bitcoin
Victims of the attack received a message on their computer screens demanding $300 (275 euros) via the virtual currency, bitcoin, saying: "Ooops, your files have been encrypted!"
The perpetrators have demanded payment within three days or the price will double, and they threaten to delete the files altogether if payment is not received within seven days.
But experts and government officials alike have warned against giving in to the hackers' demands.
"Paying the ransom does not guarantee the encrypted files will be released," said the US Department of Homeland Security's computer emergency response team. "It only guarantees that the malicious actors receive the victim's money, and in some cases, their banking information."
Security experts attributed the apparent success of the WannaCry virus to a "perfect storm" of conditions, including a well known and highly dangerous security hole in Microsoft Windows, users who didn't apply a recent Microsoft patch, and malware designed to spread quickly once inside a network, be it a business, government or university.
Microsoft and the NSA
Microsoft said the situation was "painful" and that it was taking "all possible actions to protect our customers."
The Seattle-based tech giant issued guidance for people to protect their systems, while taking the highly unusual step of reissuing security patches first made available in March for Windows XP and other older versions of its operating system.
In addition, the perpetrators were able to borrow a weaponized "exploit" that was apparently created by the US National Security Agency (NSA), to launch the attack.
Microsoft President and Chief Legal Officer Brad Smith said in a blog post that the cyberattack is an example of why the stockpiling of vulnerabilities by governments is a serious issue.
"The governments of the world should treat this attack as a wake-up call," wrote Smith on Sunday. "We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits."
However, British cybersecurity expert Graham Cluley doesn't want to blame the NSA for the attack.
"There are other criminals who've launched this attack, and they are ultimately responsible for this," he said. "But there's clearly some culpability on the part of the US intelligence services. Because they could have done something ages ago to get this problem fixed, and they didn't do it."
bik/rc (Reuters, AP, AFP)