Spotlight: Huge ransomware cyberattack fades away, uncertainty remains

Source: Xinhua| 2017-05-16 16:18:47|Editor: xuxin
Video PlayerClose

BEIJING, May 16 (Xinhua) -- A widespread ransomware cyberattack that has affected about 150 countries worldwide appeared to slow down over the weekend, but uncertainty still remains.

According to the White House on Monday, less than 70,000 U.S. dollars has been paid in the ransomware cyberattack.

"We are not aware of payments that have led to any data recovery," White House Homeland Security adviser Tom Bossert told a daily briefing.

Bossert said the ransomware attack, known as WannaCry or WannaCript, has infected more than 300,000 machines in about 150 countries, but the good news is "the infection rates have slowed over the weekend."

Specially, no U.S. federal systems are affected, he said.

Bossert said the ransomware has three variants but patching systems can help protect against all these variants.

However, Australian cybersecurity experts warned Tuesday that the world is still at risk of being infected by the ransomware attack.

Simon Smith, cyber forensic expert and founder of eVestigator, spoke to Xinhua on Tuesday after Australian Federal Cyber Security Minister Dan Tehan announced that there had been 12 reported cases of the attack on Australian businesses.

"There is definitely a continuing threat. The problem is there are a lot of people who will copy this, even those 12 cases as people try to debunk and fix it, they could also possibly spread it," Smith said.

"There are definitely going to be opportunists who will make multiple versions. There have already been three versions," said the expert.

Nigel Phair, one of Australia's leading cybercrime experts based at the University of Canberra, told Xinhua that although the government has said there are currently 12 cases reported in Australia, there are potentially a lot more.

"If I was a business I don't think I would be reporting it, and there is a range of embarrassing commercial reasons why you wouldn't," said Phair.

In terms of the ongoing threat caused by the ransomware virus, Phair was explicit that this is not a situation that will likely end any time soon.

"It will be interesting how it pans out. If I was a criminal, I'd already have a couple of variants ready to go, based on the success of this one," Phair said.

Meanwhile, Vietnam Computer Emergency Response Team (VNCERT) under the Ministry of Information and Communications has urged organizations and companies nationwide to prevent possible attacks from WannaCry ransomware.

In a statement, VNCERT urged leaders of the central government, ministerial organizations, as well as companies nationwide to prevent and stop spreading of attacks by virus, reported local Bao Dau Tu (Vietnam Investment Review) online newspaper on Tuesday.

In Europe, the Irish government said on Monday there have been no further reported incidences of the WannaCry ransomware in the country.

But the government said it is still possible that further incidences will arise and a sustained period of vigilance will be required, both in terms of updating and patching software and monitoring equipment.

No WannaCry cyber attacks were reported in Cyprus on the first working day, Andreas Anastasiades, who leads the Cyprus Cyber Crime Police Unit,said on Monday.

Cyprus was one of the few countries that was not affected on the initial day of the attack on Friday, but authorities were wary about what to expect when government services and private businesses resumed work after the weekend break.

Dinos Pastos, a computing and security expert, said that the cyber-attack seemed to have slowed down worldwide, but warned that the respite might be brief as new versions of the worm could appear.

The WannaCry ransomware virus has rapidly spread across computer systems globally, including major countries such as Russia, China, Italy, Russia and Britain.

The ransomware attack is boiling down to a computer virus that makes users' computers useless unless a payment is made to those who hacked their system.

China's cyberspace authority Monday warned computer users to install and upgrade computer security software to avoid ransomware attacks.

Police and various government authorities have taken responsive measures against a global ransomware attack, and Internet security companies have also acted to provide increased security services, said the cybersecurity coordination bureau of the Cyberspace Administration of China (CAC).

About 18,000 IP addresses in China have been confirmed as infected with the WannaCry ransomware, according to the National Computer Network Emergency Response Technical Team/Coordination Center (CNCERT).

India's central bank, the Reserve Bank of India (RBI), issued an advisory to banks on Monday, directing them to run ATMs only after updating their operating system to protect them from the ransomware attack, state-run broadcaster All India Radio (AIR) reported.

"ATM machines are seen as being vulnerable since almost all of them run on Windows software. Also over 60 percent of 225,000 ATMs in the country run on the outdated Windows XP operating system," the broadcaster said.

In India, 102 computer systems of the Andhra Pradesh police were hacked on Saturday and a Nissan Renault car plant production was halted because of the malware.

In Britain, many National Health Service (NHS) organizations have been hard hit by the cyber attack, with daily work being disrupted.

The head of Britain's National Crime Agency (NCA) said Monday that there is "no indication of a second surge of cases (cyber attacks) here in the UK," but that doesn't mean there won't be one.

"The NCA is leading the criminal investigation into the attack, but for operational reasons we cannot give a running commentary," said Lynne Owens, general director of the NCA, in a statement.

The NCA has provided guidance on how to avoid falling victim to the ransomware, and has sought collaboration with international partners.

"More than 150 countries have been affected, and we're in constant communication with international partners, including Europol, Interpol and the FBI and the collaboration has been strong and effective," said Owens.

It's a daunting task for authorities to catch the extortionists behind the cyber attack.

On Sunday, Microsoft slammed the U.S. National Security Agency (NSA) because vulnerabilities used for the attack was first discovered by the spy agency, but it chose to keep them secret until they were stolen and leaked.

"This was a vulnerability exploit as one part of a much larger tool that was put together by the culpable parties and not by the U.S. government," Bossert argued, "This was not a tool developed by the NSA to hold ransom data."