Cyberattacks Expected To Spread Monday As Europol Fears Computer Systems Simply Won't Start

Tyler Durden's picture

Update: confirming our earlier report that Monday could get ugly for global computer system, the WSJ writes on Sunday afternoon that Cybersecurity experts are expecting another wave of computer-system attacks that encrypt files and demand ransom to unlock them on Monday, as companies and government agencies are seeking to restore normal operations and figure out the roots of the attack.

The attacks, which made over 200,000 victims in at least 150 countries, affect only computers running Microsoft Corp.’s Windows that haven’t installed the security patch that the company released in March, or the emergency patch it released for older Windows systems over the weekend. The problem is that it can take organizations, especially large ones, a long time to install these patches.

 

“I think there’s going to be a lot of infections Monday morning,” said Ofer Israeli, chief executive of Tel Aviv-based cybersecurity firm Illusive Networks.

“Time will tell how quickly people are going to patch their systems.” If the answer is "not fast enough", what started off as a modest crippling of global Windows-based system, could become a full-blown global paralysis.

* * *

Earlier

There was a silver lining in what has been dubbed the "world's biggest ransomware attack" - it struck on Friday mid-afternoon (in Europe), just as businesses were winding down for the weekend, and as a result the full impact of the forced system shutdowns would not be fully felt over the weekend when businesses and infrastructure are generally operating at a subdued pace. However, with the weekend coming to a close, the full extent of the inflicted damage may become apparent in just a few hours.

That was the warning by Europol Executive Director Rob Wainwright who on ITV’s “Peston on Sunday” broadcast, said that additional disruptions are likely as people return to work Monday and turn on their desktop systems, and as a result the "unrivaled" global cyberattack is poised to continue claiming victims.

Speaking to ITV’s, Wainwright added the attack was indiscriminate across the private and public sectors.

At the moment we are in the face of an escalating threat, the numbers are going up, I am worried about how the numbers will continue to grow when people go to work and turn their machines on Monday morning."

“The latest count is over 200,000 victims in at least 150 countries. Many of those will be businesses including large corporations.”

“We’ve seen the rise of ransomware becoming the principal threat, I think, but this is something we haven’t seen before -- the global reach is unprecedented,” Wainwright also said. He also said that organisations across the globe, including investigators from the National Crime Agency (NCA), are now working non-stop to hunt down those responsible for the ransomware.

As we reported on Saturday, the initial attack was halted when a security researcher disabled a key mechanism used by the worm to spread, but experts said the hackers were likely to mount a second attack because so many users of personal computers with Microsoft operating systems couldn’t or didn’t download a security patch released in March that Microsoft had labeled “critical.” Microsoft said in a blog post Saturday that it was taking the “highly unusual“ step of providing the patch for older versions of Windows it was otherwise no longer supporting, including Windows XP and Windows Server 2003.

 

As the WSJ confirms, the attacks could worsen on Monday morning because of how the virus works.

The virus contains two parts. One is the ransomware, which locks the computer files and displays a message saying that the files will be locked and eventually destroyed unless the user sends payment over the internet to the hacker.

 

The other part is known as the "spreader." Once the virus makes its way onto one computer--perhaps when a user opens an infected email attachment--the spreader transmits itself to other computers on the network.

 

The British researcher, who wishes to be identified only as MalwareTech, found a kill switch in the spreader. The spreader was designed to contact a web address to see whether it should further spread itself, but hackers hadn't bought that web address. So MalwareTech did, and effectively stopped the virus's spread. It meant that one computer in a network could be infected, but the worm wouldn't spread to the rest of the network.

 

Cybersecurity experts expect the latest versions of the worm to have no kill switch for the spreader. So when workers return to the office Monday morning and turn on their computers, they might open an infected email attachment or connect an already-infected laptop to their organization's non-security-patched network and spread the worm.

There was some good news: having tipped their hand on Friday, and allowing hacking countermeasures to be implemented, about 97% of U.K. facilities and doctors disabled by the attack were back to normal operation, Home Secretary Amber Rudd said Saturday after a government meeting. As reported on Friday, at the height of the attack Friday and early Saturday, 48 organizations in the NHS were affected, and hospitals in London, North West England and Central England urged people with non-emergency conditions to stay away as technicians tried to stop the spread of the malicious software.

“There will be lessons to learn from what appears to be the biggest criminal cyber-attack in history,” Rudd said cited by Bloomberg in response to a letter from Jonathan Ashworth, the shadow secretary of state for health.

Meanwhile, according to Tom Robinson, chief operating officer and co-founder of Elliptic Enterprises Ltd., a ransomware consultant that works with banks and companies, victims have already paid about $30,000 in ransom so far, with the total expected to rise substantially next week, said . Robinson, in an interview by email, said he calculated the total based on payments tracked to Bitcoin addresses specified in the ransom demands. The number, which is likely a conservative estimate, will only embolden the hackers to become even more aggressive in their next attack.

Ransomware is a particularly stubborn problem because victims are often tricked into allowing the malicious software to run on their computers, and the encryption happens too fast for security software to catch it. Some security expects calculate that ransomware may bring in as much as $1 billion a year in revenue for the attackers.

According to Bloomberg, last year an acute-care hospital in Hollywood paid $17,000 in bitcoin to an extortionist who hijacked its computer systems and forced doctors and staff to revert to pen and paper for record-keeping.

On one hand, it is probable that the weekend gave many companies the opportunity to prepare for the next ransomware attack: "While any sized company could be vulnerable, many large organizations with robust security departments would have prioritized the update that Microsoft released in March and wouldn’t be vulnerable to Friday’s attack."

Even so, it does not explain why some of the world's biggest corporations were so strikingly unprepared for Friday's events. 

A spokesman for Spain’s Telefonica SA said the hack affected some employees at its headquarters, but the phone company is attacked frequently and the impact of Friday’s incident wasn’t major. FedEx said it was “experiencing interference,” the Associated Press reported.

 

Renault halted production at some factories to stop the virus from spreading, a spokesman said Saturday, while Nissan’s U.K. car plant in Sunderland, in northeast England, was affected without causing any major impact on business, an official said.

 

In Germany, Deutsche Bahn faced “technical disruptions” on electronic displays at train stations, but travel was unaffected, the company said in a statement on its website. Newspaper reports showed images of a ransomware message on display screens blocking train information.

 

Russia’s Interior Ministry, with oversight of the police forces, said about “1,000 computers were infected,” which it described as less than 1 percent of the total, according to its website.

 

Indonesia’s government reported two hospitals in Jakarta were affected.

Meanwhile, the latest anti-Russia narrative is growing.

"There is a high probability that Russian-language cybercriminals were behind the attack" said Aleks Gostev, chief cybersecurity expert for Kaspersky Labs. “Ransomware is traditionally their topic,” he said. “The geography of attacks that hit post-Soviet Union most also suggests that.” In retrospect, what more convenient confluence of events could there be than having a handy justification for Q2 GDP missing again - just blame it on the computer virus - and accusing Russia of being responsible for the latest global slowdown.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
sirsmokum's picture

NOPE. False flag. Illuminati confirmed.

Vageling's picture

Nope. But I use linux. Not that that is immune. Called my old man and told him not to turn his computer on. Downloaded the patches from MS, disconnected his internet and installed it. Only fools got what they deserve! Update your shit! And I know my father doesn't do it. 63 years old and strutting because he learned how to use one. I take care of my own! 

Oldwood's picture

I have been struggling for hours now attempting to download those MS patches without turning my computer on and still can't get it to work. It must be my connection....

sgt_doom's picture

Poor . . . poor . . . poor UK, those jackholes over there put there people in tremendous jeopardy because instead of directing funds towards cyber security (I hate that term too), they have continuously wasted all those funds "guarding" or hovering around the embassy of Ecaudor where WikiLeaks' Julian Assange is holed up!

Their fearless leaders were utterly, utterly irresponsible and should all be held accountable!!!!!

chicken_goose's picture

It's going to be an absolute shitstorm and I'll be laughing as I sit here using Linux. Also worth nothing that a lot of the back-end stock market systems run on Linux distros (mostly Red Hat but also modified Gentoo in the case of the NASDAQ) so they should be fine, but many of the front-end machines run on Windows so could be a shitshow on some of the exchanges if they get infected.

Sandmann's picture

What laptop do you run Linux on ?

bverheg's picture

You can run Linux on nearly every laptop. I am using a Dell XPS 13 now (really very good). I have been running Linux for 25 years now and I am exclusively using Linux since more than 20 years. Have always been connected to the net, and never used a virus scanner or whatever you call these things you need keep your Windows machine clean. I never used Windows, and never missed it. I just can not understand how professional institutions can keep their (often obsolete) Windows machines connected to the net.

edotabin's picture

I have created a phrase that answers your question. It is called being in a state of constant engagement. They insist on building structures on faulty foundations which, in turn, creates this state of constant engagement. Upgrade, escalate, dispatch, expedite, buy, more, new, better, blah blah blah. Make the damn thing right the first time and 90% of the issues will disappear.

How many times can Windoze be taken over by viruses? How much more money do we need to spend on education before we realize our kids are coming out dumb as rocks? How many more pills need to be over or unnecessarily prescribed before we realize that superbugs are popping up left and right which pose a serious threat to humanity?

Its quantity over quality. I say it is by design 100%

Sandmann's picture

XPS 13 - I hear good things

Arnold's picture

Much of the older card swipe is still on XP.
I was running it on my ten year old box, until the power supply crapped out a couple of months ago.
A little buggy but still chugging.

Live disk Linux on the old laptop serves its' master until death, now

OverTheHedge's picture

Linux will run on almost anything, especially older pc's with slower processors. You can run it from a CD or usb drive, if you want to test your computer without breaking anything.

I would recommend Linux mint, if you are new to it.

https://community.linuxmint.com/iso

Sandmann's picture

I am a SuSE fan but want to install on a laptop with webcam etc. I know it was fine with IBM Thinkpads of the T42 and T61 variety but want to think about modern rigs. I really like YAST

edotabin's picture

Others have answered.

I'd just like to add that if you use linux for everyday surfing on the Internet you will notice almost ZERO difference in your day to day computer operation. It will look extremely similar and function nearly identically.

Where you will see some differences is in the availability of some drivers etc.  95% or more of the hardware will work, it just may not work to its full potential like with Windoze drivers etc. This usually affects gamers etc. and not your everyday web surfing.

 

 

a Smudge by any other name's picture

Others are overconfident. The Vault7 release is brimming over with tools to penetrate all flavors of linux along with Solaris, BSD, Vax, HPUX, pretty much anything that runs anything.

I'm waiting to see if somebody starts grepping for some hack strings. How surprised will you be to find some of this stuff seeded in the distros themselves?

TVP's picture

True, but Linux is still better than Mac OSX, and Mac OSX is better than Windows.  

Only real solution is to use 2FA for as much as you can, and not only SMS 2FA but also universal 2FA from a hardware device where it is supported.  

A certain blockchain-based app called Maidsafe is in beta mode right now.  Once it goes live, it could solve a host of privacy/security issues.  In a nutshell, it holds your files in small bits across thousands of devices, similar to how the bitcoin network processes transactions through thousands of ASICs.  But until then there's only so much one can do.  

Oh and one more thing.  Ghostery reports a whopping FIFTY-ONE ad-trackers from Zerohedge right now.  If you wonder why the page lags sometimes, that's why.  I've never seen so many trackers on any other site, ever.  

emersonreturn's picture

thanks, i was wondering...sigh.  i love the tylers making money, love that the world loves ZH...but i need to update my adblock. 

Amicus Curiae's picture

Blur tells me only 12 trackers right now?

edotabin's picture

OS X is nothing more than a modified FreeBSD with a pretty interface stuck on top of it.

As for security in general, no lock is 100% safe. It just keeps the honest people out. People break out of maximum security prisons. Why would I think that any connected computer is 100% safe? It's just that they don't have a huge "Welcome Hackers" sign like Windoze does.

Vlad the Inhaler's picture

Correct me if I'm wrong but all people had to do was keep their Windows Update current and they would not have got infected.  Not that difficult, I have mine set to run every night at 3am.

BurningFuld's picture

Russia got hit so hard cause they all run stolen versions of Windows that do not update.

bigkahuna's picture

that then begs the question - would not MS benefit from screwing over all of those running unlicensed versions....

of course they are hitting some legit customers - but that has never stopped them before.

Insurrexion's picture

I am not an adherent of the Media/Democrap/Neocon bullshit blaming Russia for everything from ass sweat & bad burritos to poisonous Zantedeschia.

However, we secretly applaud this ransomware attack to bring the global system down.

And WTF...gangsters need to make money to pay the boss. They learned it from the bankers.

If Russia did execute this >congratulations comrades.

They needed to wack their own "stolen" Windows op. systems to:

1. Cover their attack net and deny their involvement.

2. Understand where their vulnerabilities were. Now they do and now they fix their vulnerabilities.

3. Fuck the CIA and NSA.

What's not to like?

 

Ballin D's picture

good way to end up with another virus... windows 10

AGuy's picture

"(mostly Red Hat but also modified Gentoo in the case of the NASDAQ)"

Wow I didn't think any large corps were using Gentoo! I hate RHL.

mc888's picture

I've never seen a Fujitsu PrimePower running linux.

OverTheHedge's picture

Wow! 55!

They just happened to find 55 new problems, suddenly, in the space of an afternoon? They never knew about any of these until now?

My word, but they are good! Handy to know that when in a tight spot, they can instantly diagnose, and FIX, so many different problems, all in one go, and test them inside and out to make sure that the fix isn't worse than the problem, and get it all issued and ready, all during a weekend.

My hat's off to Microsoft - they have really earned their money this weekend. Perhaps I should scrap my Linux, and go back to Windows -  I would feel so much safer!

a Smudge by any other name's picture

This has dumfounded me for years. You buy Microsoft operating sytems with your new computer and then you buy security software for it because they know it's a shit product. And somehow this is normal.

Would you buy a new car that had no brakes, seatbelts or airbags and then take it to somebody else to have this installed?

virgule's picture

I love this note at the end of the linked article:

Finally, users of Microsoft's anti-malware products, including Windows Defender and Microsoft Security Essentials should make sure that their engine is updated to version 1.1.13704.0. Older versions contain a highly critical vulnerability that can be easily exploited by attackers to take complete control of computers.

So...basically, MS AntiVirus allows hackes to take control of your PC? LOL

Rusty Shorts's picture

Yeah, I've been running an old MS DELL unit for about 8 years now, came with a pre-installed anti-virus program which had to be re-purchased each year. I never paid for it again after the first year...hardly any problems since I got rid of the AV program...if my pc starts getting sideways I just do a system restore and keep on trucking .no problems.

HRClinton's picture

55 fixes, just like that?

Did Baghdad Bob release that statement for MS?

HowdyDoody's picture

You missed the obligatory - 3 used by Russian cyberspies.

No mention of the 140 (or whatever) used by NSA/GCHQ/Mossad

Trucker Glock's picture

"Microsoft fixes 55 vulnerabilities !!!!!!!!!"

Only a 140 to go?

Stan522's picture

Or... it will belike the Y2K fear....

joeyman9's picture

My son tells me it only hit xp and xp based systems, that microsoft had already patched the flaw in all other versions of their computers; is this true?

Dilluminati's picture

You go out of band in that patching, I had a laptop off sine last nov, tried to upgrade and HOSED!

And there are companies out there with complex systems stepping on their dicks and lip and no matter how much they spend hosed.

It's a focking joke what MSFT has created and the terms and conditions of their spyware, this should be an article about how we focking arrived at this destination the journey of MSFT writing legislation to arrive society where we find it today and who liked it this way and why interests of privacy and national security were ignored?

The cocksuckers

Sandmann's picture

What is the bet that Word docs are the trigger ?

espirit's picture

+1

I wouldn’t take that bet, as I’ve also noticed a correlation.

 

land_of_the_few's picture

Wouldn't exactly trust PDFs either ....

Steroid's picture

Can Microsoft be sued for collaborating with the NSA?

What is the SOP when a whore is raped?

nightshiftsucks's picture

Let the whole steaming pile collapse.

Seasmoke's picture

This is Only a TEST. This is Only a TEST. Now back to our regular programming.

Truthseeker20's picture

False flag to go after bitcoin. Also, the overvalued stock market will have excuse to crash.

TradingTroll's picture

Why not go after electronic money and the cloud? If the system is so unstable.

These viruses will only get worse.

flapdoodle's picture

As esprit said, "cui bono?"

A good rule of thumb - never do things for only one reason...