Convinced that a lull in a computer offensive that has stopped car factories, hospitals, schools and other organizations in around 100 countries was only temporary, businesses around the world scrambled to prepare for a renewed cyber attack after Friday’s global attack.
After the so-called "ransomware" locked up more than 100,000 computers, demanding owners pay to $300 to $600 get their data back, the pace of the attack by a destructive virus dubbed WannaCry slowed late on Friday.
"It's paused but it's going to happen again. We absolutely anticipate that this will come back," said Patrick McBride, an executive with cyber-security firm Claroty.
Mostly from cleaning corporate networks, infections so far would cost tens of millions of dollars, Symantec predicted. While predicting they would rise, one analyst said that ransoms paid so far amount to only tens of thousands of dollars.
With patches that Microsoft released last month and on Friday, companies rushed to protect Windows systems. In a rare and powerful feature that caused infections to surge on Friday, WannaCry exploited a vulnerability to spread itself across networks.
A hacking group known as the Shadow Brokers in March released on the internet a bug which is known as "Eternal Blue," and the was the code for exploiting that bug. It was stolen from a repository of National Security Agency hacking tools, the group claimed.
Though many security researchers say they believe they are in Russia, which is a major source of ransomware and was one of the countries hit first and hardest by WannaCry, the identity of the Shadow Brokers is not known.
They expect the computer code to be used in types of cyber attacks beyond extortion campaigns, including efforts to seize control of networks and steal data, said cber security experts, who have been on watch for months for an "Eternal Blue"-based attack.
They expect hackers to tweak the malicious code used in Friday's attack, restoring the ability to self-replicate, governments and private security firms said. And in order to make sure networks were protected with security updates needed to thwart Eternal Blue, businesses were prompted to call in technicians to work over the weekend. Following those expectations.
"It's all hands on deck," said Shane Shook, an independent security consultant whose customers include large corporations and governments.
He e is concerned infections could surge again on Monday, when workers return to the office and turn on computers,, said Guillaume Poupard, head of France’s national cyber security agency.
Asking victims to report attacks to the Federal Bureau of Investigation or Department of Homeland Security, the U.S. government on Saturday issued a technical alert with advice on how to protect against the attacks.
It had observed 126,534 ransomware infections in 99 countries, with Russia, Ukraine and Taiwan the top targets, said security software maker Avast.
Only about $32,000 had been sent to bitcoin addresses listed by the extortionists in ransom demands that flashed on screens of infected computers, said Elliptic, a private security firm that investigates ransomware attacks.
"We expect this number to increase significantly over the course of the weekend," said Tom Robinson, lead investigator at Elliptic.
For companies, the total repair costs are likely to be in the tens of millions of dollars, Symantec researcher Vikram Thakur said.
"The expensive part is the clean up of the machine and restoring the encrypted data," he said.
(Source:www.cnbc.com)
After the so-called "ransomware" locked up more than 100,000 computers, demanding owners pay to $300 to $600 get their data back, the pace of the attack by a destructive virus dubbed WannaCry slowed late on Friday.
"It's paused but it's going to happen again. We absolutely anticipate that this will come back," said Patrick McBride, an executive with cyber-security firm Claroty.
Mostly from cleaning corporate networks, infections so far would cost tens of millions of dollars, Symantec predicted. While predicting they would rise, one analyst said that ransoms paid so far amount to only tens of thousands of dollars.
With patches that Microsoft released last month and on Friday, companies rushed to protect Windows systems. In a rare and powerful feature that caused infections to surge on Friday, WannaCry exploited a vulnerability to spread itself across networks.
A hacking group known as the Shadow Brokers in March released on the internet a bug which is known as "Eternal Blue," and the was the code for exploiting that bug. It was stolen from a repository of National Security Agency hacking tools, the group claimed.
Though many security researchers say they believe they are in Russia, which is a major source of ransomware and was one of the countries hit first and hardest by WannaCry, the identity of the Shadow Brokers is not known.
They expect the computer code to be used in types of cyber attacks beyond extortion campaigns, including efforts to seize control of networks and steal data, said cber security experts, who have been on watch for months for an "Eternal Blue"-based attack.
They expect hackers to tweak the malicious code used in Friday's attack, restoring the ability to self-replicate, governments and private security firms said. And in order to make sure networks were protected with security updates needed to thwart Eternal Blue, businesses were prompted to call in technicians to work over the weekend. Following those expectations.
"It's all hands on deck," said Shane Shook, an independent security consultant whose customers include large corporations and governments.
He e is concerned infections could surge again on Monday, when workers return to the office and turn on computers,, said Guillaume Poupard, head of France’s national cyber security agency.
Asking victims to report attacks to the Federal Bureau of Investigation or Department of Homeland Security, the U.S. government on Saturday issued a technical alert with advice on how to protect against the attacks.
It had observed 126,534 ransomware infections in 99 countries, with Russia, Ukraine and Taiwan the top targets, said security software maker Avast.
Only about $32,000 had been sent to bitcoin addresses listed by the extortionists in ransom demands that flashed on screens of infected computers, said Elliptic, a private security firm that investigates ransomware attacks.
"We expect this number to increase significantly over the course of the weekend," said Tom Robinson, lead investigator at Elliptic.
For companies, the total repair costs are likely to be in the tens of millions of dollars, Symantec researcher Vikram Thakur said.
"The expensive part is the clean up of the machine and restoring the encrypted data," he said.
(Source:www.cnbc.com)