Ransomware Attack Could Herald Future Problems
By Michelle Quinn May 14, 2017
Tech staffs around the world worked around the clock this weekend to protect computers and patch networks to block the computer hack whose name sounds like a pop song – "WannaCry" – as analysts warned the global ransomware attack could be just the first of a new wave of strikes by computer criminals.
The United States suffered relatively few effects from the ransomware that appeared on tens of thousands of computer systems across Europe and into Asia, beginning Friday. Security experts remained cautious, however, and stressed there was a continuing threat.
In contrast to reports from several European security firms, a researcher at the Tripwire company on the U.S. West Coast said late Saturday that the attack could be diminishing.
"It looks like it's tailing off," said Travis Smith of Tripwire.
"I hope that's the case," Smith added. The Oregon firm protects large enterprises and governments from computer security threats.
The code for the ransomware unleashed Friday remains freely available on the internet, experts said, so those behind the WannaCry attack – also known as WanaCryptor 2.0 and a variety of other names – could launch new strikes in coming days or weeks. Copycat attacks by other high-tech criminals also are possible.
"We are not out of the woods yet," said Gary Davis, chief consumer security evangelist at McAfee, the global computer security software company in Santa Clara, California. "We think it's going to be the footprint for other kinds of attacks in the future."
The attack hit scores of countries – more than 100, by some experts' count – and infected tens of thousands of computer networks.
Industry reports indicate Russia, Taiwan, Ukraine and Britain were among the countries hit hardest, and more hacking reports can be expected when offices reopen for the new workweek Monday or, in some parts of the world, Sunday.
One of the weapons used in the current attack is a software tool reportedly stolen from the U.S. National Security Agency and published on the internet by hackers last month.
The tool affords hackers undetected entry into many Microsoft computer operating systems, which is what they need to plant their ransomware. However, Microsoft issued patches to fix that vulnerability in its software weeks ago that could greatly reduce the chances of intrusion.
Outdated operating systems
The crippling effects of WannaCry highlight a problem that experts have long known about, and one that appears to have hit developing countries harder.
Some organizations are more vulnerable to intrusion because they use older or outdated operating systems, usually due to the cost of upgrading software or buying modern hardware needed to install better-protected operating systems. Companies like Microsoft eventually stop updating or supporting older versions of their software, so customers using those programs do not receive software patches or security upgrades.
Much of the ransomware's spread around the world occurred without any human involvement. The WannaCry malware self-propagates, copying itself to all computers on a network automatically.
When a demand for ransom payments appears on a user's screen – $300 at first, doubling to $600 in a few days – it's usually too late: All files on that computer have been encrypted and are unreadable by their owners.
The hackers said they would reverse the effect of their software once they received the payments they demanded.
Microsoft patched the "hole" in the newest versions of its operating software – Windows 10 for most home users – in March, three weeks before the stolen NSA exploit software was published on the internet. Since Friday, the company dropped its refusal to update old versions of its programs and issued patches specifically written for use in Windows XP and several other systems.
Microsoft declined a request for an interview, but a statement on the company's blog said: "Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. We are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003."
"A lot of people in the security community were impressed with Microsoft's speed, but it highlights an ongoing challenge we have," said Stephen Cobb, a senior security researcher with ESET, a global security software company. "If a malicious code outbreak breaks out tomorrow, and targets unsupported operating systems, Microsoft may have to go there again."
|Join the GlobalSecurity.org mailing list|