Cyberattacks Expected To Spread Monday As Europol Fears Computer Systems Simply Won't Start

Tyler Durden's picture

Update: confirming our earlier report that Monday could get ugly for global computer system, the WSJ writes on Sunday afternoon that Cybersecurity experts are expecting another wave of computer-system attacks that encrypt files and demand ransom to unlock them on Monday, as companies and government agencies are seeking to restore normal operations and figure out the roots of the attack.

The attacks, which made over 200,000 victims in at least 150 countries, affect only computers running Microsoft Corp.’s Windows that haven’t installed the security patch that the company released in March, or the emergency patch it released for older Windows systems over the weekend. The problem is that it can take organizations, especially large ones, a long time to install these patches.

 

“I think there’s going to be a lot of infections Monday morning,” said Ofer Israeli, chief executive of Tel Aviv-based cybersecurity firm Illusive Networks.

“Time will tell how quickly people are going to patch their systems.” If the answer is "not fast enough", what started off as a modest crippling of global Windows-based system, could become a full-blown global paralysis.

* * *

Earlier

There was a silver lining in what has been dubbed the "world's biggest ransomware attack" - it struck on Friday mid-afternoon (in Europe), just as businesses were winding down for the weekend, and as a result the full impact of the forced system shutdowns would not be fully felt over the weekend when businesses and infrastructure are generally operating at a subdued pace. However, with the weekend coming to a close, the full extent of the inflicted damage may become apparent in just a few hours.

That was the warning by Europol Executive Director Rob Wainwright who on ITV’s “Peston on Sunday” broadcast, said that additional disruptions are likely as people return to work Monday and turn on their desktop systems, and as a result the "unrivaled" global cyberattack is poised to continue claiming victims.

Speaking to ITV’s, Wainwright added the attack was indiscriminate across the private and public sectors.

At the moment we are in the face of an escalating threat, the numbers are going up, I am worried about how the numbers will continue to grow when people go to work and turn their machines on Monday morning."

“The latest count is over 200,000 victims in at least 150 countries. Many of those will be businesses including large corporations.”

“We’ve seen the rise of ransomware becoming the principal threat, I think, but this is something we haven’t seen before -- the global reach is unprecedented,” Wainwright also said. He also said that organisations across the globe, including investigators from the National Crime Agency (NCA), are now working non-stop to hunt down those responsible for the ransomware.

As we reported on Saturday, the initial attack was halted when a security researcher disabled a key mechanism used by the worm to spread, but experts said the hackers were likely to mount a second attack because so many users of personal computers with Microsoft operating systems couldn’t or didn’t download a security patch released in March that Microsoft had labeled “critical.” Microsoft said in a blog post Saturday that it was taking the “highly unusual“ step of providing the patch for older versions of Windows it was otherwise no longer supporting, including Windows XP and Windows Server 2003.

 

As the WSJ confirms, the attacks could worsen on Monday morning because of how the virus works.

The virus contains two parts. One is the ransomware, which locks the computer files and displays a message saying that the files will be locked and eventually destroyed unless the user sends payment over the internet to the hacker.

 

The other part is known as the "spreader." Once the virus makes its way onto one computer--perhaps when a user opens an infected email attachment--the spreader transmits itself to other computers on the network.

 

The British researcher, who wishes to be identified only as MalwareTech, found a kill switch in the spreader. The spreader was designed to contact a web address to see whether it should further spread itself, but hackers hadn't bought that web address. So MalwareTech did, and effectively stopped the virus's spread. It meant that one computer in a network could be infected, but the worm wouldn't spread to the rest of the network.

 

Cybersecurity experts expect the latest versions of the worm to have no kill switch for the spreader. So when workers return to the office Monday morning and turn on their computers, they might open an infected email attachment or connect an already-infected laptop to their organization's non-security-patched network and spread the worm.

There was some good news: having tipped their hand on Friday, and allowing hacking countermeasures to be implemented, about 97% of U.K. facilities and doctors disabled by the attack were back to normal operation, Home Secretary Amber Rudd said Saturday after a government meeting. As reported on Friday, at the height of the attack Friday and early Saturday, 48 organizations in the NHS were affected, and hospitals in London, North West England and Central England urged people with non-emergency conditions to stay away as technicians tried to stop the spread of the malicious software.

“There will be lessons to learn from what appears to be the biggest criminal cyber-attack in history,” Rudd said cited by Bloomberg in response to a letter from Jonathan Ashworth, the shadow secretary of state for health.

Meanwhile, according to Tom Robinson, chief operating officer and co-founder of Elliptic Enterprises Ltd., a ransomware consultant that works with banks and companies, victims have already paid about $30,000 in ransom so far, with the total expected to rise substantially next week, said . Robinson, in an interview by email, said he calculated the total based on payments tracked to Bitcoin addresses specified in the ransom demands. The number, which is likely a conservative estimate, will only embolden the hackers to become even more aggressive in their next attack.

Ransomware is a particularly stubborn problem because victims are often tricked into allowing the malicious software to run on their computers, and the encryption happens too fast for security software to catch it. Some security expects calculate that ransomware may bring in as much as $1 billion a year in revenue for the attackers.

According to Bloomberg, last year an acute-care hospital in Hollywood paid $17,000 in bitcoin to an extortionist who hijacked its computer systems and forced doctors and staff to revert to pen and paper for record-keeping.

On one hand, it is probable that the weekend gave many companies the opportunity to prepare for the next ransomware attack: "While any sized company could be vulnerable, many large organizations with robust security departments would have prioritized the update that Microsoft released in March and wouldn’t be vulnerable to Friday’s attack."

Even so, it does not explain why some of the world's biggest corporations were so strikingly unprepared for Friday's events. 

A spokesman for Spain’s Telefonica SA said the hack affected some employees at its headquarters, but the phone company is attacked frequently and the impact of Friday’s incident wasn’t major. FedEx said it was “experiencing interference,” the Associated Press reported.

 

Renault halted production at some factories to stop the virus from spreading, a spokesman said Saturday, while Nissan’s U.K. car plant in Sunderland, in northeast England, was affected without causing any major impact on business, an official said.

 

In Germany, Deutsche Bahn faced “technical disruptions” on electronic displays at train stations, but travel was unaffected, the company said in a statement on its website. Newspaper reports showed images of a ransomware message on display screens blocking train information.

 

Russia’s Interior Ministry, with oversight of the police forces, said about “1,000 computers were infected,” which it described as less than 1 percent of the total, according to its website.

 

Indonesia’s government reported two hospitals in Jakarta were affected.

Meanwhile, the latest anti-Russia narrative is growing.

"There is a high probability that Russian-language cybercriminals were behind the attack" said Aleks Gostev, chief cybersecurity expert for Kaspersky Labs. “Ransomware is traditionally their topic,” he said. “The geography of attacks that hit post-Soviet Union most also suggests that.” In retrospect, what more convenient confluence of events could there be than having a handy justification for Q2 GDP missing again - just blame it on the computer virus - and accusing Russia of being responsible for the latest global slowdown.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
mary mary's picture

Skynetsoft: okay, NSA, here's the gazillion dollars, in unmarked tens and twenties bitcoins, WELL DONE!!!!

. . . _ _ _ . . .'s picture

The new Pearl Harbour.

Ident 7777 economy's picture

 

 

ONLY if you're stuck at Xp or 7 ...

 

 

Lost in translation's picture

Hoping when I arrive at the work site tomorrow our server is infected and I can go home.

Ident 7777 economy's picture

Are you running Windows 10 at work?

 

Or, don't you know?

Joebloinvestor's picture

Just like the nasty shit that escapes Dugway lab on occasion and kills herds of sheep.

 

Or the CDC.

milking institute's picture

To who ever initiated this little adventure,you better hope the Russians don't find you first before everybody else.  this is what happens to people that step on their interests: They,their families and ANY associates will.......well,not going to spoil the surprise for you except to inform you,THERE WILL BE NO TRIAL! lol   enjoy the rest of your day......

Volkodav's picture

     be sure busy looking....

     Russians honeybadgers this subject

Lost in translation's picture

I don't like "Inter"-anything.

To me, Interpol going away can only be characterized as a win.

Manic by Proxy's picture

Ergo, you don't like intercourse. Check.

Robert Trip's picture

It's payback time for all of the lazy fuckers who sit on their ass all day staring into various screens and imagining they are actually doing something useful.

Geeks have ruined our planet with their "tech' with the common denominator of their kind being they are all first class assholes.

Fuck all of you.

Cheers

Robert.

mary mary's picture

What?  Calling ME lazy?  Because I don't see anybody elseerrrrrrrrrrrrrrrrrrrzzzzgorp.2#*JMOOhelp***youreallydonthavetodothisdaveXNR...................:-)

SantaClaws's picture

I remember in the 1980s the greatest fear was someone sending you an unwanted fax.  Those were the days.

Trump apparently remembers those days, too.  He has said he distrusts computers and prefers couriers to email.   https://www.cnet.com/news/donald-trump-no-computer-is-safe-use-courier-r...     The only danger from couriers in NYC back then was that they had a bad habit of running into pedestrians at high speed.

any_mouse's picture

EuroPol? In addition to Interpol? And national police forces?

Moar police!!!

[In WDC take note of how many "police" entities patrol DC. My experience was in late 70's to early 80s. It must be many times worse today. Add in PMC for bonus points.]

It's simple fix, made complicated only by MSFT's regedit.

Lock down ports 139 and 445. Unless you need to share everything on your XP PC with the world.

The specific ransomware cannot spread any further over the internet.

https://m.theregister.co.uk/2017/05/13/wannacrypt_ransomware_worm/

"Fortunately, a kill switch was included in the code. When it detects that a particular web domain exists, it stops further infections. That domain was created earlier today by a UK infosec bod, who spotted the dot-com in the reverse-engineered binary; that registration was detected by the ransomware, which immediately halted its worldwide spread."

Ident 7777 economy's picture

 

 

Have ANY of you geniuses NOTICED that this did not affect Windows 10?

 

Anybody?

 

Bueller?

 

 

WannaCrypt ransomware worm targets out-of-date systems

 

https://blogs.technet.microsoft.com/mmpc/2017/05/12/wannacrypt-ransomwar...

 

"Windows 10 PCs are not affected by this "

 

 

 

Ident 7777 economy's picture

AND 7 AND server 2008

 

It affects earlier SMB versiona ... jeez. Don't you read? 

 

 

RICKYBIRD's picture

I've told you before that Microsoft put out a "patch" for this problem last March. Windows 7 users who upgrade their free MS Security software were protected. There are upgrades daily.

Ident 7777 economy's picture

Not everyone has "updates" turned on, sonny. 

Twee Surgeon's picture

We pick our Updates carefully as many of them will Upgrade your ass to Windows 10 when you need it even less than you did yesterday.

It is a crying shame that the Monopoly can just use you like a doormat. Long, Rope Mfg's.

Volkodav's picture

    GW Control Panel 

    here it running W7  no problem

    get Kaspersky 

    Yandex search

 

    looks XP and non legit copies most problem

 

    master that help our law office systems

    uses self version stripped vista never a problem

    (degrees math and physics)

Volkodav's picture

    GW Control Panel   for block W10

Mother Fletcher's picture

Knock off your goddamned shilling for that piece of shit spyware OS!

Cordeezy's picture

Has anyone paid a ransom? Does the virus auto unencrypt every thing ?

www.escapeamazon.com

Able Ape's picture

Will it fry my 8" floppy drive?... Should I upgrade to 5-1/4 inch drives?...

Surveyor4Pres's picture

Nah.  Don't want a virus or malware?  Okay, just DON'T CONNECT TO THE INTERNET!

Ident 7777 economy's picture

 

 

YOU don't remember DOS boot sector viri do you .. 

Surveyor4Pres's picture

I was running the PC lab that had 20+ IBM PC's and 20+ Apple II's at a college in 1983.  I was also writing Assembly-language graphics engines for the Apple II at that time, and creating my own video games.

Perhaps you were doing things that you weren't supposed to be doing at that time.  Me, I was trying to make some $$$.

Ident 7777 economy's picture

Then WHY did I have to remind you about DOS boot sector viri?

 

We ran TI 990 minicomputers (to be replaced later by DEC VAXs) on our site talking to the CIC (Corporate Information Center) IBM 370's via SNA in the 80's ... the PCs with their limited capabiliuty came later. So there.

ANd I'll bet I cruiched out more TI960 (used for machine control) and Z80 code (real-time data receiver app) in asembly then any 10 S/W engineers today. So there again. AND I was not sorry to see my Xerox 820 (ran CP/M) with dual 8" floppies go to the dump eirther ...  

 

 

 

 

 

just the tip's picture

that was a very authentic movie.  jurgen prochnow gave a tremendous performance.

Twee Surgeon's picture

Watching it in German and reading the sub-titles is a gripping trip of a movie.

ParaZite's picture

Still working in the US Nuclear command, eh? 

The 8" floppy gave it away. 

 

hutnela's picture

My reel-to-reel system was comprimised, damn those hackers, I had at leadt 600k of info backed up on there.

Duc888's picture

Windoze............hahahahahahahahahahahaha

Ident 7777 economy's picture

No.

 

ANYTHING older than WIn 10.

 

Geez 

RICKYBIRD's picture

You keep spreading this complete BS. Please stop.

Ident 7777 economy's picture

 

Dope - It's NOT BS if its true.

 

Go read the f'king story moron.

 

 

Dilluminati's picture

So I finished up this weekend, and here was the irony in all of this.  I ""BELIEVE"" that the android upgrade is breaking tethering on Samsung phones.  Here is the reason why I say this.  

https://www.google.com/#q=USB+icon+missing+phone+android+media+device

So I'm rebuilding this weekend and it's a focking ODESSEY of epic junk, bad information, just BS trying to tether a phone which I have done since 2013 and then before that on a motorolla since 2010.  I have used Intellij to debug up against Android, used Googles tools etc..

I use the tethering infrequently however on long trips I allow the spouse to drive and I'm on Shredder chess, reading drudge, with a laptop.  Looks like Lollipop screwed the entire cellphone community up.  So not only did I have to rebuild the laptop but I probably have to reset my phone as well.  Running Kali and not tethering just sin't right.  But yeah I'll get in a traffic jam and spouse be driving and there Im at with Kali, tethered, on the internet.

My point is this, that the hackers didn't need to break anything, the large tech companies are doing fine by themselves.

idontcare's picture

Lollipop has had me tearing my hair out everytime they update the damn thing.  

Dilluminati's picture

Tap 7 times.. developer mode...  

It might be cable for me.

But yeah letting google off the hook and holding MSFT to light just seemed unfair.

 

Surveyor4Pres's picture

Ah, the distractions continue.  Well I guess the NK nuke situation wasn't distraction enough.  Now this.

Funny that the fact that this current crisis is the making of our own NSA will soon be overlooked, just as the actual content of the WikiLeaked Hillary Clinton material is covered over and forgotten about by the Commie-MSM, because TRUMP!  RUSSIA!  LOOK OVER HERE YOU IDIOTS!

After Binge-watching all 7 seasons of The Walking Dead, I've finally come to this horrifying conclusion:

The writers of The Walking Dead have effectively related to the viewer that Negan, who demands HALF OF ALL YOUR STUFF, else he kills you and your group, is equalled only by our own Federal and State governments that also demand half of all of your stuff, else they end you financially or throw you in jail, or maybe just take away your children.

Negan = Full Government Tyranny.  We truly are The Walking Dead.

Ident 7777 economy's picture

 

 

WHAT do you estimate is the existing Win Xp user base?

 

Win 7? (Not upgraded to 10)

 

So, in the US this could be quite inconsequenctial ...

 

 

Surveyor4Pres's picture

Does your pinky finger have a twitch?  Seems as though you like to hit the Enter key way too many times per sentence.

And I did not stutter:  The US government along with state and local governments, now take over 50% of everything you EARN.  That makes them NEGAN.

Ident 7777 economy's picture

 

 

. . . . . "WHITESPACE is your friend."

 

 

RICKYBIRD's picture

Please read the article with "Wannacry" in the title which is two articles below this one. BTW, your preference for Windows 10 makes the NSA, CIA, etc. very happy because they built "backdoors" into it. Who knows if the hackers don't already have them already too?

Ident 7777 economy's picture

STRAIGHT from the MS website, Cockybird - I'll take their word over some 'article':

--------------------------------

Customers who are running supported versions of the operating system (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows 10, Windows Server 2012 R2, Windows Server 2016) will have received the security update MS17-010 in March. If customers have automatic updates enabled or have installed the update, they are protected. For other customers, we encourage them to install the update as soon as possible.

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-fo...

 

English language security updates: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, Windows 8 x64

 

 

HoserF16's picture

Silver to Da Moon tomorrow...

hutnela's picture

Isn't Friday afternoon a dead give away that this was a .gov job? Thats usually when they like to execute their command and control propaganda protocols. Russia was hit the hardest, I doubt they did it to them selves, but I could be proven wrong by way of a patsy... then again maybe I'm just paranoid of everything govt.