Press. voanews.com
Europe's police
agency Europol says a global cyberattack has affected at least 100,000
organizations in 150 countries, with data networks infected by malware that
locks computer files unless a ransom is paid. "I'm worried about how the
numbers will continue to grow when people go to work and turn on their machines
on Monday," Europol director Rob Wainwright told Britain's ITV television.
So far there has been no progress reported in efforts to determine who launched
the plot.
Computer security
experts have assured individual computer users who have kept their PC operating
systems updated that they are relatively safe. They advised those whose
networks have been effectively shut down by the ransomware attack not to make
the payment demanded — the equivalent of $300, paid in the digital currency
bitcoin, delivered to a likely untraceable destination that consists merely of
a lengthy string of letters and numbers.
However, the
authors of the "WannaCry" ransomware attack told their victims the amount
they must pay would double if they did not comply within three days of the
original infection — by Monday, in most cases. And the hackers warned that they
would delete all files on infected systems if no payment was received within
seven days.
Avast, an
international security software firm that claims it has 400 million users
worldwide, said the ransomware attacks rose rapidly Saturday to a peak of
57,000 detected intrusions. Avast, which was founded in 1988 by two Czech
researchers, said the largest number of attacks appeared to be aimed at Russia,
Ukraine and Taiwan, but that major institutions in many other countries were
affected.
'Kill switch'
found
Computer
security experts said the current attack could have been much worse but for the
quick action of a young researcher in Britain who discovered a vulnerability in
the ransomware itself, known as WanaCryptor 2.0. The researcher, identified
only as "MalwareTech," found a "kill switch" within the
ransomware as he studied its structure.
The
"kill" function halted WanaCryptor's ability to copy itself rapidly
to all terminals in an infected system — hastening its crippling effect on a
large network — once it was in contact with a secret internet address, or URL,
consisting of a lengthy alphanumeric string.
The
"kill" function had not been activated by whoever unleashed the
ransomware, and the researcher found that the secret URL had not been
registered to anyone by international internet administrators. He immediately
claimed the URL for himself, spending about $11 to secure his access, and that
greatly slowed the pace of infections in Britain.
Experts
cautioned, however, that the criminals who pushed the ransomware to the world
might be able to disable the "kill" switch in future versions of
their malware.
Hackers' key
tool
WanaCryptor 2.0
is only part of the problem. It spread to so many computers so rapidly by using
an exploit — software capable of burrowing unseen into Windows computer
operating systems. The exploit, known as "EternalBlue" or
"MS17-010," took advantage of a vulnerability in the Microsoft
software that reportedly had been discovered and developed by the U.S. National
Security Agency, which used it for surveillance activities.
NSA does not
discuss its capabilities, and some computer experts say the MS17-010 exploit
was developed by unknown parties using the name Equation Group (which may also
be linked to NSA). Whatever its source, it was published on the internet last
month by a hacker group called ShadowBrokers. Microsoft distributed a
"fix" for the software vulnerability two months ago, but not all
computer users and networks worldwide had yet made that update and thus were
highly vulnerable. And many computer networks, particularly those in less
developed parts of the world, still use an older version of Microsoft software,
Windows XP, that the company no longer updates.
The Finnish
computer security firm F-Secure called the problem spreading around the world
"the biggest ransomware outbreak in history." The firm said it had
warned about the exponential growth of ransomware, or crimeware, as well as the
dangers of sophisticated surveillance tools used by governments.
Lesson: Update
programs
With WanaCryptor
and MS17-010 both "unleashed into the wild," F-Secure said the
current problem seems to have combined and magnified the worst of the dangers
those programs represent. The security firm Kaspersky Lab, based in Russia,
noted that Microsoft had repaired the software problem that allows backdoor
entry into its operating systems weeks before hackers published the exploit
linked to the NSA, but also said: "Unfortunately it appears that many
users have not yet installed the patch."
Britain's
National Health Services first sounded the ransomware alarm Friday.
The government
held an emergency meeting Saturday of its crisis response committee, known as
COBRA, to assess the damage. Late in the day, Home Secretary Amber Rudd said
the NHS was again "working as normal," with 97 percent of the
system's components now fully restored.
Spanish firm
Telefonica, French automaker Renault, the U.S.-based delivery service FedEx and
the German railway Deutsche Bahn were among those affected. None of the firms
targeted indicated whether they had paid or would pay the hackers ransom.