Ransomware Attack Could
Herald Future Problems
May 15, 2017
Tech staffs around the world worked around the clock this weekend to
protect computers and patch networks to block the computer hack whose
name sounds like a pop song — "WannaCry" — as analysts warned the global
ransomware attack could be just the first of a new wave of strikes by
The United States suffered relatively few effects from the ransomware
that appeared on tens of thousands of computer systems across Europe and
into Asia, beginning Friday. Security experts remained cautious,
however, and stressed there was a continuing threat.
In contrast to reports from several European security firms, a
researcher at the Tripwire company on the U.S. West Coast said late
Saturday that the attack could be diminishing.
"It looks like it's tailing off," said Travis Smith of Tripwire.
"I hope that's the case," Smith added. The Oregon firm protects large
enterprises and governments from computer security threats.
The code for the ransomware unleashed Friday remains freely available on
the internet, experts said, so those behind the WannaCry attack — also
known as WanaCryptor 2.0 and a variety of other names — could launch new
strikes in coming days or weeks. Copycat attacks by other high-tech
criminals also are possible.
"We are not out of the woods yet," said Gary Davis, chief consumer
security evangelist at McAfee, the global computer security software
company in Santa Clara, California. "We think it's going to be the
footprint for other kinds of attacks in the future."
The attack hit scores of countries — more than 100, by some experts'
count — and infected tens of thousands of computer networks.
Industry reports indicate Russia, Taiwan, Ukraine and Britain were among
the countries hit hardest, and more hacking reports can be expected when
offices reopen for the new workweek Monday or, in some parts of the
One of the weapons used in the current attack is a software tool
reportedly stolen from the U.S. National Security Agency and published
on the internet by hackers last month.
The tool affords hackers undetected entry into many Microsoft computer
operating systems, which is what they need to plant their ransomware.
However, Microsoft issued patches to fix that vulnerability in its
software weeks ago that could greatly reduce the chances of intrusion.
Outdated operating systems
The crippling effects of WannaCry highlight a problem that experts have
long known about, and one that appears to have hit developing countries
Some organizations are more vulnerable to intrusion because they use
older or outdated operating systems, usually due to the cost of
upgrading software or buying modern hardware needed to install
better-protected operating systems. Companies like Microsoft eventually
stop updating or supporting older versions of their software, so
customers using those programs do not receive software patches or
Much of the ransomware's spread around the world occurred without any
human involvement. The WannaCry malware self-propagates, copying itself
to all computers on a network automatically.
When a demand for ransom payments appears on a user's screen — $300 at
first, doubling to $600 in a few days — it's usually too late: All files
on that computer have been encrypted and are unreadable by their owners.
The hackers said they would reverse the effect of their software once
they received the payments they demanded.
patched the "hole" in the newest versions of its operating software —
Windows 10 for most home users — in March, three weeks before the stolen
NSA exploit software was published on the internet. Since Friday, the
company dropped its refusal to update old versions of its programs and
issued patches specifically written for use in Windows XP and several
Microsoft declined a request for an interview, but a statement on the
company's blog said: "Seeing businesses and individuals affected by
cyberattacks, such as the ones reported today, was painful. We are
taking the highly unusual step of providing a security update for all
customers to protect Windows platforms that are in custom support only,
including Windows XP, Windows 8, and Windows Server 2003."
"A lot of people in the security community were impressed with
Microsoft's speed, but it highlights an ongoing challenge we have," said
Stephen Cobb, a senior security researcher with ESET, a global security
software company. "If a malicious code outbreak breaks out tomorrow, and
targets unsupported operating systems, Microsoft may have to go there