Cyberattacks Expected To Spread Monday As Europol Fears Computer Systems Simply Won't Start

Tyler Durden's picture

Update: confirming our earlier report that Monday could get ugly for global computer system, the WSJ writes on Sunday afternoon that Cybersecurity experts are expecting another wave of computer-system attacks that encrypt files and demand ransom to unlock them on Monday, as companies and government agencies are seeking to restore normal operations and figure out the roots of the attack.

The attacks, which made over 200,000 victims in at least 150 countries, affect only computers running Microsoft Corp.’s Windows that haven’t installed the security patch that the company released in March, or the emergency patch it released for older Windows systems over the weekend. The problem is that it can take organizations, especially large ones, a long time to install these patches.

 

“I think there’s going to be a lot of infections Monday morning,” said Ofer Israeli, chief executive of Tel Aviv-based cybersecurity firm Illusive Networks.

“Time will tell how quickly people are going to patch their systems.” If the answer is "not fast enough", what started off as a modest crippling of global Windows-based system, could become a full-blown global paralysis.

* * *

Earlier

There was a silver lining in what has been dubbed the "world's biggest ransomware attack" - it struck on Friday mid-afternoon (in Europe), just as businesses were winding down for the weekend, and as a result the full impact of the forced system shutdowns would not be fully felt over the weekend when businesses and infrastructure are generally operating at a subdued pace. However, with the weekend coming to a close, the full extent of the inflicted damage may become apparent in just a few hours.

That was the warning by Europol Executive Director Rob Wainwright who on ITV’s “Peston on Sunday” broadcast, said that additional disruptions are likely as people return to work Monday and turn on their desktop systems, and as a result the "unrivaled" global cyberattack is poised to continue claiming victims.

Speaking to ITV’s, Wainwright added the attack was indiscriminate across the private and public sectors.

At the moment we are in the face of an escalating threat, the numbers are going up, I am worried about how the numbers will continue to grow when people go to work and turn their machines on Monday morning."

“The latest count is over 200,000 victims in at least 150 countries. Many of those will be businesses including large corporations.”

“We’ve seen the rise of ransomware becoming the principal threat, I think, but this is something we haven’t seen before -- the global reach is unprecedented,” Wainwright also said. He also said that organisations across the globe, including investigators from the National Crime Agency (NCA), are now working non-stop to hunt down those responsible for the ransomware.

As we reported on Saturday, the initial attack was halted when a security researcher disabled a key mechanism used by the worm to spread, but experts said the hackers were likely to mount a second attack because so many users of personal computers with Microsoft operating systems couldn’t or didn’t download a security patch released in March that Microsoft had labeled “critical.” Microsoft said in a blog post Saturday that it was taking the “highly unusual“ step of providing the patch for older versions of Windows it was otherwise no longer supporting, including Windows XP and Windows Server 2003.

 

As the WSJ confirms, the attacks could worsen on Monday morning because of how the virus works.

The virus contains two parts. One is the ransomware, which locks the computer files and displays a message saying that the files will be locked and eventually destroyed unless the user sends payment over the internet to the hacker.

 

The other part is known as the "spreader." Once the virus makes its way onto one computer--perhaps when a user opens an infected email attachment--the spreader transmits itself to other computers on the network.

 

The British researcher, who wishes to be identified only as MalwareTech, found a kill switch in the spreader. The spreader was designed to contact a web address to see whether it should further spread itself, but hackers hadn't bought that web address. So MalwareTech did, and effectively stopped the virus's spread. It meant that one computer in a network could be infected, but the worm wouldn't spread to the rest of the network.

 

Cybersecurity experts expect the latest versions of the worm to have no kill switch for the spreader. So when workers return to the office Monday morning and turn on their computers, they might open an infected email attachment or connect an already-infected laptop to their organization's non-security-patched network and spread the worm.

There was some good news: having tipped their hand on Friday, and allowing hacking countermeasures to be implemented, about 97% of U.K. facilities and doctors disabled by the attack were back to normal operation, Home Secretary Amber Rudd said Saturday after a government meeting. As reported on Friday, at the height of the attack Friday and early Saturday, 48 organizations in the NHS were affected, and hospitals in London, North West England and Central England urged people with non-emergency conditions to stay away as technicians tried to stop the spread of the malicious software.

“There will be lessons to learn from what appears to be the biggest criminal cyber-attack in history,” Rudd said cited by Bloomberg in response to a letter from Jonathan Ashworth, the shadow secretary of state for health.

Meanwhile, according to Tom Robinson, chief operating officer and co-founder of Elliptic Enterprises Ltd., a ransomware consultant that works with banks and companies, victims have already paid about $30,000 in ransom so far, with the total expected to rise substantially next week, said . Robinson, in an interview by email, said he calculated the total based on payments tracked to Bitcoin addresses specified in the ransom demands. The number, which is likely a conservative estimate, will only embolden the hackers to become even more aggressive in their next attack.

Ransomware is a particularly stubborn problem because victims are often tricked into allowing the malicious software to run on their computers, and the encryption happens too fast for security software to catch it. Some security expects calculate that ransomware may bring in as much as $1 billion a year in revenue for the attackers.

According to Bloomberg, last year an acute-care hospital in Hollywood paid $17,000 in bitcoin to an extortionist who hijacked its computer systems and forced doctors and staff to revert to pen and paper for record-keeping.

On one hand, it is probable that the weekend gave many companies the opportunity to prepare for the next ransomware attack: "While any sized company could be vulnerable, many large organizations with robust security departments would have prioritized the update that Microsoft released in March and wouldn’t be vulnerable to Friday’s attack."

Even so, it does not explain why some of the world's biggest corporations were so strikingly unprepared for Friday's events. 

A spokesman for Spain’s Telefonica SA said the hack affected some employees at its headquarters, but the phone company is attacked frequently and the impact of Friday’s incident wasn’t major. FedEx said it was “experiencing interference,” the Associated Press reported.

 

Renault halted production at some factories to stop the virus from spreading, a spokesman said Saturday, while Nissan’s U.K. car plant in Sunderland, in northeast England, was affected without causing any major impact on business, an official said.

 

In Germany, Deutsche Bahn faced “technical disruptions” on electronic displays at train stations, but travel was unaffected, the company said in a statement on its website. Newspaper reports showed images of a ransomware message on display screens blocking train information.

 

Russia’s Interior Ministry, with oversight of the police forces, said about “1,000 computers were infected,” which it described as less than 1 percent of the total, according to its website.

 

Indonesia’s government reported two hospitals in Jakarta were affected.

Meanwhile, the latest anti-Russia narrative is growing.

"There is a high probability that Russian-language cybercriminals were behind the attack" said Aleks Gostev, chief cybersecurity expert for Kaspersky Labs. “Ransomware is traditionally their topic,” he said. “The geography of attacks that hit post-Soviet Union most also suggests that.” In retrospect, what more convenient confluence of events could there be than having a handy justification for Q2 GDP missing again - just blame it on the computer virus - and accusing Russia of being responsible for the latest global slowdown.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
edotabin's picture

See? The Russians did do it after all. I knew it was that Putin's fault!

More spending! We must spend on education.

Only misogynistic computers will be infected.

WillyGroper's picture

great global banking heist by tptb?

barysenter's picture

Thats yet to come, the next big push, surge, followed by strangling the money supply and raising taxes to steal everything "by the rules" of economic warfare.
END THE FED

Anarchyteez's picture

Is it possible the system gets so fucked up that BTC becomes impossible to pay with? Now that would be humorous.

stecha's picture

lmfao-same here ubuntu and slackware geek. funny how every windows disease is born on linux ands raised in a microsoft windows system..

barysenter's picture

Microft issued the service bulletin. Chalk up another expensive, preventable catastrophe to the graduates of the School of Preferred Outcomes, who again failed to operate in objective reality, with bogus KPIs, "staffing services", "saleswomen" and "fine print".
This is what authoritarian systems produce, folks. They own everything. They own YOU.
https://www.youtube.com/watch?v=P_Zqbg6QThg

Trucker Glock's picture

"Turn those machines back on!"

barysenter's picture

Oh no! The help can't read, write or do math! We can't bill! THERE'S NO EBT!!! Yeehaw!

Son of Captain Nemo's picture

Certainly can't wait for the market opening tomorrow morning with MSFT prominently standing out for the "EYE" to SEE with it's "direction"!...

Double that with a "Buttcoin" chaser!!!...

Son of Captain Nemo's picture

Prediction...

I see MSFT and "Buttcoin" hitting new highs by the close of the week!

BingoBoggins's picture

Will there be a declared holiday? memorial Day, the prequel

lakecity55's picture

Monday:

"Boss, my computer blew up"
"Good thing you called me! Mine blew up, too!"

J Jason Djfmam's picture

"Good thing you E-mailed me!"

847328_3527's picture

Is this the Black Swan?

lakecity55's picture

Should have kept their anti-virus up to date.

 

847328_3527's picture

gov employees are too busy with midget porn to be bothered with trivial stuff like that.

TradingTroll's picture

Many of those corporations still use XP. No patch.

And the author is surprised?

Consumers have two options:

1. Win 10 spyware
2. Win XP ransomware

You take your chances either way.

funkyfreddy's picture

Patch is available for XP now though.

 

 

847328_3527's picture
"No one saw this coming..." U.K. Health Service Ignored Warnings for Months

 

 

 

https://www.nytimes.com/2017/05/12/world/europe/nhs-cyberattack-warnings...

Dilluminati's picture

I bet Veterans Affairs is a focking gem also

 

ZeroPoint's picture

This is what you get for buying Microsoft products. A company that has long been complicit with the NSA and other alaphabet agencies in purposely weakening its products and keeping them compromised.

Just wait until the AMD and Intel CPU backdoors are found.

silverer's picture

Well, hell. They already were building malware right into the hard drive boards on something like 30% of the new hard drives. Seagate, WD, etc.. China is now building its own CPUs and hard drives, and writing its own code. Can't blame them.

loveyajimbo's picture

All of you Bitcoin sheep must be sweating through your panties about now... see how easy it is to fuck with anything online?  And if there are several major governments behind it... or the next one... you are even more SOL.  No offense.

shovelhead's picture

But they're rich...RICH I tell ya.

Chippewa Partners's picture

Mothers Day. Great day to plan your trip to Marfa Texas

coast1's picture

Months ago people in the know were saying the globalists will use a cyber attack to blame the collapse on...But they get bonus points, cause not only can they demonize Russia again, they can demonize bitcoin also...perfect plan?

 And, the bank run in Canada..I am trying to wrap my head around this but its not registering, too ealy in the morning maybe...But I heard that if a bank has 100 dollars in deposits, they can lend out ten times that much..Which they do, so how does it effect the situation overall?  not only are people taking their deposits, but the bank wont be able to cover the 1000 dollars? 

moorewasthebestbond's picture

I'm sure the CIA's whistleblower/mouthpiece (Snowden) will chime in on this.

Panic Mode's picture

So far I still manage not to use MS shite in my career. Those developers working for MS, I don't know how the fuck they managed create so much shite. Unusable slow turd with full of security flaws.

 

land_of_the_few's picture

We are fixing it for you presently, Sir, do not be bothering us so harshly.

oldschool's picture

Any link between this and the recent leak of CIA/NSA nasty internet tricks?  I have no idea, just asking those who might.

To Hell In A Handbasket's picture

How many Israeli based systems are effected, is the question? Unit 8200?

Internet-is-Beast's picture

Let us hope as few as possible since their software is in the most critical installations on which societies depend all over the world. That would be a real disaster.

shovelhead's picture

I just unlocked up my computer from a different ransomware.

It started out:

She was a cocktail waitress...

directaction's picture

Let's hope they shut down CNBC.
Permanently

south40_dreams's picture

It was better when they had comments. Most ripped the CNBC propaganda to shreds, which is probably why they quit, or surrendered

bardot63's picture

Viewer ratings did that years ago.  On my set, it comes in as a b&w test pattern.

Berspankme's picture

You mean it's still on the air?

theprofromdover's picture

so did anyone pay, and were they re-instated?

Dilluminati's picture

There is two types of payers.  Those who pay and do not disclose and those who pay and do!

Two articles:

Yahoo Says 1 Billion User Accounts Were Hacked

https://www.nytimes.com/2016/12/14/technology/yahoo-hack.html?_r=0

Corporate Judgment Call: When to Disclose You’ve Been Hacked

 

Cyberattacks become more common, but relatively few get reported to the SEC 

https://www.wsj.com/articles/corporate-judgment-call-when-to-disclose-yo...

The cocksuckers!!

 

land_of_the_few's picture

I believe the deal is, you can pay if you like, and no, they can't help :D

J Jason Djfmam's picture

Wait until the defense system gets infected and they want all of the money or they will launch all of the nukes.

Dilluminati's picture

On a serious note: first cert 1996 win96, MCSD 2003, Security + CE, work major systems both as contractor and employee.  Patch management has become a f0cking nightmare.  And he vendors aren't helping much as they own the congress and donate and then tell those critters to suck their cocks and just write more bad legislation in respect to security and privacy.  Just google windows and upgrade and getting hosed or more factually "loop."  A stack with Oracle, IBM, MSFT, Java, PHP, certifcates, domains, and then a key piece of equipment is hosed due to a vendor issue.  I worked for MSFT as an evangelist in 2000 for Exchange, want to see a real f0cking nightmare? How about a active directory upgrade gone bad?  (queue up Unisys and DHS consolidation.)  Yesterday I had an Acer One 722 with 4 mem  & SSD go into loop on win10.  I keep that laptop for tethering pdanet and the atheros wireless for Kali, well anyway that required a reset and I secured the unit using Grub against the latest round of atatcks.  No amount of focking around would fix it, Hours upon hours to rebuild stupid PT laptop which I might use 5 6 times a year.  

My point is that a situation can occur where upgrading cannot be performed due to vendor mismatch.

Then the last upgrade and the next upgrade (forced time lapse) creates a scenario where the cumulative upgrade hoses the system.

So this entire narative that MSFT pumps out to the public about it is all about simply upgrading is BS.  There shit breaks.  And MSFT gets away with this by their EULA which reads: Not responsible for incidental, consequental real or imagined damages.

This article 10 ridiculous EULA proves that point.

http://www.makeuseof.com/tag/10-ridiculous-eula-clauses-agreed/

And there has been this recently:

Woman wins $10,000 judgment against Microsoft for forced Windows 10 upgrade

https://www.extremetech.com/computing/230794-woman-wins-10000-judgment-a...

But as a generalization I read the news about this hack and look at the larger picture and can only say that the reason why this is happening is great part becuase MSFT, Google, and other large tech companies wrote legislation exempting them from RESPONSIBILITY!

Just something to think about and why running free linux with only required daemons is the best recourse, at least your not paying for software that is insecure and can recompile the kernel to meet a corporate need.

Bartoli's picture

Business critical servers are not powered off on the weekends....hype alert.

quasi_verbatim's picture

MS chopping support for legacy portals has always struck me as invidious

chosen's picture

The fault is basically with Microsoft.  Microsoft only provides security patches to some products it sells, but not to others.   For example, it stopped security patches to XP three years ago.  Microsoft wants its customers to move to new operating systems, but many critical programs that work in XP, do not work in later versions.  What's about as bad is nobody knows if a program will work in a new OS, unless one moves to the new OS.   I imagine a large number of lawsuits aimed at Microsoft are in the works, and justifiably so.

PrivetHedge's picture

This hole has been around since XP, onviously the NSA were using it - they could have insisted Microsoft fixed it decades ago.

If our security services refuse to defend us we should not just then blame Microsoft.