The malicious “ransomware” attacks that took computers around the world Friday and preventing these systems worsen this week, as millions of people back to work – forcing them to discover how hard they were affected, according to Security analysts.
With much of the world still suffering from the digital divide that kept people from receiving hospital care, a second wave of what European leaders call “the biggest attack ever ransomware” could be devastating.
“They turn on their computers in the morning and find out if they were protected or not,” said James Barnett, a security expert at Venable and Retirement Rear Admiral.
The software, which first affects the British National Health Service before expanding to more than 150 countries, blocked the computers of the victims and threatened to remove their records, unless they paid $ 300. It is aimed primarily at users of Windows XP, an earlier operating system for which Microsoft has largely completed its support in 2014.
Much of the potential damage caused by Friday’s attack was quickly controlled by the efforts of a 22-year-old security researcher who goes to @MalwareTechBlog on Twitter. The investigator discovered that unidentified attackers had mistakenly included a “destructor switch” in their software that would allow the owner of a particular website to stop the attack. By paying around $ 10 to acquire the domain name, the researcher was able to thwart the malware.
But this victory could be short-term, according to experts, since the software, known as the WannaCry Wanna decrypter or is likely to change quickly and continue its propagation in a slightly different way.
For IT workers and security researchers, the episode highlights the challenge of fighting an ever-changing enemy whose motives are rarely clear.
WannaCry is the most important example of a type of attack that analysts predict it would in 2017 after a substantial increase in such attacks last year.
“If you look at what the biggest trends of all security companies highlight the beginning of the year, ransomware was on all of its lists,” said Peter Warren Singer, technical director and member of the New America Foundation. He added that the intervention of independent researchers like @MalwareTechBlog highlight the benefits of supporting private piracy.
“If there is a lesson in this,” Singer said, “he wants to activate security research and exchange information. He wants good curiosity to unfold as much as possible.”
Among those who woke up Monday an unpleasant surprise could be public officials, according to some analysts. Many Windows XP public computers remain installed and may be vulnerable to malicious software so IT administrators have not downloaded the appropriate security patches.
Some federal agencies have moved faster than others to remove Windows XP, said R. David Edelman, an Obama administration official who advised the White House on technology. The way each agency has resorted to updating their systems makes extensive use of the available resources.
“It is true that there are still in government systems that XP works,” Edelman said. “Some of them are almost certainly connected to the Internet, some of them could be further away or they are not as vulnerable.”