Cyber attack 'wake-up call for governments — Microsoft chief

Share

"We will get a decryption tool eventually, but for the moment, it's still a live threat and we're still in disaster recovery mode", Europol director Rob Wainwright told CNN's Becky Anderson on Sunday, adding that the number of cases was still rising.

So far there has been no progress reported in efforts to determine who launched the plot.

Britain's National Cyber Security Centre has warned that Friday's global cyber attack could spread "significantly" as computer systems and networks come online at the start of the working week.

Over the weekend, the ransomware WannaCry infected computers in almost 150 countries, taking files hostage for $300 in bitcoin and threatening to delete them after a week of no response.

Payment is demanded within three days or the price is doubled, and if none is received within seven days the locked files will be deleted, according to the screen message.

But security minister Ben Wallace said the Government had put £1.2 billion into combating cyber attacks during the last strategic defence and security review, including a £50 million pot to support NHS IT networks.

"And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cyber security threats in the world today - nation-state action and organised criminal action".

"Hopefully people are learning how important it is to apply these patches", said Darien Huss, a senior security research engineer for cybersecurity firm Proofpoint, who helped stem the reach of the weekend attack. A kill switch was quickly found, but an updated version reportedly lacks the kill switch. The NHS said in a statement on Saturday that there was no evidence that patient information had been compromised.

The "kill" function had not been activated by whoever unleashed the ransomware, and the researcher found that the secret URL had not been registered to anyone by global internet administrators.

The spread of the virus dubbed WannaCry had slowed but cybersecurity experts have warned that new versions of the worm are likely, even as the extent of the damage caused by Friday's attack remains unclear.

WanaCryptor 2.0 is only part of the problem. But many corporations don't automatically update their systems, because Windows updates can screw up their legacy software programs. The flaw was made public in April, but Microsoft says that it had already issued a patch to fix the hole in March.

Claiming that WannaCry is something that experts have been warning about for years, the duo lamented how easy it is to attack operating systems such as Windows XP, which is no longer fully supported by Microsoft.

Beginning on Friday, May 12, 2017, organizations across the world were hit by a cyberattack called WannaCry.

Smith said Microsoft has the "first responsibility" to address the problem.

The suspicion that the vulnerability of systems around the world were exploited by a hacking tool thought to have been developed by America's National Security Agency exposes the fact that governments may be the ones most to blame as their intelligence agencies are the ones who create such openings to spy on people through the communications networks linking smartphones by exploiting loopholes in their operating systems.

Sixteen National Health Service (NHS) organizations in the United Kingdom have been hit, and some of those hospitals have canceled outpatient appointments and told people to avoid emergency departments if possible.

The government held an emergency meeting Saturday of its crisis response committee, known as COBRA, to assess the damage. As a precaution, backups should be stored apart from your system, thereby insulating it from potential malware, and rendering it available for a system restoration when necessary.

He said it's likely the ransomware will spread to US firms too. It appears that it only took a couple of months for malicious hackers to make good on that prediction.

Share