Ransomware may wreak more havoc as work week starts

New versions of worm expected; Asia may not have seen worst yet

The WannaCry ransomware worm hits governments and businesses across Asia and experts warn of a wider impact to come globally as employees returning from the weekend switch on computers and check e-mails.
US and European officials scrambled to catch the culprits behind a massive ransomware worm that caused damage across the globe over the weekend, amid fears it could wreck fresh havoc on Monday when employees return to work.
A programer showing a sample of a ransomware cyberattack on a laptop in Taipei, Taiwan, on May 13, 2017. PHOTO: EPA
Updated
May 15, 2017, 05:41 PM
Published
May 15, 2017, 05:00 AM

SINGAPORE/TORONTO • Technical staff are scrambling to patch computers and restore infected ones, amid fears that the ransomware worm that stopped car factories, hospitals, shops and schools last Friday could wreak fresh havoc today when employees log back on.

"At the moment, we are in the face of an escalating threat. The numbers are going up - I am worried about how the numbers will continue to grow when people go to work and turn (on) their machines on Monday morning," Europol director Rob Wainwright told Britain's ITV.

Today is expected to be a busy day, especially in Asia, which may not have seen the worst of the impact yet.

"Expect to hear a lot more about this tomorrow morning when users are back in their offices and might fall for phishing e-mails" or other as yet unconfirmed ways the worm may propagate, said Singapore- based security researcher Christian Karam.

In Singapore, a company that supplies digital signage, MediaOnline, was rushing to fix its systems after a technician's error led to 12 kiosks being infected in Tiong Bahru Plaza and White Sands.

Director Dennis So said the systems were not connected to the malls or tenants' networks.

Mr Marin Ivezic, a Hong Kong- based cyber security partner at PwC, said some clients have been "working around the clock since the story broke" to restore systems and install software updates or patches, or restore systems from back-ups.

More On This Topic
Singapore malls, users hit in cyber attack

Microsoft released patches last month and last Friday to fix a vulnerability that allowed the worm to spread across networks.

But new versions of the worm - dubbed WannaCry ransomware - are expected, said cyber security experts, and the extent of the damage from last Friday's attack remains unclear. The latest count is over 200,000 victims in at least 150 countries.

Code for exploiting a cyber weapon called "Eternal Blue" was released on the Internet in March by a hacking group known as the Shadow Brokers. It claimed the bug was stolen from a repository of National Security Agency hacking tools. The US agency has not responded to requests for comment.

The malware hit Britain's National Health Service particularly hard, causing widespread disruptions and interrupting medical procedures across hospitals in England and Scotland.

When asked if the British government had paid any ransom in this situation, a Downing Street spokesman said last Saturday that it had not.

"Usually, ransomware attacks are designed to be revenue sources but, in this case, the ransom was quite low," Europol spokesman Jan Op Gen Oorth said.

In Germany, Deutsche Bahn faced "technical disruptions" with electronic displays at train stations, but travel was unaffected.

Other targets in Europe included Spanish telecom giant Telefonica, French car maker Renault and a local authority in Sweden, which said that about 70 computers had been infected.

In Asia, some hospitals, schools, universities and other institutions were affected. China National Petroleum Corporation petrol stations could accept only cash payments after the company's computer system came under attack, reported Shanghai-based Thepaper.cn.

A Jakarta hospital said yesterday that the cyber virus had infected 400 computers, disrupting the registration of patients and the finding of records.

Last Saturday, a cyber security researcher tweeting as MalwareTechBlog helped to limit the spread of the virus by registering a domain name used by the malware.

"Essentially, they relied on a domain not being registered and, by registering it, we stopped their malware spreading," @MalwareTechBlog told Agence France-Presse in a private message on Twitter.

REUTERS, WASHINGTON POST, AGENCE FRANCE-PRESSE

Related Stories
US, Britain blame Russia for 'NotPetya' ransomware attack
Most Maersk operations running after global cyberattack
Mystery of motive for a ransomware attack: Money, mayhem or a message?
A ransom message popping up on a monitor of a payment terminal at a branch of Ukraine's state-owned bank Oschadbank after institutions were hit by a wave of cyber attacks yesterday. The new virus, which is spreading to many countries, has a fake Micr
New cyber attack spreads across Europe
Nato chief says cyber attacks could potentially trigger mutual defence commitment
Comparing NotPetya and WannaCry and tips on how to stay safe from ransomware
Singapore critical sectors, government not affected by NotPetya ransomware
Cyberattack reaches Asia and Australia as new targets hit by ransomware demand
China issues warning for new ransomware virus
Another large-scale cyber attack underway: Experts
Greater global cooperation required to fight cyber crime: China Daily
Hackers mint crypto-currency with technique similar to WannaCry 'ransomware' attack

Join ST's Telegram channel and get the latest breaking news delivered to you.

A version of this article appeared in the print edition of The Straits Times on May 15, 2017, with the headline Ransomware may wreak more havoc as work week starts. Subscribe

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top