New ransomware attacks may hit today, experts say

Elizabeth Williams
May 22, 2017

The ransomware exploits older versions of Microsoft's operating system software, such as Windows XP.

Microsoft says releasing the patches recognises and helps the many users who still have machines with its earlier operating systems and will protect computers not already affected.

The effects were felt around the globe, disrupting computers that run factories, banks, government agencies and transport systems in nations as diverse as Russia, Ukraine, Brazil, Spain, India and the U.S. Britain's National Health Service was hit hard, while Russia's Interior Ministry and companies including Spain's Telefonica, FedEx the U.S. and French carmaker Renault all reported disruptions.

The ransomware appeared to exploit a vulnerability in Microsoft Windows that was purportedly identified by the US National Security Agency for its own intelligence-gathering purposes and was later leaked to the internet.

Security experts say the unprecedented ransomware attack that on Friday locked up computers across the globe including United Kingdom hospital, FedEx, train systems in Germany among other institutions in exchange for payment, could cause even more trouble as the work week begins.

The UK could be hit by another cyber attack tomorrow, a security researcher who halted the spread of ransomware during Friday's worldwide attack has warned.

Security experts said it appeared to be caused by a self-replicating piece of software that enters companies when employees click on email attachments, then spreads quickly as employees share documents.

How many countries were affected?

The most disruptive attacks were reported in Britain, where hospitals and clinics were forced to turn away patients after losing access to computers on Friday.

After taking computers over, the virus displayed messages demanding a payment of $300 in virtual currency Bitcoin to unlock files and return them to the user.

You can protect yourself by installing updates, running anti-virus software and using firewalls.

The wave of cyberattacks that wreaked havoc in nearly a hundred countries, including India, since Friday is "at an unprecedented level", according to European Union's law enforcement agency Europol.

"If there is no delay, this course of action will go a long way to preventing huge disruption to most organisations".

The Finland-based cyber security company F-Secure said 130 000 systems in more than 100 countries had been affected.

Had it not been for a young British cybersecurity researcher's accidental discovery of a so-called "kill switch", the malicious software likely would have spread much farther and faster.

"Since the global coordinated ransomware attack on thousands of private and public sector organisations across dozens of countries on Friday, there have been no sustained new attacks of that kind". He registered the domain to analyze the attack but realized the ransomware needed it to remain unregistered in order to continue spreading.

This way, if your computer does become infected, you can wipe the system, replace your data and start again.

He said Friday's cyberextortion attack, the biggest in history, was going to be dwarfed by the next big ransomware attack. Two big telecom companies, Telefónica of Spain and Megafon of Russian Federation, were also hit.

According to Matthew Hickey, founder of the security firm Hacker House, the attack is not surprising, and it shows many organizations do not apply updates in a timely fashion.

Other reports by VgToday

Discuss This Article