Despite a “highly unusual” patch from Microsoft to update their long unsupported operating systems and an apparent “kill code” that could allegedly bring an end to the ransomware, the Wanncrypt/Wannacry attack continues to grow around the globe. According to BBC News, at least “200,000 victims in at least 150 countries” have been affected by the bug and the biggest threat seems to be businesses still running outdated or unsecured Windows systems. The attack began its spread on Friday, hitting computers in Russia, Europe, and the UK, and nearly bringing the National Health Service in England to a halt.
According to the New York Times, the kill switch was only a temporary stop to the spread of the bug and the hackers behind the attack could “create a variant” of their domain and continue, something Comae Technologies Matthieu Suiche expected them to do. Now that the ransomware is back on the move, Europol’s Rob Wainwright is fearing the worst:
“At the moment, we are in the face of an escalating threat,” he told the British network ITV on Sunday. “The numbers are going up. I am worried about how the numbers will continue to grow when people go to work and turn their machines on Monday morning.”
Among the organizations hit were FedEx in the United States, the Spanish telecom giant Telefónica, the French automaker Renault, universities in China, Germany’s federal railway system and Russia’s powerful Interior Ministry. The most disruptive attacks infected Britain’s public health system, where surgeries had to be rescheduled and some patients were turned away from emergency rooms.
The same Times report indicates that the “kill code” or “kill switch” was one of the main reasons the bug had failed to spread to the United States at this point. That may not be the case by Monday morning once folks return to work and get their week underway. As shared over at Gizmodo, this video shows just how fast the virus can spread to a neighboring computer — allegedly without any executable on the neighboring machine.
Here is a video showing a machine on the left infected with MS17-010 worm, spreading WCry ransomware to machine on the right in real time. pic.twitter.com/cOIC06Wygf
— hackerfantastic.x (@hackerfantastic) May 13, 2017
If that’s not enough to force you to upgrade or update your computer a bit, not much will.
The silver lining to this story, if it can be considered a silver lining, is that the hackers have apparently only received a small amount of money from the attack. As Krebs on Security points out (via Gizmodo), the scam’s outright global cost will exceed the ransoms paid:
According to a detailed writeup on the Wana ransomware published Friday by security firm Redsocks, Wana contains three bitcoin payment addresses that are hard-coded into the malware. One of the nice things about Bitcoin is that anyone can view all of the historic transactions tied a given Bitcoin payment address. As a result, it’s possible to tell how much the criminals at the helm of this crimeware spree have made so far and how many victims have paid the ransom.
A review of the three payment addresses hardcoded into the Wana ransomware strain indicates that these accounts to date have received 100 payments totaling slightly more than 15 Bitcoins — or approximately $26,148 at the current Bitcoin-to-dollars exchange rate.
As Krebs points out, the financial disruption and possibly life-threatening consequences of this attack make the ransom total a head scratcher. He does add the hack does feature an option to contact the hackers and possibly set up payment away from Bitcoin. There’s also the fact that $26 thousand is not an entirely small amount, but just doesn’t seem to fit the scale of the attack. It does, however, fit with other similar attacks and frauds.
We’ll just have to wait and see what happens once Monday morning rolls around. Hopefully, the shock of Friday will be the worst and this will turn out to be nothing but security experts being overly cautious. Either that or it will be a very stressful start to the work week.
(Via New York Times / Gizmodo / BBC News / Krebs On Security)