Log in, look out: Cyber chaos may grow at workweek’s start

By Sylvia Hui and Christopher S. Rugaber, Associated Press

LONDON — Employees booting up computers at work Monday could see red as they discover they’re victims of a global “ransomware” cyberattack that has created chaos in 150 countries and could wreak even greater havoc as more malicious variations appear.

As a loose global network of cybersecurity experts fought the ransomware hackers, officials and experts on Sunday urged organizations and companies to update older Microsoft operating systems immediately to ensure they aren’t vulnerable to a more powerful version of the software — or to future versions that can’t be stopped.

The initial attack, known as “WannaCry,” paralyzed computers that run Britain’s hospital network, Germany’s national railway and scores of other companies and government agencies worldwide in what was believed to be the biggest online extortion scheme so far.

Microsoft blamed the U.S. government for “stockpiling” software code that was used by unknown hackers to launch the attacks. The hackers exploited software code from the National Security Agency that leaked online.

The company’s top lawyer said the government should report weaknesses they discover to software companies rather than seek to exploit them.

“An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen,” attorney Brad Smith wrote on Microsoft’s blog.

New variants of the rapidly replicating worm were discovered Sunday and one did not include the so-called kill switch that allowed researchers to interrupt its spread Friday by diverting it to a dead end on the internet.

Ryan Kalember, senior vice president at Proofpoint Inc. which helped stop its spread, said the version without a kill switch was able to spread but was benign because it contained a flaw that wouldn’t allow it to take over a computer and demand ransom to unlock files. However, he said it’s only a matter of time before a malevolent version exists.

“I still expect another to pop up and be fully operational,” Kalember said. “We haven’t fully dodged this bullet at all until we’re patched against the vulnerability itself.”

The attack held users hostage by freezing their computers, popping up a red screen with the words, “Oops, your files have been encrypted!” and demanding money through online bitcoin payment — $300 at first, rising to $600 before it destroys files hours later.

The ransomware attack was particularly malicious, because if just one person in an organization clicked on an infected attachment or bad link, all the computers in a network would be infected, said Vikram Thakur, technical director of Symantec Security Response.

“That’s what makes this more troubling than ransomware was a week ago,” Thakur said.

It hit 200,000 victims across the world since Friday and is seen as an “escalating threat,” said Rob Wainwright, the head of Europol, Europe’s policing agency.

“The numbers are still going up,” Wainwright said. “We’ve seen that the slowdown of the infection rate over Friday night, after a temporary fix around it, has now been overcome by a second variation the criminals have released.”

The effects were felt around the globe, disrupting computers that run factories, banks, government agencies and transport systems in nations as diverse as Russia, Ukraine, Brazil, Spain, India and the U.S. Britain’s National Health Service was hit hard, while Russia’s Interior Ministry and companies including Spain’s Telefonica, FedEx Corp. in the U.S. and French carmaker Renault all reported disruptions.

Chinese media reported Sunday that students at several universities were hit, blocking access to their thesis papers and dissertation presentations.

The full extent of the attack won’t become fully clear until people return to their workplaces Monday, for the first time after the attacks. Many may click infected email attachments or bad links and spread the virus further.

“It’s this constant battle,” said Ryan O’Leary, vice president of WhiteHat Security’s threat research center. “The bad guys are always one step ahead.”

The White House held emergency meetings Friday and Saturday to assess the global cyber threat, a White House official said Sunday. No details were disclosed. The official was not authorized to discuss the private meetings by name and requested anonymity.

It was too early to say who was behind the onslaught, which struck 100,000 organizations, and what their motivation was, aside from the obvious demand for money. So far, not many people have paid the ransom demanded by the malware, Europol spokesman Jan Op Gen Oorth told The Associated Press.

Researchers who helped prevent the spread of the malware and cybersecurity firms worked around the clock during the weekend to monitor the situation and install a software patch to block the worm from infecting computers in corporations across the U.S., Europe and Asia.

“Right now, just about every IT department has been working all weekend rolling this out,” said Dan Wire, spokesman at Fireeye Security.

Businesses, government agencies and other organizations were urged to quickly implement a patch released by Microsoft Corp. The ransomware exploits older versions of Microsoft’s operating system software, such as Windows XP.

Installing the patch is one way to secure computers against the virus. The other is to disable a type of software that connects computers to printers and faxes, which the virus exploits, O’Leary added.

Microsoft distributed a patch two months ago that could have forestalled much of the attack, but in many organizations it was likely lost among the blizzard of updates and patches that large corporations and governments strain to manage.

“It’s one of those things, in a perfect world, if people were up to date on the patches, this wouldn’t be a problem,” O’Leary said. “But there are so many things to patch. The patch lists can be ginormous. It can be tough to tell which patch is important, until it is too late.”

Talk to us

More in Local News

25 years later, they still hope to find their daughter’s body

For her parents, detectives and prosecutors, it’s less a whodunit than a question: Where’s Tracey Brazzel?

Homeowner allegedly shoots, kills burglar in Everett

The homeowner, in his 70s, reportedly heard noise and confronted a burglar, in his 30s.

Boeing cutting more than 12,000 jobs with layoffs, buyouts

The company said it will lay off 6,770 workers this week, and another 5,520 are taking buyouts.

Everett man identified as victim of deadly gunfire at party

William Thomas Harper III, 28, was shot to death Sunday. His alleged assailant is jailed.

2 more sentenced in killing of Everett homeless man

Three people were involved in a robbery during which Michael Boone was tied to a tree and left to freeze.

Registration open for drive-thru virus testing in Snohomish

Tests will be administered Thursday at the Sno-Isle Libraries branch on Maple Avenue.

Worst jobless rate in the state: Snohomish County at 20.2%

In April, 91,383 were unemployed in the county. The aerospace sector was hit especially hard.

Everett killer sentenced to 43 years for fatal home invasion

Edmond Overton, 26, broke into a home and shot two men in October 2017. One of them died at the scene.

Seniors from Marysville schools mark accomplishment with parade

Hundreds of seniors are set to graduate from Marysville schools… Continue reading

Most Read