Cyber-experts wary but hopeful that ransomeware attacks subsiding
Cyber-security experts were braced for the beginning of the business week, believing that the ransomeware attack begun on Friday would get worse as the criminals came up with variations on the wannacry virus to defeat efforts to rid computer systems of its effects.
But so far, so good. It looks as though the attacks are subsiding and the patches designed over the weekend are working.
"The number of infected computers has not increased as expected, which is a success," European law enforcement agency Europol said Monday.
Analysts had feared that the attack, which started spreading on Friday, could accelerate as workers returned to their desks after the weekend and turned on compromised machines.
But the aftershocks have so far been mild. "People may have updated their security systems over the last hours," Europol said.
Europol estimates that the attack has hit at least 150 countries and infected 200,000 machines. Hospitals, universities, manufacturers and government agencies in Britain, China, Russia, Germany and Spain have all been affected.
The "Wannacry" virus locks users out of their computers and demands hundreds of dollars from victims hoping to regain control of their documents and data. Europol said Monday that "very few" people have paid the ransom.
The ransomware exploits a vulnerability in outdated versions of Microsoft Windows that is particularly problematic for corporations that don't automatically update their systems. The exploit was leaked last month as part of a trove of U.S. spy tools.
"We will get a decryption tool eventually, but for the moment, it's still a live threat and we're still in disaster recovery mode," Europol director Rob Wainwright told CNN on Sunday.
Wainwright said the agency is analyzing the virus and has yet to identify who is responsible for the attack.
The blame game has already started. Brad Smith, Microsoft's (MSFT, Tech30) president and top lawyer, said Sunday that the company has the "first responsibility" to address the problem. But he also said the incident was a "wake-up call" for governments.
"This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem," he said. "An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen."
At least one strain of the ransomware has proven especially vicious. Once it infects one computer within a network, it can spread to all the computers in that network "within seconds," said Israel Levy, the CEO of the cybersecurity firm Bufferzone.
This certainly is a "wake-up call" for governments. It should be one for individuals as well. The virus would not have spread so rapidly or been as widespread if people had followed simple internet security protocols. Not opening emails from unfamiliar senders and refusing to click on links from unknown sources are computer security 101. The thieves banked on people ignoring common sense.
Authorities are saying that because the ransom demands involve only a few hundred dollars per machine, the group responsible is probably not very sophisticated. That's a frightening thought, considering the disruptions the virus caused. Britain's national health care system is still feeling the effects, as gaining access to patient records is still a problem. Renault shut some of its European factories down to deal with the virus, and other companies were forced to take similar precautions.
Just think of the mess if some highly organized crime syndicate – or a government – were to try something like this. We would be days recovering.