Nations grapple with huge cyberattack, but more's coming

Posted May 19, 2017

"Existing infections from the malware can spread within networks", the agency continued, adding that "as a new working week begins", folks should be aware that additional cases of ransomware may emerge, "possibly at a significant scale".

(AP Photo/Lee Jin-man). A customer walks by the notice about "ransomware" at CGV theater in Seoul, South Korea, Monday, May 15, 2017. If they wanted their files decrypted, the program said all they had to do was pay $300 worth of Bitcoin to the specified address.

How can WannaCry and other types of ransomware be avoided? The first WannaCry attack was reported at 4:07pm Greenwich Mean Time (GMT) on Friday, May 12.

For instance, if we take the case of the hospital systems held hostage in United Kingdom, they're more likely to pay up in order to safeguard their patient's information that has been encrypted by the attacker than a teenager with photos and contacts to lose - which otherwise, in all likeliness - is also backed up on cloud.

This is already believed to be the biggest online extortion attack ever recorded, disrupting services in nations as diverse as the U.S., Russia, Ukraine, Spain and India. According to a Twitter account that monitors those accounts, they've received only about 250 payments worth a total of slightly more than $72,000.

All told, several cyber security firms said they had identified the malicious software, which so far has been responsible for tens of thousands of attacks, in more than 60 countries.

Of course, with anti-virus software, the same principle applies: Make sure to keep the anti-virus app up-to-date, too, so it blocks the latest emerging malware.

Two law enforcement officials likewise said USA investigators suspect North Korea based on code similarities; the officials called that finding preliminary.

But WannaCry remains a puzzle, in part because some of its elements seemed amateurish. That wasn't done here.

The government held an emergency meeting Saturday of its crisis response committee, known as COBRA, to assess the damage.

A modified version of the exploit was used to carry out the ransomware attack that hit machines in more than 150 countries, including those at hospitals and major corporations. Russian Interior Ministry, which runs the national police, said the problem had been "localized" with no information compromised. The fact that so many computers remained vulnerable two months after the release of a patch illustrates this aspect. It's possible that some data that wasn't backed up could be lost. "This group might be behind WannaCry also". However, while they noted the shared code in the Lazarus malware and the early version of the WannaCry, they stopped short stating with certainty that the ransomware stemmed from the state-sponsored North Korean operation. The NSA tools were stolen by hackers and dumped on the internet. "Heck, at this point, Shadow Brokers doesn't even need to have this exploit (though I'm guessing the NSA and Microsoft both may be erring on the side of caution at this point)", she wrote on her site.