International investigation needed to identify culprits of biggest-of-its-kind cyber-extortion attack, Europol says.
Government offices, banks and hospitals around the world are bracing themselves for a possible repeat of Friday’s global cyberattack, while tech giant Microsoft pinned blame on the US government for not disclosing more software vulnerabilities.
Cybersecurity experts said the spread of the worm dubbed WannaCry – “ransomware” that locked up more than 200,000 computers in more than 150 countries – had slowed but that the respite might only be brief amid fears it could cause new havoc on Monday when employees return to work.
New versions of the worm are expected, they said, and the extent – and economic cost – of the damage from Friday’s attack were unclear.
Britain’s National Cyber Security Centre joined others in warning of more cases of “ransomware” attacks this week, predicting that the problem could be “at a significant scale” because some infected machines have not yet been detected, and existing infections can spread within networks.
The warning echoed that from Europe’s policing agency earlier on Sunday. Europol said that the malware attack was at an unprecedented level, and that the numbers were still increasing.
It is believed to be the biggest online extortion ever, hitting British hospitals, German rail and companies and government agencies.
Officials urged organisations and companies to immediately update their security software.
The malicious software used in the attack, which has the ability to automatically spread across large networks by exploiting a known bug in Microsoft’s Windows operating system, was stolen from the US National Security Agency.
Brad Smith, Microsoft’s president and chief legal officer, criticised governments for “stockpiling” software code that can be used by hackers.
In a post on Microsoft’s blog, Smith wrote: “An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen.”
He added that governments should “report vulnerabilities” that they discover to software companies, “rather than stockpile, sell, or exploit them”.
The NSA and the White House did not immediately respond to requests for comment about the Microsoft statement, Reuters news agency reported.
Speaking to Al Jazeera on Smith’s post, Larry Magid, a technology journalist and CEO of ConnectSafely.org, said: “There is some speculation that this code was being stored in the NSA labs, potentially as a cyberweapon that the US might have used against its own adversaries. And that is a big concern because code, unlike physical weapons, is very difficult to protect.”
Magid added that there should be more cooperation to prevent future attacks: “There needs to be better sharing of information between government and the private sector, especially tech companies, and obviously people need to be educated.”
Meanwhile, an executive at a cybersecurity firm that helped block Friday’s attack said that new variations of the malicious worm are circulating – and that researchers expect one to develop that cannot be stopped.
Ryan Kalember, senior vice president at Proofpoint Inc, said that millions of devices could be vulnerable if they have not applied security patches over the weekend.
He said if a new variant without a “kill switch” popped up, organisations would be on their own to prevent it from taking over their computers.
Proofpoint and a British cybersecurity researcher teamed up on Friday to derail the attack.