Cyber criminals who breached hundreds of thousands of computers worldwide with the “WannaCry” ransomware took advantage of holes in Microsoft’s Windows XP operating system, for which the tech giant dropped mainstream support.
The full extent of damage from the attack remained untabulated, but officials said old XP systems in use around the world, and at a few locations in the United States such as FedEx, were hit.
The attack began Friday when computer users found their files locked, with an onscreen message demanding payment of about $300 in the virtual currency Bitcoin, a process few consumers even know how to operate.
Agence France-Presse reported the damage was widespread, with systems hit in more than 150 nations. Victims included “hundreds of thousands” of computers in China, hospitals in Britain, Telefonica in Spain, Renault in France, FedEx, the train company Deutsche Bahn in Germany and many Russian government agencies.
Brad Smith, Microsoft spokesman, said in an online post over the weekend he believes the criminals used a code from the U.S. National Security Agency that was leaked as part of a document dump.
What do YOU think? Are you taking precautions against ransomware? Sound off in today’s WND poll!
He said that when government agencies discover such vulnerabilities, the companies affected should be warned.
“The governments of the world should treat this attack as a wake up call,” he said.
Officials in Europe, where more of the attacks were reported, said they were working on a tool that would decrypt the lost files.
The London Telegraph said Russian President Vladimir Putin blamed the U.S., claiming Russia had “nothing to do” with the attack.
“Malware created by intelligence agencies can backfire on its creators,” he told a crowd in Beijing, where he was visiting.
The Wall Street Journal said, in a report from Paris, Madrid and London, that victims were just starting to add up the costs.
“By late Monday, cybersecurity officials said it had largely been contained, though governments and companies are likely to continue disclosing instances of infection for days or weeks as they get a better handle on the scope of the attack. Follow-on attacks are also possible,” the report said.
“We think the initial fire is put out,” Rob Holmes, vice president of products at Proofpoint Inc., a Silicon Valley cybersecurity firm that tracks computer worms via sensors in major corporations and telecom companies, said in the report. “The second thing is to make sure there’s no reignition of the fire.”
One guess from a risk modeling firm suggested the damage could total around $8 billion worldwide.
The Wall Street Journal said French car maker Renault SA shut down production at several auto plants across Europe over the weekend after being hit by the attack.
“It had restored all its plants except for one in France by late Monday, and expected that one back online Tuesday. A spokesman said the company would make up lost production and didn’t yet have a handle on overall financial costs.”
Microsoft issued an emergency patch for XP operating systems, even though it no longer fully supports them.
The ransomware appeared not to yield much money in return because few people know the ins and outs of paying through Bitcoin.
The National Post said while the crypto money is harder to track than ordinary payments, only about $50,000 appeared to have been paid.
Michela Menting of ABI Research said in the report: “The amount is indeed low. This is likely due to the fact that organizations have initiated their backup and recovery procedures.”
“Moreover,” the report continued, “for those who didn’t save their data on a separate system, paying a ransom isn’t like buying something from Amazon by entering their credit or debit card information. … The crypto currency is a black box for most people.”
“If you’re presented with something that says pay this amount in Bitcoin, most people don’t know where to start with that,” said James Smith of Elliptic.
To actually do business with Bitcoin, one has to registered and be approved by an online exchange. Then funds are deposited that can be converted. In case there’s not a domestic exchange, people may have to convert their own currency to another nation’s before being allowed to convert that to Bitcoin.
Microsoft put the blame on the National Security Agency, not it’s own breached operating system.
Smith said in a National Public Radio interview that such “vulnerabilities” have shown up before in WikiLeaks, and “now this vulnerability stolen from the NSA has affected customers around the world.”
“Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage,” he said.
Among those reporting damage was CJ CGV, one of South Korea’s largest movie chains. Spokesman Hwang Jae-Hyeon said its advertising server was unable to display ads before the start of films at 30 locations.