Despite reports that the global cyber a*****s have slowed down, security experts are still on high alert around the world fearing there might be another wave of fresh strikes.
Experts said the threat had receded for now, in part, because a British-based researcher, who declined to give his name, registered a domain that he noticed the malware was trying to connect to, and so limited the worm’s spread.
“We are on a downward slope, the infections are extremely few, because the malware is not able to connect to the registered domain,” said Vikram Thakur, principal research manager at Symantec.
“The numbers are extremely low and coming down fast,” he disclosed.
But the attackers may yet tweak the code and restart the cycle. The researcher in Britain widely credited with foiling the ransomware’s proliferation told Reuters he had not seen any such tweaks yet, “but they will (happen).”
Europol’s European Cybercrime Centre said it was working closely with country investigators and private security firms to combat the threat and help victims. “The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits,” it said in a statement.
The global cyber attack leveraging hacking tools believed to have been developed by the US National Security Agency has infected tens of thousands of computers on Friday in nearly 100 countries; disrupting Britain’s health system and global shipper FedEx.
Cyber extortionists tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.
The a*****s came in the form of ransomware; a technique used by hackers that locks a user’s files unless they pay the attackers in bitcoin.
The malware’s name is WCry, but analysts were also using variants such as WannaCry, WanaCrypt0r, WannaCrypt, or Wana Decrypt0r.
The ransomware encrypted data on the computers, demanding payments of $US300 ($AU406) to $US600 ($AU812) to restore access.
International shipper FedEx Corp said some of its Windows computers were also infected. “We are implementing remediation steps as quickly as possible,” it said in a statement.
Nissan’s manufacturing plant in Sunderland, northeast England, was also affected by the cyber assault though “there has been no major impact on our business”, a spokesman for the Japanese carmaker said.
On Friday, Russia’s interior and emergencies ministries, as well as its biggest bank, Sberbank, said they were targeted. The interior ministry said on its website that about 1,000 computers had been infected but it had localized the virus.
The emergencies ministry told Russian news agencies it had repelled the cyber a*****s while Sberbank said its cyber security systems had prevented viruses from entering its systems.
Telecommunications company Telefonica was among many targets in Spain, though it said the attack was limited to some computers on an internal network and had not affected clients or services. Portugal Telecom and Telefonica Argentina both said they were also targeted.
Only a small number of US-headquartered organizations were hit because the hackers appear to have begun the campaign by targeting organizations in Europe.
The US Department of Homeland Security said it was aware of reports of the ransomware, was sharing information with domestic and foreign partners and was ready to lend technical support.
In Asia, some hospitals, schools, universities and other institutions were affected, though the full extent of the damage is not yet known because it is the weekend.
“I believe many companies have not yet noticed,” said William Saito, a cyber security adviser to Japan’s government. “Things could likely emerge on Monday” as staff return to work.
Other countries affected include Australia, Belgium, France, Germany, Italy and Mexico.