Cyberattacks Expected To Spread Monday As Europol Fears Computer Systems Simply Won't Start

Tyler Durden's picture

Update: confirming our earlier report that Monday could get ugly for global computer system, the WSJ writes on Sunday afternoon that Cybersecurity experts are expecting another wave of computer-system attacks that encrypt files and demand ransom to unlock them on Monday, as companies and government agencies are seeking to restore normal operations and figure out the roots of the attack.

The attacks, which made over 200,000 victims in at least 150 countries, affect only computers running Microsoft Corp.’s Windows that haven’t installed the security patch that the company released in March, or the emergency patch it released for older Windows systems over the weekend. The problem is that it can take organizations, especially large ones, a long time to install these patches.


“I think there’s going to be a lot of infections Monday morning,” said Ofer Israeli, chief executive of Tel Aviv-based cybersecurity firm Illusive Networks.

“Time will tell how quickly people are going to patch their systems.” If the answer is "not fast enough", what started off as a modest crippling of global Windows-based system, could become a full-blown global paralysis.

* * *


There was a silver lining in what has been dubbed the "world's biggest ransomware attack" - it struck on Friday mid-afternoon (in Europe), just as businesses were winding down for the weekend, and as a result the full impact of the forced system shutdowns would not be fully felt over the weekend when businesses and infrastructure are generally operating at a subdued pace. However, with the weekend coming to a close, the full extent of the inflicted damage may become apparent in just a few hours.

That was the warning by Europol Executive Director Rob Wainwright who on ITV’s “Peston on Sunday” broadcast, said that additional disruptions are likely as people return to work Monday and turn on their desktop systems, and as a result the "unrivaled" global cyberattack is poised to continue claiming victims.

Speaking to ITV’s, Wainwright added the attack was indiscriminate across the private and public sectors.

At the moment we are in the face of an escalating threat, the numbers are going up, I am worried about how the numbers will continue to grow when people go to work and turn their machines on Monday morning."

“The latest count is over 200,000 victims in at least 150 countries. Many of those will be businesses including large corporations.”

“We’ve seen the rise of ransomware becoming the principal threat, I think, but this is something we haven’t seen before -- the global reach is unprecedented,” Wainwright also said. He also said that organisations across the globe, including investigators from the National Crime Agency (NCA), are now working non-stop to hunt down those responsible for the ransomware.

As we reported on Saturday, the initial attack was halted when a security researcher disabled a key mechanism used by the worm to spread, but experts said the hackers were likely to mount a second attack because so many users of personal computers with Microsoft operating systems couldn’t or didn’t download a security patch released in March that Microsoft had labeled “critical.” Microsoft said in a blog post Saturday that it was taking the “highly unusual“ step of providing the patch for older versions of Windows it was otherwise no longer supporting, including Windows XP and Windows Server 2003.


As the WSJ confirms, the attacks could worsen on Monday morning because of how the virus works.

The virus contains two parts. One is the ransomware, which locks the computer files and displays a message saying that the files will be locked and eventually destroyed unless the user sends payment over the internet to the hacker.


The other part is known as the "spreader." Once the virus makes its way onto one computer--perhaps when a user opens an infected email attachment--the spreader transmits itself to other computers on the network.


The British researcher, who wishes to be identified only as MalwareTech, found a kill switch in the spreader. The spreader was designed to contact a web address to see whether it should further spread itself, but hackers hadn't bought that web address. So MalwareTech did, and effectively stopped the virus's spread. It meant that one computer in a network could be infected, but the worm wouldn't spread to the rest of the network.


Cybersecurity experts expect the latest versions of the worm to have no kill switch for the spreader. So when workers return to the office Monday morning and turn on their computers, they might open an infected email attachment or connect an already-infected laptop to their organization's non-security-patched network and spread the worm.

There was some good news: having tipped their hand on Friday, and allowing hacking countermeasures to be implemented, about 97% of U.K. facilities and doctors disabled by the attack were back to normal operation, Home Secretary Amber Rudd said Saturday after a government meeting. As reported on Friday, at the height of the attack Friday and early Saturday, 48 organizations in the NHS were affected, and hospitals in London, North West England and Central England urged people with non-emergency conditions to stay away as technicians tried to stop the spread of the malicious software.

“There will be lessons to learn from what appears to be the biggest criminal cyber-attack in history,” Rudd said cited by Bloomberg in response to a letter from Jonathan Ashworth, the shadow secretary of state for health.

Meanwhile, according to Tom Robinson, chief operating officer and co-founder of Elliptic Enterprises Ltd., a ransomware consultant that works with banks and companies, victims have already paid about $30,000 in ransom so far, with the total expected to rise substantially next week, said . Robinson, in an interview by email, said he calculated the total based on payments tracked to Bitcoin addresses specified in the ransom demands. The number, which is likely a conservative estimate, will only embolden the hackers to become even more aggressive in their next attack.

Ransomware is a particularly stubborn problem because victims are often tricked into allowing the malicious software to run on their computers, and the encryption happens too fast for security software to catch it. Some security expects calculate that ransomware may bring in as much as $1 billion a year in revenue for the attackers.

According to Bloomberg, last year an acute-care hospital in Hollywood paid $17,000 in bitcoin to an extortionist who hijacked its computer systems and forced doctors and staff to revert to pen and paper for record-keeping.

On one hand, it is probable that the weekend gave many companies the opportunity to prepare for the next ransomware attack: "While any sized company could be vulnerable, many large organizations with robust security departments would have prioritized the update that Microsoft released in March and wouldn’t be vulnerable to Friday’s attack."

Even so, it does not explain why some of the world's biggest corporations were so strikingly unprepared for Friday's events. 

A spokesman for Spain’s Telefonica SA said the hack affected some employees at its headquarters, but the phone company is attacked frequently and the impact of Friday’s incident wasn’t major. FedEx said it was “experiencing interference,” the Associated Press reported.


Renault halted production at some factories to stop the virus from spreading, a spokesman said Saturday, while Nissan’s U.K. car plant in Sunderland, in northeast England, was affected without causing any major impact on business, an official said.


In Germany, Deutsche Bahn faced “technical disruptions” on electronic displays at train stations, but travel was unaffected, the company said in a statement on its website. Newspaper reports showed images of a ransomware message on display screens blocking train information.


Russia’s Interior Ministry, with oversight of the police forces, said about “1,000 computers were infected,” which it described as less than 1 percent of the total, according to its website.


Indonesia’s government reported two hospitals in Jakarta were affected.

Meanwhile, the latest anti-Russia narrative is growing.

"There is a high probability that Russian-language cybercriminals were behind the attack" said Aleks Gostev, chief cybersecurity expert for Kaspersky Labs. “Ransomware is traditionally their topic,” he said. “The geography of attacks that hit post-Soviet Union most also suggests that.” In retrospect, what more convenient confluence of events could there be than having a handy justification for Q2 GDP missing again - just blame it on the computer virus - and accusing Russia of being responsible for the latest global slowdown.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Haitian Snackout's picture

6 letter anagrams for Windows......Disown & Widows    "  Lookin good Billy Ray! "

HoserF16's picture

All kidding aside, this could be the excuse "They" need to launch their "Banking Holiday..." Hegalian Dialectic at work here.

ThunderStruck's picture

Here's the permanent solution to shit like this. Track them down, send in the hit squad, break the door down and shoot them all right between the eyes where they sit. Problem solved. Take pictures, post them on the internet and ask, who's fucking next?

hutnela's picture

The reason it doesnt happen that way is because "they" tend to have a problem tracking down the right people 100% of the time. Then Mr. and Mrs. John q Innocent sit down to Sunday dinner and get their brains splattered all over the good china. I get where you're coming from, but due process is (was until NDAA) a constitutional right so we can make sure we catch and punish the right person.

pine_marten's picture

Are they blaming the Russians yet?

pine_marten's picture

If they figure out how to queer Android there will be trouble.

smacker's picture

Most of the articles about this viral worm suggest that people will become infected with it simply by turning on their computers. This would only happen to those on an internal LAN where one of the PCs is already infected. The WSJ chart clearly says that initial infection is via an e-mail which either has a document attached to it or far more likely a fake URL to click.

I'm surprised it isn't spread by an auto-executed script inside the e-mail which will do its work just by opening it.

Nevertheless, anybody who clicks on dodgy Links in an e-mail from someone they don't know is asking for trouble.

ToSoft4Truth's picture

Wow.  Never thought I'd be so lucky to see the Melt Down.


We are special. 

Omega_Man's picture

attack shit coin

Yen Cross's picture

 My RIG is ready for  puny assclown cyber snowflakes!  Bring it bitchez, and you're going to get tracked, with or without encryption.

jabhagsb's picture

I can already hear politcians calling to ban bitcoin

ToSoft4Truth's picture

Where are the NSA Tools?  Don't you guys want in? 



Kprime's picture

My ole Kaypro lugable, with dos 5.0 and a 14.4K modem will have them crying in their beer by the time they get connected to use their hidden virus.  Can they run in 64K of ram?

Borg, "You will be assimilated"

Me, "take my Kaypro,"  A:\moveshit to B:\, reading, reading, reading, reading, writing, writing......

Borg, "oh hell no, get the fuck off our ship"

ZH FNG's picture

Great post K!

I actually had a Kaypro 2 in the early 80s. Loved how they marketed it as a "portable" simply because it had a handle. Had nothing to do with the size or weight. (-:



Avichi's picture

All ready HAVE MY POP CORN AND SODA T-3 hours, hope these Europeans start work around 9:00AM local time , you know they are socialist .

Linglishboy's picture

you must be 300 pounds after eating all that popcorn for 3 years for nothing

Linglishboy's picture

you must be 300 pounds after eating all that popcorn for 10 years for nothing

Avichi's picture

....Love it all the retail trader are screwed by the time they start their trading platform, Hmmm what is it SHORT EURO OR SHORT YEN?

Avichi's picture

Looks like few people are not looking at the BIG PICTURE, Check what is going on in the "New Silk Road" and the sharade by CHINA saying they will invet few Billion dollars, they fully know that it is a SHAM,they know they could use the "BITCOIN" as a mechanism to syphone out the gravvy...start thinking the dynamics....of the nations supporting and not supporting, you will get the idea.

Avichi's picture


esum's picture

I thought the $11 fix ended this ...???

Perhaps congress needs to get some NSA people to "splain this"
Of course no heads will roll cause D.C. Is one big circle jerk...

they should track down the preps and leave them in the gutter face down...

francis scott falseflag's picture





az_patriot's picture

This is SUCH bullshit.  What is this, 1995 all over again?  Most computers in business and corporate environments are left running 24/7 so they receive updates and are properly serviced by IT departments.  Also, IT departments usually work weekends, especially if there are issues.  The "news" article is retarded.

Xena fobe's picture

The graphic also is misleading.  This is not a phishing attack. 

Twee Surgeon's picture

 I wonder if this could turn into a Negligence Class action Law suit for Microsoft ? If Ford or Chevy built and sold cars but refused to build replacement brake Pads, they would be Sued into the history books.

Microsoft built and sold all this gear, my old XP laptop was fucking great, now it's sitting in a stack in the closet with some other dead gear, I might need it for a doorstop if it gets breezy.

They sold the stuff and it was purchased in good faith. They should be obligated to back up their shit, not just say, OOps, We are making some new stuff and you might as well shitcan all that stuff you spent thousands of dollars on because we can not be bothered maintaining a small team to update to now, for as long as possible.

It is just Blackmail basically, the NSA needs to know all your stuff so we have got to fuck you and we need to sell some new shit to keep the Wall Streetys interested.

Abbie Normal's picture

WinXP was replaced in 2004 with Vista.  Using your car analogy, try walking into any dealership and demand warranty work on your 13-year old car.

onmail1's picture

US govt forced Microsoft (& others) to have backdoors
so that CabalA$$lickerObamma could fckk u any time

the time has come

Megaton Jim's picture

Anyone want to bet that the attacks are from Israel?!?

KuriousKat's picture

“Working through our Microsoft Threat Intelligence Center (MSTIC) and Digital Crimes Unit, we’ll also share what we learn with law enforcement agencies, governments, and other customers around the world,” Smith wrote.


Go away you shared too much already!

Herdee's picture

One of the biggest threats to society is today's cybersecurity as mentioned by James Rickards. IF in the future it hits hard on the electrical grid , banks,  ATM's, gas stations and grocery stores it will create panic in society, so watchout. Remember one thing, people say "I got money in the stock market, my money is with so and so", Jim says " No you don't you own digital electrons." You have electronic digits that aren't even in your name and most likely today to be in a corrupt banking system that only has a derivative of the actual security.What will happen to you if there's a global reset in the monetary sytem and there's a "Bail-In?" Same thing, you'll be locked out of your digital access and dependant on a group of lazy ass government workers who serve corrupt politicians who will take all your digital assets and give you a useless longterm government bond. We'll pay you back later when we fucking feel like it. Just like they did when they confiscated American's gold, you'll get shafted by your so-called federal buddies in Washington,D.C. who are nothing but useless teets on a boar who suck tax money off of your cheque every two weeks.

Manipuflation's picture

Good thing I was too busy riding motorcycle.  I rode today with someone I have ridden with before and scored some weed.  There you go.  You can't beat that.  I didn't even smoke any yet but I will my brothers and sisters. 

I met someone later whom I helped fix his bike.  Didn't charge him.

You see, it is a lifestyle. 

Sure as fuck ain't Wall Street.

I am going to go smoke up some of that dope now. :-)  God bless all of you.  You know that I am on your side.

Deep In Vocal Euphoria's picture

heard it was weapons of mass destruction back then. now it's hackers.


more security less freedom....the world is going into darkness

Deep In Vocal Euphoria's picture

What will they install for us this time? First it was patriot act then TSA NSA DHS.....sigh....i see only darkness in the future

Truthseeker20's picture

False flag againat bitcoin. A true theeat to dollar and any other fiat currency.

Drop out's picture

Oh, I guess the US government should have an internet killswitch after all! /s

Manipuflation's picture

Wait a minute.  I think smoking weed in Minnesota is illegal.  That will stop me...........   Hey state, take your laws and shove them up your ass.  What are you statist fucks going to do about it?   I don't know that guys name.  I really don't.  

Damned right my ZH brethren.

bshirley1968's picture

We could say it was Apple since only MS was infected.  Just as good as any conspiracy out there. 

Anyone else notice how a bunch of these web "security" outfits are headquartered in Israel?   Hmmmm.

ExploitedCitizen's picture


Nothing gonna happen, stock market will rally on Monday.  ATM's will work, banks will keep on stealing your money.  People will keep buying useless junk they don't need.  Another day, more useless fear.

Manipuflation's picture

Since marijuana is such a "gateway" drug then why am I not rushing to smoke up?  I do want to get high but maybe tomorrow?  I smoked one hit in 2017 because you don't want to get out of of control.  I smoked one hit in 2016 because I was obviously out of control.  

I have a drug abuse problem though, I am sure, according the state.  I am sure they have a "solution".  

I am always the asshole.

hoytmonger's picture

It's currently 1:15 am EDT here.


When's this shit going to happen?

Avichi's picture

...Ahhh cannot wait for the DUD to fall in T-150 minutes  from now..FAKE NEWS" HEADLINE FROM TOMMOROW:









Twee Surgeon's picture

Very big letters to draw attention to your comment, that is some sophisticated stuff you have going on, can I use your method or did you get a Patent on that ?

Montana Cowboy's picture

You got to wonder if this is a bankster attack on BTC. If this virus shuts the web down, everyone will be taught a lesson in BTC vulnerabilities. Such atrocities could never happen to real money issued by central banks. Then there is the ransom demanded in BTC - a good reason to assert that standard package of terrorist crap and push to shut down BTC. They gain two shutdown approaches with one false flag event. And who was it again that developed this virus and had it stolen from them? Hmmmm.

pump and dump's picture

This why I use linux. And its free. I like free.

Debugas's picture

no problems here on monday

they should watch less pr0n at europol