The ransomware cyberattack, which has reportedly affected over 2,00,000 victims worldwide, could worsen as people return to work on Monday, European and British policing and security agencies have warned.
Computers around the globe were hacked, beginning on Friday, using a security flaw in Microsoft's Windows XP operating system, an older version that was no longer given mainstream tech support by the US giant.
Cyber security experts say the spread of the worm, WannaCry or WannaCrypt, has slowed, but have warned that new versions of the worm may rear their heads.
"As a new working week begins it is likely, in the UK and elsewhere, that further cases of ransomware may come to light, possibly at a significant scale," Britain's National Cyber Security Centre said.
How Does WannaCry Work?
Ransomware is a program that gets into your computer, either by clicking on the wrong thing or downloading the wrong thing, and then it holds something you need to ransom. The WannaCry program encrypts your files and demands payment in order to regain access.
Images appear on victims’ screens demanding payment of USD 300 (275 euros) in the virtual currency Bitcoin, saying: “Ooops, your files have been encrypted!”
Payment is demanded within three days or the price is doubled, and if none is received within seven days the locked files will be deleted, according to the screen message.
Security experts warn there is no guarantee that access will be granted after payment.
Who Has Been Affected So Far?
The indiscriminate attack, which began Friday, struck banks, hospitals and government agencies, exploiting known vulnerabilities in old Microsoft computer operating systems, with over 150 countries reporting breaches.
So far, the virus has affected the UK’s National Health Service, Germany's Deutsche Bahn rail network, Spanish telecoms giant Telefonica, private corporations like FedEx, and European car factories, to name a few.
The 5,500-strong Renault factory in Douai, one of the most important car plants in France, will stay closed on 15 May, due to the attack, sources told AFP.
The virus spread quickly because the culprits used a digital code believed to have been developed by the US National Security Agency – and subsequently leaked as part of a document dump, according to researchers at the Moscow-based computer security firm Kaspersky Lab.
Calling the attack an “unprecedented”, “escalating threat”, Europol executive director Rob Wainwright told reporters:
I’m worried about how the numbers will continue to grow when people go to work and turn on their machines on Monday.
Microsoft Responds
Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm to spread across networks, a rare and powerful feature that caused infections to surge on Friday.
Also Read: Microsoft Releases Windows Patch to Fix PCs Affected by WannaCry
In a blog post on 13 May, Microsoft President Brad Smith appeared to acknowledge what researchers had already widely concluded: The ransomware attack leveraged a hacking tool built by the US National Security Agency, that leaked online in April.
We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world
“We take every single cyberattack on a Windows system seriously, and we’ve been working around the clock since Friday to help all our customers who have been affected by this incident. This included a decision to take additional steps to assist users with older systems that are no longer supported,” Smith said in the blog post.
How Much Financial Damage Can It Cause?
The non-profit US Cyber Consequences Unit research institute estimates that the total loss from the hack would not exceed $1 billion.
On Sunday, security firm Digital Shadows said that transactions totalling USD 32,000 had taken place through Bitcoin addresses used by the ransomware.
Experts and governments alike warn against ceding to the demands.
Also Read: Ransomware Scare: CERT-In Issues Alert, Advisory on WannaCry
(With inputs from AFP, Reuters)
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)