Cyberattacks Expected To Spread Monday As Europol Fears Computer Systems Simply Won't Start

Tyler Durden's picture

Update: confirming our earlier report that Monday could get ugly for global computer system, the WSJ writes on Sunday afternoon that Cybersecurity experts are expecting another wave of computer-system attacks that encrypt files and demand ransom to unlock them on Monday, as companies and government agencies are seeking to restore normal operations and figure out the roots of the attack.

The attacks, which made over 200,000 victims in at least 150 countries, affect only computers running Microsoft Corp.’s Windows that haven’t installed the security patch that the company released in March, or the emergency patch it released for older Windows systems over the weekend. The problem is that it can take organizations, especially large ones, a long time to install these patches.

 

“I think there’s going to be a lot of infections Monday morning,” said Ofer Israeli, chief executive of Tel Aviv-based cybersecurity firm Illusive Networks.

“Time will tell how quickly people are going to patch their systems.” If the answer is "not fast enough", what started off as a modest crippling of global Windows-based system, could become a full-blown global paralysis.

* * *

Earlier

There was a silver lining in what has been dubbed the "world's biggest ransomware attack" - it struck on Friday mid-afternoon (in Europe), just as businesses were winding down for the weekend, and as a result the full impact of the forced system shutdowns would not be fully felt over the weekend when businesses and infrastructure are generally operating at a subdued pace. However, with the weekend coming to a close, the full extent of the inflicted damage may become apparent in just a few hours.

That was the warning by Europol Executive Director Rob Wainwright who on ITV’s “Peston on Sunday” broadcast, said that additional disruptions are likely as people return to work Monday and turn on their desktop systems, and as a result the "unrivaled" global cyberattack is poised to continue claiming victims.

Speaking to ITV’s, Wainwright added the attack was indiscriminate across the private and public sectors.

At the moment we are in the face of an escalating threat, the numbers are going up, I am worried about how the numbers will continue to grow when people go to work and turn their machines on Monday morning."

“The latest count is over 200,000 victims in at least 150 countries. Many of those will be businesses including large corporations.”

“We’ve seen the rise of ransomware becoming the principal threat, I think, but this is something we haven’t seen before -- the global reach is unprecedented,” Wainwright also said. He also said that organisations across the globe, including investigators from the National Crime Agency (NCA), are now working non-stop to hunt down those responsible for the ransomware.

As we reported on Saturday, the initial attack was halted when a security researcher disabled a key mechanism used by the worm to spread, but experts said the hackers were likely to mount a second attack because so many users of personal computers with Microsoft operating systems couldn’t or didn’t download a security patch released in March that Microsoft had labeled “critical.” Microsoft said in a blog post Saturday that it was taking the “highly unusual“ step of providing the patch for older versions of Windows it was otherwise no longer supporting, including Windows XP and Windows Server 2003.

 

As the WSJ confirms, the attacks could worsen on Monday morning because of how the virus works.

The virus contains two parts. One is the ransomware, which locks the computer files and displays a message saying that the files will be locked and eventually destroyed unless the user sends payment over the internet to the hacker.

 

The other part is known as the "spreader." Once the virus makes its way onto one computer--perhaps when a user opens an infected email attachment--the spreader transmits itself to other computers on the network.

 

The British researcher, who wishes to be identified only as MalwareTech, found a kill switch in the spreader. The spreader was designed to contact a web address to see whether it should further spread itself, but hackers hadn't bought that web address. So MalwareTech did, and effectively stopped the virus's spread. It meant that one computer in a network could be infected, but the worm wouldn't spread to the rest of the network.

 

Cybersecurity experts expect the latest versions of the worm to have no kill switch for the spreader. So when workers return to the office Monday morning and turn on their computers, they might open an infected email attachment or connect an already-infected laptop to their organization's non-security-patched network and spread the worm.

There was some good news: having tipped their hand on Friday, and allowing hacking countermeasures to be implemented, about 97% of U.K. facilities and doctors disabled by the attack were back to normal operation, Home Secretary Amber Rudd said Saturday after a government meeting. As reported on Friday, at the height of the attack Friday and early Saturday, 48 organizations in the NHS were affected, and hospitals in London, North West England and Central England urged people with non-emergency conditions to stay away as technicians tried to stop the spread of the malicious software.

“There will be lessons to learn from what appears to be the biggest criminal cyber-attack in history,” Rudd said cited by Bloomberg in response to a letter from Jonathan Ashworth, the shadow secretary of state for health.

Meanwhile, according to Tom Robinson, chief operating officer and co-founder of Elliptic Enterprises Ltd., a ransomware consultant that works with banks and companies, victims have already paid about $30,000 in ransom so far, with the total expected to rise substantially next week, said . Robinson, in an interview by email, said he calculated the total based on payments tracked to Bitcoin addresses specified in the ransom demands. The number, which is likely a conservative estimate, will only embolden the hackers to become even more aggressive in their next attack.

Ransomware is a particularly stubborn problem because victims are often tricked into allowing the malicious software to run on their computers, and the encryption happens too fast for security software to catch it. Some security expects calculate that ransomware may bring in as much as $1 billion a year in revenue for the attackers.

According to Bloomberg, last year an acute-care hospital in Hollywood paid $17,000 in bitcoin to an extortionist who hijacked its computer systems and forced doctors and staff to revert to pen and paper for record-keeping.

On one hand, it is probable that the weekend gave many companies the opportunity to prepare for the next ransomware attack: "While any sized company could be vulnerable, many large organizations with robust security departments would have prioritized the update that Microsoft released in March and wouldn’t be vulnerable to Friday’s attack."

Even so, it does not explain why some of the world's biggest corporations were so strikingly unprepared for Friday's events. 

A spokesman for Spain’s Telefonica SA said the hack affected some employees at its headquarters, but the phone company is attacked frequently and the impact of Friday’s incident wasn’t major. FedEx said it was “experiencing interference,” the Associated Press reported.

 

Renault halted production at some factories to stop the virus from spreading, a spokesman said Saturday, while Nissan’s U.K. car plant in Sunderland, in northeast England, was affected without causing any major impact on business, an official said.

 

In Germany, Deutsche Bahn faced “technical disruptions” on electronic displays at train stations, but travel was unaffected, the company said in a statement on its website. Newspaper reports showed images of a ransomware message on display screens blocking train information.

 

Russia’s Interior Ministry, with oversight of the police forces, said about “1,000 computers were infected,” which it described as less than 1 percent of the total, according to its website.

 

Indonesia’s government reported two hospitals in Jakarta were affected.

Meanwhile, the latest anti-Russia narrative is growing.

"There is a high probability that Russian-language cybercriminals were behind the attack" said Aleks Gostev, chief cybersecurity expert for Kaspersky Labs. “Ransomware is traditionally their topic,” he said. “The geography of attacks that hit post-Soviet Union most also suggests that.” In retrospect, what more convenient confluence of events could there be than having a handy justification for Q2 GDP missing again - just blame it on the computer virus - and accusing Russia of being responsible for the latest global slowdown.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
SandiaMan's picture

Anyone here get hit?

small towel's picture

Please infect the price-rigging algos.

BaBaBouy's picture

This could get Nasty...

Shyt, I hope Virtual Bitcoinz are safe...

Market Crash ??????????????

AltRight Girl's picture

Maybe they should hire some geeks, and not spend all budget to spy on law abiding citizens and their bank transactions.

Computer Researcher Stops WannaCry Ransomware Attack with $10 and Some Change


abyssinian's picture

Central banks and the Feds are behind these attacks, you want to know why? Cause none of their stock buying computers, none of their money printing computers are affected..... 

BaBaBouy's picture

WELL... We'll See IF the Paper GOLD Dumping BOTS are up and running Monday Morn...

38BWD22's picture

 

 

I think we should expect these kinds of attacks to get more frequent and nastier in the years to come.

*  *  *

The USA long ago should have hardened its systems.  

Great .gov planning...  /s

Countrybunkererd's picture

This is the very first punch in the match.  The tools are out there now and the "keys to the kingdom" have been stolen.  The keys never should have been made, but it is too late for that now.

a Smudge by any other name's picture

That's the worst part. The guys that make these tools knew it was only a matter of time before they get out into the wild. American firms are the first and most likely target for these exploits. So fellas what's plan B? Oh yeah no plan B. This was done for short term advantage and damn the consequences.

espirit's picture

 

Well, well, well.

 

An old saying about those that you aren’t allowed to criticize has rung true.

 

Yesterday, or the day before when the EternalBlue ransomware story broke, I posted a comment starting with “Cui Bono?… Critical thinking skilz required past this point”, and proceeded to list those actors from MicroSoft to WallStreet who were most probable to benefit from such a ransomware attack and the desired outcome utilizing some deductive reasoning.

 

That post had done well with many likes and no downvotes the last time I had revisited that thread, but has since disappeared from the article and my logged posts.

 

My hammer found that nail.

    

fleur de lis's picture

That gives the NSA, CIA, MI5, Mossad, etc., just enough time to erase the police files on all their sleazy friends.

Kotzbomber747's picture

So far it seems the usual tempest in a teacup/scaremongering that we've seen over and over. Y2K anyone?

It's ±2pm in Asia as I write this and everything seems to be running.

overbet's picture

And just like that they have their justification to destroy BTC.

bamawatson's picture

i agree

yet i still think bitcoin is a honeypot

also; though bitcoiners steadfastly choose to deny it; the U.S. irs has, in fact, set forth regs which, if enforced are both dranconian and punitive

the few aware bc folks who have admitted i am correct, have only one response --- overwhelm irs with paperwork; 

good luck with that

https://www.youtube.com/watch?v=Uc5rar0GhIM

stacking12321's picture

Just because you're not aware of an alternate response doesn't mean it doesn't exist.

Stuck on Zero's picture

Here's how to protect yourself: Air-gap now. Protected Mode tomorrow.

2_legs_bahhhhhd's picture

My old 286 running 3.1 is running a bit slow, but it survived Y2K

Rusty Shorts's picture

I know where an old microsoft machine is still running windows 95 - dialup, at my old university lab....

Kotzbomber747's picture

Sure, I believe you that it's still "running," but what can you do with it these days?

HowdyDoody's picture

You couldn't browse ZH, that's for sure.

Shlomo Scheckelstein's picture

The digital sheckels are flowing in..

logicalman's picture

I don't think governments actually plan very much, other than how they can rip off the public.

They mostly respond to shit as it happens and bullshit from there.

BurningFuld's picture

I think you might want to boot with one of them there USB virus removal thingies.

Oldwood's picture

The only government plan is more control, so even when their plan fails and creates massive chaos they still win, as chaos is perceived as crisis and crisis is the wind beneath their wings.

adanata's picture

See Coen film "Burn After Reading". That's about .gov speed...

Urban Redneck's picture

That comment has to win the award for understatement of the year (so far...)

I heard a comment two days ago that proves that point, but it would actually scare people in its proper context.

The world really is always just one fat lard ass fuckup with a taxpayer pension away from a cataclysmic apocalypse now...

Koba the Dread's picture

The USA should have hardened its systems? Shoulda, coulda, woulda! The USA hasn't had a hard on since 1945.

abyssinian's picture

Central banks and the Feds are behind these attacks, you want to know why? Cause none of their stock buying computers, none of their money printing computers are affected..... 

John Law Lives's picture

***   SPAM ALERT   ***

Do not click on AltRight Girl's link.

AltRight Girl = diseased rhinoceros pizzle who uses multiple ids to SPAM here

aurum4040's picture

For those here who havent purchased Ether and Ripple, the writing on the wall will not become clearer - BTC is going to be taken down by the TPTB with Ether and Ripple. It's glaring at you - don't simply stare back. Take what is rightfully yours by dealing yourself in....Long ETH and XRP. 

Arnold's picture

I smell something smoldering on my Tesla roof.

phatfawzi's picture

this will be the end of bitcoin or anyother cryptocurrency, the powers that be don't like getting hoodwnked. reminds me of that clip from the movie casino.

 

https://youtu.be/FobzsyKjzW8

j0nx's picture

It was ze russians. Man doesn't seem like they are ever going to tire of blaming the Russians. I'm gonna start using them as excuses for my failures too. Seems to work for everyone else. The NSA and Microsoft are to blame for this and should be held completely accountable via lawsuits.

Got The Wrong No's picture

So we get screwed again. Guess who will pay. 

Sudden Debt's picture

It where bad IT managers who didn't do their job and keep the networks up to date.

I would fire my IT guy on the spot and sue him if I where infected.

TheReplacement's picture

I find, working in the IT arena, it is usually business owners who make IT people bad.  Everything important has to be done late at night with no compensation to the IT guy who is giving up his personal life just so you wannabe jews can save a buck.

You want better IT?  Make allowances for it and be realistic on what that is going to cost you.

Sudden Debt's picture

Hey, I understand, my first server was 2500 euro's and suddenly my IT guys said: update it.

So the first bill was 180.000 euro's and that was just for 2 racks.

That's something that makes you think but I did it.

I believe if everybody has good computers, they'll be able to work faster also.

Everybody here has an I7, and my network is build with expansion in mind.

And my IT guy makes 65 euro's an hour, and he's not complaining. If he wants to work from home, he can do so. 

But IT guys can't just do what is asked. They need to be proactive and have communication skills to speak out loud when there's a problem or a possibility of a problem.

I know plenty of lazy IT guys who only react when you ask it to them a dozen times in a row.

And a lot of IT guys lie to you so they can be lazy. When they feel they know more about IT then you do... you're screwed.

So every year I do a external audit of my IT that reports to me.

Z-PiLL's picture

Know what you're talking about? Know how systems get infected?
Guess not. Mostly happens by dumb users clicking every freaking link/attachment they receive in email.

True, still a job for sys admins, they will have to pre-scan emails for spoofed links/malicious attachments.

1 big issue is that many critical systems run on old OS'es, but that's sometimes inevitable because the software they use is not compatible. Of course that shouldn't be an excuse but it's reality.
And as every admin knows: there seems to be no end to stupidity of some users.

PEBCAK! Problem Exists Between Chair And Keyboard

Sudden Debt's picture

That's the easy answer.

1. If a zip or exe passes the firewall, you're fired.

If you need to blame users because they clicked something you let through, it means that people trusted you and that was their biggest fault.

You're the worst kind of IT there is if you blame the users for that.

Z-PiLL's picture

Yeah well, might be the easy answer but sadly the right one as well. Anyone with experience in IT-support can tell you that.
It's not even that I blame them directly; how can I blame someone who's indifferent and unknowing about it.
There's a task for sysadmins of course, to "school" their users.
But.... it's not like this is something new, right? This has been going on much longer than this outbreak and one would wish people get wiser about it. Truth is: they don't care as long as it doesn't concern their own money/files that have been lost.
Let them lose a batch of, say, childhood pictures that haven't been backed up. That's the only way for some to learn (aka: the hard way).

Of course there's absolutely no excuse for IT admins not keeping their systems patched. But in company environments, where legacy software is used often (like the hospitals in the UK for instance) there's no easy/cheap solution. That all depends on developers/management... The first ones asking (lots of-) money and the latter ones rather spending it on other things than security.

CrankyCurmudgeon's picture

Also wrong. Updates and new programs are imported online these days. Your IT guy can't do his job on those terms.

saulysw's picture

You do your job well, nothing goes wrong, make it look easy -> "Why do we pay this guy?"

You do your job badly, stuff goes wrong, you look incompetent -> "Why do we pay this guy?"

Sudden Debt's picture

That goes for every department.

Sales goes bad: HE'S LAZY!

Sales goes well: It's the company that does the selling and the product sells itself

 

Marketing: sales goes bad: It's marketing who's doing a bad job!

Sales goes well: Marketing has a easy job

 

and it goes on and on. Everybody believe only their job is hard and everybody else has an easy job.

 

 

HowdyDoody's picture

You forgot

Sales go bad: Exec remuneration increases
Sales go well: Exec remuneration increases

mc225's picture

sounds like b.s., to be honest... overhyped or even manufactured 'crisis' as a pretext for draconian measures? maybe it's just too much zh on my part...

Paper Mache's picture

My thoughts exactly.  

Insurrexion's picture

You could be right (about this being B.S.)

Smells like a Reichstag Fire + more Russian conspiracy to kick in support for NATO reaction.