Cyberattacks Expected To Spread Monday As Europol Fears Computer Systems Simply Won't Start

Tyler Durden's picture

Update: confirming our earlier report that Monday could get ugly for global computer system, the WSJ writes on Sunday afternoon that Cybersecurity experts are expecting another wave of computer-system attacks that encrypt files and demand ransom to unlock them on Monday, as companies and government agencies are seeking to restore normal operations and figure out the roots of the attack.

The attacks, which made over 200,000 victims in at least 150 countries, affect only computers running Microsoft Corp.’s Windows that haven’t installed the security patch that the company released in March, or the emergency patch it released for older Windows systems over the weekend. The problem is that it can take organizations, especially large ones, a long time to install these patches.

 

“I think there’s going to be a lot of infections Monday morning,” said Ofer Israeli, chief executive of Tel Aviv-based cybersecurity firm Illusive Networks.

“Time will tell how quickly people are going to patch their systems.” If the answer is "not fast enough", what started off as a modest crippling of global Windows-based system, could become a full-blown global paralysis.

* * *

Earlier

There was a silver lining in what has been dubbed the "world's biggest ransomware attack" - it struck on Friday mid-afternoon (in Europe), just as businesses were winding down for the weekend, and as a result the full impact of the forced system shutdowns would not be fully felt over the weekend when businesses and infrastructure are generally operating at a subdued pace. However, with the weekend coming to a close, the full extent of the inflicted damage may become apparent in just a few hours.

That was the warning by Europol Executive Director Rob Wainwright who on ITV’s “Peston on Sunday” broadcast, said that additional disruptions are likely as people return to work Monday and turn on their desktop systems, and as a result the "unrivaled" global cyberattack is poised to continue claiming victims.

Speaking to ITV’s, Wainwright added the attack was indiscriminate across the private and public sectors.

At the moment we are in the face of an escalating threat, the numbers are going up, I am worried about how the numbers will continue to grow when people go to work and turn their machines on Monday morning."

“The latest count is over 200,000 victims in at least 150 countries. Many of those will be businesses including large corporations.”

“We’ve seen the rise of ransomware becoming the principal threat, I think, but this is something we haven’t seen before -- the global reach is unprecedented,” Wainwright also said. He also said that organisations across the globe, including investigators from the National Crime Agency (NCA), are now working non-stop to hunt down those responsible for the ransomware.

As we reported on Saturday, the initial attack was halted when a security researcher disabled a key mechanism used by the worm to spread, but experts said the hackers were likely to mount a second attack because so many users of personal computers with Microsoft operating systems couldn’t or didn’t download a security patch released in March that Microsoft had labeled “critical.” Microsoft said in a blog post Saturday that it was taking the “highly unusual“ step of providing the patch for older versions of Windows it was otherwise no longer supporting, including Windows XP and Windows Server 2003.

 

As the WSJ confirms, the attacks could worsen on Monday morning because of how the virus works.

The virus contains two parts. One is the ransomware, which locks the computer files and displays a message saying that the files will be locked and eventually destroyed unless the user sends payment over the internet to the hacker.

 

The other part is known as the "spreader." Once the virus makes its way onto one computer--perhaps when a user opens an infected email attachment--the spreader transmits itself to other computers on the network.

 

The British researcher, who wishes to be identified only as MalwareTech, found a kill switch in the spreader. The spreader was designed to contact a web address to see whether it should further spread itself, but hackers hadn't bought that web address. So MalwareTech did, and effectively stopped the virus's spread. It meant that one computer in a network could be infected, but the worm wouldn't spread to the rest of the network.

 

Cybersecurity experts expect the latest versions of the worm to have no kill switch for the spreader. So when workers return to the office Monday morning and turn on their computers, they might open an infected email attachment or connect an already-infected laptop to their organization's non-security-patched network and spread the worm.

There was some good news: having tipped their hand on Friday, and allowing hacking countermeasures to be implemented, about 97% of U.K. facilities and doctors disabled by the attack were back to normal operation, Home Secretary Amber Rudd said Saturday after a government meeting. As reported on Friday, at the height of the attack Friday and early Saturday, 48 organizations in the NHS were affected, and hospitals in London, North West England and Central England urged people with non-emergency conditions to stay away as technicians tried to stop the spread of the malicious software.

“There will be lessons to learn from what appears to be the biggest criminal cyber-attack in history,” Rudd said cited by Bloomberg in response to a letter from Jonathan Ashworth, the shadow secretary of state for health.

Meanwhile, according to Tom Robinson, chief operating officer and co-founder of Elliptic Enterprises Ltd., a ransomware consultant that works with banks and companies, victims have already paid about $30,000 in ransom so far, with the total expected to rise substantially next week, said . Robinson, in an interview by email, said he calculated the total based on payments tracked to Bitcoin addresses specified in the ransom demands. The number, which is likely a conservative estimate, will only embolden the hackers to become even more aggressive in their next attack.

Ransomware is a particularly stubborn problem because victims are often tricked into allowing the malicious software to run on their computers, and the encryption happens too fast for security software to catch it. Some security expects calculate that ransomware may bring in as much as $1 billion a year in revenue for the attackers.

According to Bloomberg, last year an acute-care hospital in Hollywood paid $17,000 in bitcoin to an extortionist who hijacked its computer systems and forced doctors and staff to revert to pen and paper for record-keeping.

On one hand, it is probable that the weekend gave many companies the opportunity to prepare for the next ransomware attack: "While any sized company could be vulnerable, many large organizations with robust security departments would have prioritized the update that Microsoft released in March and wouldn’t be vulnerable to Friday’s attack."

Even so, it does not explain why some of the world's biggest corporations were so strikingly unprepared for Friday's events. 

A spokesman for Spain’s Telefonica SA said the hack affected some employees at its headquarters, but the phone company is attacked frequently and the impact of Friday’s incident wasn’t major. FedEx said it was “experiencing interference,” the Associated Press reported.

 

Renault halted production at some factories to stop the virus from spreading, a spokesman said Saturday, while Nissan’s U.K. car plant in Sunderland, in northeast England, was affected without causing any major impact on business, an official said.

 

In Germany, Deutsche Bahn faced “technical disruptions” on electronic displays at train stations, but travel was unaffected, the company said in a statement on its website. Newspaper reports showed images of a ransomware message on display screens blocking train information.

 

Russia’s Interior Ministry, with oversight of the police forces, said about “1,000 computers were infected,” which it described as less than 1 percent of the total, according to its website.

 

Indonesia’s government reported two hospitals in Jakarta were affected.

Meanwhile, the latest anti-Russia narrative is growing.

"There is a high probability that Russian-language cybercriminals were behind the attack" said Aleks Gostev, chief cybersecurity expert for Kaspersky Labs. “Ransomware is traditionally their topic,” he said. “The geography of attacks that hit post-Soviet Union most also suggests that.” In retrospect, what more convenient confluence of events could there be than having a handy justification for Q2 GDP missing again - just blame it on the computer virus - and accusing Russia of being responsible for the latest global slowdown.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Arrest Hillary's picture

Bitcoin surges to meet ransom demands ?

Dodgy Geezer's picture

That's funny. 

 

I distinctly remember paying the Security Services and Spymasters HUGE sums of money because they said the new computer world was dangerous and they needed to protect us.

 

Now, it seems, they have spent that money on attacking people, and let that weaponised code out onto the streets.  Can we have our money back, please?

jcbudmo's picture

Has it attacked Israel?

Nah, thought not.

elMente's picture

http://www.ibtimes.co.uk/global-cyberattack-full-list-countries-affected...

 

Assuming that the above list issued on last Saturday is mostly complete... you may be right, mane!

83_vf_1100_c's picture

  If everyone moved to a Linux distro then Linux would get hacked regularly. Windoze is the big OS and therefore the largest easiest target to hit. I run Win 7 with winloader to bypass needing that pesky 20 digit key that spazzed out if I swapped the wrong piece of hdwr. Run an av prog and malwarebytes.  No probs in a lot of years. Torrents are the riskiest thing I play with and anything I dl gets run thru my security progs. I am extremely critical of email. I'll delete an email if it looks the least bit flaky. So far, so good for many years.

silverer's picture

"...then Linux would get hacked regularly."

I always thought it was pretty cool that the Microsoft main website ran on Linux. Because it was better. I think Linux will always be better, because the focus is on the product, not on the revenue.

flapdoodle's picture

You are incorrect. "Everyone" HAS moved to a Linux distro - on their cell phone. Its called Android. WHERE are the worms and malware that should be propagating like wildfire on most of the worlds cell phones? MOST OF THEM RUN LINUX under the hood. (Log into your cell phone sometime).

The old chestnut about MSFT software only being hit because its more popular is bull shit.

But then again, its a Darwinian thing - stupid people deserve an operating system for their computer too...

Mother Fletcher's picture

I have a separate computer for torrents. And I've used WATremover for testing trash computers for operability and  7 compatibility. MBAM pay-for-it version has saved my ass countless times. I get into a lot of questionable pr0n.

RawPawg's picture

all that constantly checking for MS Updates because i got bored with playing Solitaire so much

Finally Paid Off......(knocking on wood)

konadog's picture

"There will be lessons to learn from what appears to be the biggest criminal cyber-attack in history," Rudd said cited by Bloomberg in response to a letter from Jonathan Ashworth, the shadow secretary of state for health.

Really Jonathan? Would they be the same lessons that you learned from the Code Red computer worm that hit back in July 2001?  What, you don't remember that?  Well, allow me to refresh your memory.  That was when the ivy league elite inbreeds that run the world decided to dumb down IT and outsource it to third world countries with corrupt and lazy cultures and then pay themselves big bonuses for having such a fabulous cost cutting idea.

Sorry, Jonathan but there is no reason to believe that you or the rest of the ivy league inbreeds will learn anything - ever.

funkyfreddy's picture

The funny thing to me about all this is that earlier in the day on Friday there was brewing outrage about a HP laptop driver that included key logging software. Why was this funny? Because the version with the security back door was being pushed out by Windows Update. So in one securiy news story you have a reminder that Windows Updates arent always good for you or your machines, then that suddenly gets superceded by a Patch NOW!!! news story.

 

 

Sanity Bear's picture

Sorry, but I don't buy it. The government seems way way way way way way way way way too interested in specifically having us turn on the Windows Update "service" that anyone with half a brain long ago turned off.

I call bullshit on this. The real malware is probably in what they're trying to get you to install voluntarily.

flapdoodle's picture

The Deep State has a "Windows Update" service plan for human beings as well.

Its called "mandatory vaccines" where yearly everyone must allow the Government to inject them with whatever the Deep State wants. Consider the endless possibilities - cancer agents de jour, nano-technology (this is how people will be "chipped" IMHO), mind control drugs, autism triggers, fluoride, poison, the sky is the limit.

Its really the same game and the same plan, and the mandatory part is already here in many states.

ProsperD9's picture

EXACTLY...!!!!!! This sounds more like an advertisement for the Windows update!

U4 eee aaa's picture

That planned obsolescence worked really well this time MSFT

U4 eee aaa's picture

You notice that MSFT was able to release a patch immediately. They just weren't interested in keeping computers secure because they wanted to force businesses to upgrade.

I've got to think that maybe a few lawyers would look at that angle. MSFT is more extortionware than the actual worm

silverer's picture

I blame the people that bought Microsoft products. It became clear a long, long time ago that the Microsoft OS was ripe for terrorizing. Knowing this, a buyer willingly takes the risk to use that junk. Microsoft was always more worried about maintaining control over their products than providing a secure, sound OS for the end user.

Ident 7777 economy's picture

 

 

ANYBODY running Win 10 is safe.

 

I guess you're not.

RICKYBIRD's picture

Anybody running Windows 7 who downloaded the free Windows security update treating this last March is also safe. 

RICKYBIRD's picture

I have F-Secure, which is a premier anti-virus and security software and identity protection. Check it out on Wikipedia.

ogretown's picture

The possible scenario as I see it - some short and disgustingly obese, basement-dwelling hacker ham-fists his way to creating a bug that allows him to add thousands of buttcoins to his stash.  Somewhere in his heart of hearts the Lardassian must know that even with his soon to be obscene amount of wealth his fat ass will NOT fit inside the luxury car of his dreams. The pimples will NOT suddenly fall off of his greasy face, nor will his double-chin magically disappear.  In the end, Dark OverTurd or whatever his laughable avatar is, will be a mere footnote in (current) history. 

Now imagine how history would have memorialized OverTurd if he had taken the time to go the extra mile and work just a little harder and instead of creating only a cheap (butt)coin magic trick and had developed something truly LEGENDARY...more lethal - a program that infected bank records and IRS records, wiping everyone's slate completely clean. A century from now, whenever the name OverTurd was said aloud, grateful people would pause, genuflect and make the sign of the cross.

turkey george palmer's picture

Lardassian... Chuckle

thanks for that.    

turkey george palmer's picture

Lardassian... Chuckle

thanks for that.    

oncemore's picture

A nice script, a nice psyop from spy agencies in US.

Dickweed Wang's picture

WTF??  Hasn't any of those idiots heard about a "system back-up"??  That's IT management 101 for crying out loud!!  The last place I worked we had a 7 day running back-up for our systems and it was backed up every night.  This should be a no-brainer . . .

Ident 7777 economy's picture

 

 

Well, smarty, upgrade to Win 10 and THIS is not a problem.

IOW, Win 10 NOT AFFECTED.

 

Didn't you get the message?

truthordare's picture

Does anybody atually believe this shit?

Who stands to gain?

Perhaps Governments need to stop all encryption and outlaw Bitcoin.

Malware my arse.

mary mary's picture

How many times do I have to say this?

Some days, NSA is "Russia".  Some days, NSA is "Seventeen Security Agencies".  Some days, NSA is "Captain Kirk of the Starship Enterprise".  Some days, NSA is "Ransomware and Frankenstein, How May I Help You?"

Multiple personalities.  Schizophrenia.  Watch your MOVIES!  Depends on which pill NSA takes.  Sometimes NSA takes the wrong pill.  Turns its hair red.  How you tell.  3d-glasses help.

arby63's picture

Show me the damage. I don't believe shit anymore. Nada.

I Write Code's picture

What's a Europol?  Some kind of police auxiliary?  What do they know about it?

It's Europe Jake, and it's almost summer, nobody will be working until September anyway.

Aireannpure's picture

Hack the central banks, destoy all the data, problem solved. Me thinks the hackers are just getting "worm"ed up. Reset now.

ctrent33's picture

Is this how the jews will trigger the global finacial collapse?

Truth makes u free analyst's picture

What makes some commenters feel untrackable "because they don't carry a smartphone"? The machine will be able to triangulate you directly, or most of your relatives and kids smartphones, which also will define you. Even probably redflag you as a "dormant" or intermitent relation.

We are all linked, to a very high degree, and past data remains recorded forever. And what the machine cannot access through public data or cameras... your niece will upload to facebook.

The day that The Machine stumbles accross the killer app it will have the database full of our data, which we will not be able to access, let alone delete.

Including this.

Ident 7777 economy's picture

"We are all linked,"

 

YOU were "linked" back in the 1990's, you just didn't know it. In the cellular system switch at the MTSO your phone location as to cell and sector # WERE KNOWN any time your phone was on via "peridic registration."

 

HOW do you think they knew how to ROUTE A CALL TO YOU out there?

 

Wahooo's picture

It's time we put down the computers and got back to living. Let the viruses live on!

Hongcha's picture

What's the old DOS command?  {FORMAT}c:\*.*

Berspankme's picture

Seen a couple of the little piggies talking about the"kill switch" for internet. Must be planning a new heist of the people's money.

Berspankme's picture

Would be funny if one of these hackers distributed a virus purely on kiddie porn sites. Wonder how many .gov employees lose their computer?

az_patriot's picture

"I am worried about how the numbers will continue to grow when people go to work and turn their machines on Monday morning."

What a load of shit. What is this, 1995 all over again?  Most computers in business and corporate environments are left running 24/7 so they receive updates and are properly serviced by IT departments.  Also, IT departments usually work weekends, especially if there are issues.  The "news" article is retarded.

Mr Perspective's picture

"ransomware, which locks the computer files and displays a message saying that the files will be locked and eventually destroyed unless the user sends payment over the internet to the hacker."

"having tipped their hand on Friday, and allowing hacking countermeasures to be implemented"

Huh? didn't you just say their computers are locked? How did you distribute these "countermeasures"? 

Will Malware Tech, the anonymous twenty-something hero of the story get a medal? Yesterday he was estimating the number of infected computers. He must be fucking brilliant!  HOW DOES HE KNOW THIS?

"victims have already paid about $30,000 in ransom so far" HOW DO YOU KNOW THIS FOR CHRISSAKE?

How stupid or arrogant can you be to come up with this kind of hoax?  Then thumb your noses at everyone by showing pictures of the ransomware screen that reads IN ENGLISH all the bullshit instructions about your little game on a GERMAN computer. Yesterday it was pictures on an ITALIAN computer. IN ENGLISH. Guess ther's a lot of non english reading people who are scratching their heads right now huh?

Not bright folks. Not the best false flag they've ever produced. 

"Long ago, the Tavistock Institute discovered man’s breaking point, which will be fully exploited on what is left of humanity: our boiling point comes when nothing works or makes sense."

Ident 7777 economy's picture

"HOW DO YOU KNOW THIS FOR CHRISSAKE?"

 

Uh .. look at the bitcoin chain (of custody)?

funkyfreddy's picture

Anyone know how this is initially getting into companies?

 

The only spreading mechanism anyone is talking about is the smb exploit - so if thats the only mechanism then it means all these companies had internet facing machines with smb ports open?

 

Or are there other mechanisms like the usual dodgy email attachment?

Ident 7777 economy's picture

 

 

e-mail.

 

Then it becomes a worm ... exfiltrates to any PC less than WIn 10 via SMB (file sharing prorocols) once on the company LAN

Duc888's picture

 

 

Um....yea, some bullshit called Windows.

green dragon's picture

what is the best way to test a Cyber weapon? Use the cyber weapon in such a way that you can deny accountability.

The attack sends a clear signal to China and Russia. It will also lead to new government spending in the western world.

WIN WIN for spooks!

Pft's picture

Follow the money. Who benefits?. Microsoft (upgrades), Bitcoin, Russian Hawks, anti-Ransomware companies.

US is absolved since their Vault 7 was stolen and can be used by anyone and curiously few reports of infection in US (unlike China and Russia and the UK which supposedly helped expose Trumps Russia connections). And of course it happens after Comey is ousted.