Ransomware fallout continues as victims pay up (and you should back up)
Ransomtracker shows when victims pay up
A feared second spike of attacks from the WannaCry ransomware virus didn't materialize early Monday, but there's still plenty to worry about. New variants of the malware have been released, others are most certainly under development, and a Twitter account logging ransom payments shows victims are indeed coughing up roughly $300 in bitcoins to recover their files. As of Monday morning, payments totaled just over $50,000 -- tiny compared to the damage caused, but a tidy sum for the criminals. Meanwhile, the required ransom jumps to $600 later today, according to security firm F-Secure.
So far, one of the worst cyberattacks in recent memory has hit computers in 150 countries, Europol said, with WannaCry encrypting files and demanding ransom from victims. The software can run in 27 different language, according to U.S. cybersecurity officials.
During the weekend, Microsoft called out the NSA for researching and hiding vulnerabilities, comparing this incident to theft of a U.S. missile
"This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017," chief counsel Brad Smith wrote in a blog post. "We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen."
Spread of the malware slowed for a variety of reasons during the weekend (including this heroic effect by a security researcher). But as workers returned Monday morning, a fresh round of infections were possible, authorities have warned.
"It is important to understand that the way these attacks work means that compromises of machines and networks that have already occurred may not yet have been detected, and that existing infections from the malware can spread within networks," wrote the U.K.'s National Cyber Security Centre. "This means that as a new working week begins it is likely, in the UK and elsewhere, that further cases of ransomware may come to light, possibly at a significant scale."
On Friday, health organizations across the United Kingdom were hit particularly hard. Reuters reported that hospitals were canceling surgeries and turning away non-emergency patients to deal with the crisis.
WannaCry-infected computers notify victims with a menacing looking pop up that demands about $300 in bitcoins to restore the files.
A confluence of events led to discovery of and then spread of the devastating malware. The technology behind WannaCry was actually developed by the National Security Agency in the U.S., then stolen by hackers using the moniker Shadow Crew. It attacks unpatched Microsoft Windows computers. Most modern Windows PCs were automatically updated to prevent the exploit, but older computers -- those running Windows XP, for example -- are no longer routinely supported by Microsoft. Many of those were unpatched, and an easy mark for WannaCry.
U.K. hospitals had thousands of these older machines; that's why the virus hit hard there. I've reported earlier on why health care providers often have older computers. Many run single tasks, and are rarely updated, or even noticed, by IT staff.
Microsoft has now offered security patches for older Windows machines, and technicians have spent the weekend racing to updates those computers.
The U.S. Computer Emergency Readiness Team, part of Homeland Security, urged U.S. victims to contact the FBI.
Computer users -- at home, or at work -- should make sure as their first task that their computers have been updated with any security patches. That might require a restart.
Meanwhile, virus creators and copycats are already working on variants of the malware, hoping to re-start its spread.
The U.K.'s National Security Cybre Centre has offered this three-step protection plan for home users and small businesses. Critically, it recommends (as I do) that good backups are the one, true protection against cyber attacks.
"You can’t be held to ransom if you’ve got the data somewhere else,' it says.
1. Run Windows Update 2. Make sure your antivirus product is up to date and run a scan – if you don’t have one install one of the free trial versions from a reputable vendor 3. If you have not done so before, this is a good time to think about backing important data up – you can’t be held to ransom if you’ve got the data somewhere else.
Follow this story: AlertMe
If you've read this far, perhaps you'd like to support what I do. That's easy. Buy something from my NEW LIBRARY AND E-COMMERCE PAGE, Sign up for my free email list, click on an advertisement, or just share the story.