'WannaCry' Ransomware Attack Stymies Global PCs

Graphic explaining how ransomware works

Graphic explaining how ransomware works

Interpol thinks that more than 200,000 people in more than 150 countries were affected - and things could get worse.

There are fears of further "ransomware" attacks as people return to work on Monday.

They advised those whose networks have been effectively shut down by the ransomware attack not to make the payment demanded - the equivalent of $300, paid in the digital currency bitcoin, delivered to a likely untraceable destination that consists merely of a lengthy string of letters and numbers.

A new report by CNet shares Microsoft's anger over government secrecy surrounding bugs, a practice the tech company directly blames for the recent wave of attacks. The hackers do not always release the ransomed data and files after receiving payment. While investigating the attack, he noticed that the malware was trying to contact a specific web address each time it infected a new computer, and that the web address it was trying to contact had not been registered.

The China Banking Regulatory Commission (CBRC) said in an emailed statement it has not received any major infection reports from the country's banks on the cyber attack.

For all the worldwide chaos they have caused, the ransomware attack's perpetrators have reportedly made little more than less than $70,000, according to Tom Bossert, assistant to the president for homeland security and counterterrorism.

The Thailand Computer Emergency Response Team (ThaiCERT) advises that computers can be shielded from malware in general and this ransomware in particular by ensuring that security settings are constantly updated, by shunning e-mail attachments from unknown sources and by never clicking on suspicious links in e-mail.

The "kill" function had not been activated by whoever unleashed the ransomware, and the researcher found that the secret URL had not been registered to anyone by global internet administrators.

"We have 32 empanelled auditors who carry out technical audits, which help organisations fix (cybersecurity) gaps", he said, adding that CERT-In has conducted training and awareness sessions for government administrators and CEOs.

WanaCryptor 2.0 is only part of the problem.

Once the virus is in a computer, it looks for other vulnerable computers in a network to infect, which is why it spread so quickly. The malware a ransomware called WannaCryptor 2.0 also known as WannaCry proliferates exploiting vulnerability within not so recent Microsoft Windows computers that was publicly disclosed at the time cyber tools and files from National Security Agency of United States of America got exposed online.

"You'll wanna cry definitely when you run into it", said Matt Staats, senior field agent for Connecting Point Computers in Peru.

"It's what's called a zero-day, and basically no one knew about the vulnerability except the NSA", Staats said.

Microsoft released a patch to fix the exploit in March.

According to Microsoft, computers affected by the so-called "ransomware" did not have security patches for various Windows versions installed or were running Windows XP, which the company no longer supports.

Plus, Staats said there are other variants of ransomware to worry about too.

Critical medical computers throughout Britain's National Health Service were affected.

"For Microsoft to say that governments should stop developing exploits to Microsoft products is naive", said Brian Lord, a managing director at PGI Cyber and former deputy director at the Government Communications Headquarters, one of the U.K.'s intelligence agencies.

None of the firms targeted indicated whether they had paid or would pay the hackers ransom.

Latest News