New Variant Of "WannaCry" Virus Emerges Infecting 3,600 Computers Per Hour

Tyler Durden's picture

Update: according to the latest data from Check Point Software, cited by Reuters, a new variant of the WannaCry ransomware is now infecting on average 3,600 computers per hour.

* * *

Governments and companies around the world began to gain the upper hand against the first wave of the unrivaled global cyberattack this morning.

More than 200,000 computers in at least 150 countries have so far been infected, according to Europol, the European Union’s law enforcement agency. The U.K.’s National Cyber Security Centre said new cases of so-called ransomware are possible “at a significant scale.”

 

"For now, it does not look like the number of infected computers is increasing," said a Europol spokesman. "We will get a decryption tool eventually, but for the moment, it’s still a live threat and we’re still in disaster recovery mode."

The initial attack was stifled when a security researcher disabled a key mechanism used by the worm to spread, but experts warned the hackers were likely to mount a second attack because so many users of personal computers with Microsoft operating systems couldn’t or didn’t download a security patch released in March that Microsoft had labeled “critical.”

“I will confess that I was unaware registering the domain would stop the malware until after I registered it, so initially it was accidental,” wrote the researcher, who uses the Twitter name @MalwareTechBlog.

 

“So long as the domain isn’t revoked, this particular strain will no longer cause harm, but patch your systems ASAP as they will try again.”

But the world is still digging out...

Europol executive director Rob Wainwright told Britain's ITV television on Sunday that the attack had been "unprecedented". "We've never seen anything like this," he said.

 

In China, "hundreds of thousands" of computers were affected, including petrol stations, cash machines and universities, according to Qihoo 360, one of China's largest providers of antivirus software. The malware affected computers at “several” unspecified Chinese government departments, the country’s Cyberspace Administration said on its WeChat blog Monday. Since that initial attack, agencies and companies from the police to banks and communications firms have put preventive measures in place, while Qihoo 360 Technology Co., Tencent Holdings Ltd. and other cybersecurity firms have begun making protection tools available, the internet overseer said.

 

French carmaker Renault said its Douai plant, one of its biggest sites in France employing 5,500 people, would be shut on Monday as systems were upgraded.

 

At Germany’s national Deutsche Bahn railroad, workers were laboring under "high pressure" Monday to repair remaining glitches with train stations’ electronic departure boards, a spokesman said.

 

In Japan, Hitachi Ltd. said that some of its computers had been affected.

 

In South Korea, CJ CGV Co., the country’s largest cinema chain, said advertising servers and displays at film theaters were hit by ransomware. Movie servers weren’t affected and are running as normal, it said in a text message Monday.

 

Indonesia’s government reported two hospitals in Jakarta were affected.

 

About 97 percent of U.K. facilities and doctors disabled by the attack were back to normal operation, Home Secretary Amber Rudd said Saturday after a government meeting. At the height of the attack Friday and early Saturday, 48 organizations in the NHS were affected, and hospitals in London, North West England and Central England urged people with non-emergency conditions to stay away as technicians tried to stop the spread of the malicious software.

As Microsoft's president and chief legal officer, Brad Smith, said in a blog post Sunday:

"An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen," Smith wrote.

 

"The governments of the world should treat this attack as a wake up call."

And waking up they seem to be...(as Axios notes)

President Trump's homeland security adviser, Tom Bossert, said that Friday's global cyberattack is something that "for right now, we've got under control" in the U.S., reports AP:

 

"Bossert tells ABC's 'Good Morning America' that the malware is an "extremely serious threat" that could inspire copycat attacks. But Microsoft's security patch released in March should protect U.S. networks for those who install it."

 

"Micrsoft's top lawyer has criticized U.S. intelligence for 'stockpiling' software code that can aid hackers. Cybersecurity experts say the unknown hackers behind the latest attacks used a vulnerability exposed in U.S. government documents leaked online."

 

"Bossert said 'criminals' are responsible, not the U.S. government. Bossert says the U.S. hasn't ruled out involvement by a foreign government, but that the recent ransom demands suggest a criminal network."

However, new variants of the rapidly replicating malware were discovered Sunday. One did not include the so-called kill switch that allowed researchers to interrupt the malware's spread Friday by diverting it to a dead end on the internet.

As Bloomberg reports that Matt Suiche, founder of United Arab Emirates-based cyber security firm Comae Technologies warns a new version of the ransomware may have also been spreading over the weekend.

About 50% of machines that would have spread the infection by the second variation of the malware have Russian I.P. addresses, according to Suiche.

Over 40,000 machines appear to have been infected by the second variation of the malware already.

Ryan Kalember, senior vice president at Proofpoint Inc., which helped stop its spread, said the version without a kill switch could spread. It was benign because it contained a flaw that prevented it from taking over computers and demanding ransom to unlock files but other more malicious ones will likely pop up.

"We haven't fully dodged this bullet at all until we're patched against the vulnerability itself," Kalember said.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
bobdobolina's picture

Can't believe that this is all caused because NSA is hoarding these types of exploits. Talk about government overreach! As a citizen I never agreed to any of this, which is why I'm stockpiling and trusting literally NO ONE

Rich Stoehner's picture

This is turning out to be internet AIDS

espirit's picture

 

Odd that Canada and a large portion of China were unaffected.

 

securitized-debt's picture

she was a waitress in a cocktail bar now she owns a jet... http://bit.ly/2jdTzrM

IRC162's picture

IT weaponry is cool, but just wait until USA gets a taste of their own drone technology!  I'm sure they will cry about how unfair it is for others to employ such "tools", being the world's unelected police force and all...

jcaz's picture

Oh, if Homeland Security says they've got it covered, then it's all good......  BUWHAHAAHAAAHAHAH!!!!!!!!!!!

hedgeless_horseman's picture

 

I ran a critical systems check this weekend:

  • Body fit to run 6 miles in one hour - check
  • Hand pump on well - check
  • Katadyn pocket water filters are working, clean, and lubricated - check
  • Food storage caches are dry, sealed, free of pests - check
  • Rifles are zeroed at 100 meters - check
  • Rifle plates and carriers inspected and free of damage - check
  • Ham radios, NVGs, Thermals, and portable solar chargers are working- check
  • Teeth floated and hooves trimmed on horses - check
  • Dogs, kids, and wife are mad, bad, and dangerous - check
BuddyEffed's picture

I sure as shit hope this doesn't destabilize any countries or corporations or monetary systems or contribute to or lead to any social disorder.

Instead of Qui Bono, who would be to blame?

What additional measures should be put in place to keep backdoors from destabilizing hospitals, banking, etc?

Should all backdoors be patched out and eliminated?

Maybe this has moved to the point where there is more potential for harm than good.  Maybe there was always more potential for harm than good.

I like my running water and electricity on demand and sewage and garbage pick up and food distribution functional.

pods's picture

As long as they can keep using this to scare people and demonize Russia, they will never work with OS manufacturers to fix all these holes.  Just too much capital to burn for such a lowly purpose as helping us.

pods

Joe Davola's picture

There was flaw recently found which was deemed quite dangerous (https://krebsonsecurity.com/2017/05/emergency-fix-for-windows-anti-malwa...) which was fixed in a very short time.  I can't imagine how they managed to test the fix throughly enough 'over a weekend' to deem it safe (and flaw free) in that short a time span.

a Smudge by any other name's picture

Kinda reinforces my suspicion that "anti virus firms" are a scam. They had how many months since Vault7 was released? Apparently they spent the time playing fooseball and pounding down the Diet Shasta.

11b40's picture

If you had been keeping up with Windows updates, you already had the patch. Malwarebytes premium users are safe, too. Not sure about free versions.
Your point is well taken though. These back doorways should have immediately patched, and there should have been way more publicity about the whole issue.

mdr attitude's picture

Stop sticking your fingers in every internet hole.

You'll be fine then.

a Smudge by any other name's picture

Why would I keep up with Windows updates? I wouldn't let a M$ machine in my shop.

seek's picture

Many AV people by their own admission agree -- AV isn't the way to secure things anymore. Symantec even came out publically three years ago saying so. By definition they will always be behind the threat rather than ahead of it.

Best bet is to not use an OS known for its security problems and sticking to proven software. And not having users that are complete idiots, but this last one is a pipe dream.

Pft's picture

Who do you think creates and distributes these viruses?

jaxville's picture

  I had a ransomware attempt on my business computers.  Came from an American university. I forget which one.

  A businessman I know got hit but he has a separate computer for emails.  Just threw it away. He told me that the ransom message was in English and Russian.  He used google translate to convert the English message to Russian.  It was identical to the ransom demand.  Anyone who knows how translators work would get it. 

Insurrexion's picture

Good question.

1. So, we are to "believe" the random Brit, with a random domain set-up story... or

2. Why-the-fuck wasn't Windows XP Op 'safe' before last Friday? Why no news if it was unsafe?

Perhaps the same page in the same Chaos Manual that nailed Bin Laden on 911 so "quickly."

Inside job Peeps.

Lore's picture

This seems to be another scaremongering false-flaggy hype-fest, preying on public ignorance, like we saw with Pig / Bird / Chicken Flew / Zeka, et cetera. This time, your "vaccination" is the handy-dandy ready-just-in-time Windows Update, which by updating renders your system more vulnerable to cloud-based computing against your will, with all the enhanced potential for central control and privacy-breaching that goes along with it. 

This is GOOD NEWS for Microsoft. Think of the extra money being spent now on hardware upgrades and new user licences. We're talking about the OS rolled out by a company run by a known depopulationist, remember?  This is the online equivalent of HERD MANAGEMENT by the GATE[s] KEEPER. 

Coming soon: WINDOWS "MOOOO" (Mu, 12th letter of the Greek alphabet)

Lumberjack's picture

If it all goes down, I will miss the commentary here, but the good news is that people will have to think for themselves again for a change. Used to be you navigated using a map. If gps goes down millions of folks will be lost. Just make sure you get off the road before them newfangled driverless cars and trucks go bugfuck, same goes for aeroplanes n trains.

N all them tee totalin baptists were worried about y2k!

Countrybunkererd's picture

I like running water and all that too.  But you do realize that this is the FIRST exploit in a potentially very long chain of events courtesy of the NSA.

CheapBastard's picture

As ong as it does not affect EBT cards and Netflix, things will be fine.

Took Red Pill's picture

Just wait until it hits nuclear power plants

new game's picture

so taking score it would seem oil, electricity then networks got humanity by the balls or short hairs.

so let me evaluate: got bike, check. got candles and potted water(well), check. and fuk the net, phone and all the loosers teathered to it. check...

garden planted, check. cash, stash and lead, check. out of the zombie reach, check. neighborhood plan with country folk, check.

so i could give a trillion flying fuks about all this cyber shit. fuk the corporation anyways...

long live the hackers, kudos to them, my kinda people. disrupt the deep state, next, and a special thanks to liberty heros like wikileaks founder and the nsa defectors on the run...

unicorn's picture

Britains nuke subs run Windows XP...
https://www.privateinternetaccess.com/blog/2017/05/prudent-ask-britains-...

at least the blow up will be adequately filmed by one of the 100 000 cameras, that were installed for your safety /s

BuddyEffed's picture

Has the owner of the newly registered domain had any offers to purchase that domain yet?
I'm willing to offer a million dollars for it.

Payable at a rate of a dollar a year for a million years.

peopledontwanttruth's picture

That's what I like about coming here. While our own minds race on scenarios you always miss something. Didn't think of that nightmare

ConnectingTheDots's picture

Nuclear power plants would not be stupid enough to use MS Windows for their operations.

Or would they?

syzygysus's picture

^ this.  we are in for "may you live in interesting times" kind of future...

Lore's picture

Stuxnet was reportedly used to target Iran's nuclear centrifuges back in 2010. 

US was 'key player in cyber-attacks on Iran's nuclear programme' (Guardian.com)

Hackers made Iran's nuclear computers blast AC/DC (Verge.com) <-- That would piss ME off

Semi-employed White Guy's picture

It would depend on which song. If its some Bon Scott stuff, I'd like it. But if it's any of the Brian Johnson material (same song with 100 different names) no thanks!

roddcarlson's picture

It only destabilizes Windows users. Windows is a virus, use Linux and these issues will forever disappear.

roddcarlson's picture

At very minimum I'm right because Linux users are just more intellectually aware and curious. Two because it's a protected kernel where I actually think twice about entering root password. Three because of all the variants of Linux it becomes very much hard to target all versions of it. Whereas Microsoft is always the same code base and installer and majority version too so good luck with that one. The biggest fault insecurity is the scripts that inside a modern webbrowser. That isn't something I'm totally immune from either, that is visiting a bogus site that is open to festering criminal scripts. Sure I have script blockers but it's no guarantee that my privacy is guaranteed. I've caught many bad scripts of generally benign sites, but still there are limits to the damage that can be done. Yes anyone can develop say code into the Linux code base, it's not bullet proof say a bad actor for the CIA introduces methods into a an algorithm of the Linux code base. Suppose they have this inside man be some upper level administrator that allows the branched code to be merged. Well let's assume this obscurity goes unnoticed for some time. That however, doesn't mean that everyone is using that version. And the idea that with 100's, 1000's, even 100,000's of other software eyes peering over the malignant code that it can remain undetected for very long. So no it's not absolutely immune, but I again I don't have the kind of nightmares I used to have with Windows. It's been the best investment I ever made to leave Windows behind. Well I still use virtualboxes when I absolutely have to develop around it or use a specific software. Overall, Windows is a proprietary virus. Oh and the whole Gates story like Facebook Zuckerberg/Musk story, is another Joo media fantasy (laughs). Only Gentiles have to wait until middle age like Ford to start getting enough knowledge, and capital to actually make big things happen. Jews though just use the Juminati, printed dollars bills, their great Uncles/grandparents the Rockefellers and Rothchilds, the government as a customer, and finally their lying media to create a sensation of a Doogie House industry titan (laughs). The whole thing just a big B.S. storyline along with their virus laden works. Thank God for open source, it's the one area where Mystery Babi hasn't totally usurped the average man in being able to resist in technology. Anyone using a handheld? Most likely linux or unix code base. Generally the things are nearly immune to Goober but obviously not always if they allow anyone to install root software.

a Smudge by any other name's picture

Short retort: yes there are viri that target Linux, yes cryptolocking ransomware exists in Linux and Vault7 contains hacks for Linux, Solaris, BSD and others.

So yer WRONG boss. But you can keep spreading false confidence if you want.

roddcarlson's picture

The only boy genius story of an industry titan I might buy is the story of Steve Jobs. Here though the guy was pretty much immoral as a Turkish bloodline following the "Mud" Talmud Jew in cheating and using his fellow developers. In the end the guy probably was hospitalized and removed from power after rebuilding the capital so they could have their gay Jew take over. That's the way it works in Mystery Babylon. If you aren't Howard Hughes and a bit paranoid of these people when you have money and power you are in deep trouble. In fact money and power brings these antichrist even if you are paranoid, the easy buck that can be taken by Mud "Talmud" reasoning is like a magnet to iron. These people are attracted to their own lies of greatness. But anyway, yeah Microsoft is a big pile of doo doo. Only the undereducated utilise it as a main operating system.

land_of_the_few's picture

Jobs was half-Syrian AFAIK? You can see this in his face actually, looks like somewhat like a Syrian intellectual.

Of course, his stepfather was an awesome character and a great influence, too.

New_Meat's picture

Buddy:

"What additional measures ...?"

Well, don't use XP no more, that'sa start.

you_are_cleared_hot's picture

C'mon God, you know you want to hit that button...go ahead, push that button.

HardAssets's picture

Hey, I like camping and 19th century history.

Take this cesspool down !

< The > Black Swan ?

rccalhoun's picture

super large ego to attract friendly fire------check

ATM's picture

You should zero your rifles at 200m. 

hedgeless_horseman's picture

 

You should zero your rifles at 200m. 

Not if the optics have a ranging reticle zeroed at 100m, like ACOGs.

DaNuts's picture

I have iron sights, up a bit, up a bit more and hope for the best.

 

pods's picture

Little Kentucky Windage thrown in and you are all set.

pods

new game's picture

nothing beat practice and confidence that comes from that...

make some noise bitchez!