An audacious global cyberattack that saw large institutions and companies in 150 countries affected has received nearly $53,000 in ransom demands being paid, since the attack took place, last Friday.
The malicious malware, known as WannaCry or WannaCrypt, targeted around 75,000 computers with countries such as the U.K., the U.S., Russia, Spain, France, Japan and Taiwan infected after a flaw was exploited in Microsoft Windows. It’s reported that this flaw, known as EternalBlue, was a leaked National Security Agency (NSA) tool that hacker group Shadow Brokers had dumped earlier this year, reports Forbes. However, while Microsoft released a patch for it on March 14, it appears that those running on older versions of Windows such as XP, saw many organizations failing to install the patch, leaving them vulnerable.
The cyberattack, which started in London, saw the U.K.’s National Health Service (NHS) affected by the ransomware, which saw many hospitals sending patients away after reporting that countless organizations in Britain had been targeted. In England, 47 NHS trusts had issues while 13 NHS organizations in Scotland were also targeted. As of today, there still remains seven out of the 47 trusts in England facing serious issues with their IT systems.
Russia, which was considered the worst hit, had 1,000 of its computers at the Russian Interior Ministry frozen, according to Russian-based security firm Kaspersky Lab, followed by the Ukraine and India.
Microsoft, which has called out governments for storing data on software vulnerabilities that could be accessed by hackers, said in a statement:
This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world.
The ransomware presents a text file demanding $300 in bitcoin to be paid for the release of locked files. A payment countdown timer is presented to the victim and after three days the ransom doubles if the $300 hasn’t been paid before that time. After seven days all files will be deleted with no option to recover them. Just recently, Bitcoin suffered a drop in price, which is reported to have been down to the cyberattack.
Since May 12, when the cyberattack was first reported, bitcoins have been pouring into three accounts used by WannaCry’s latest version.
At the time of writing 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 had 75 transactions worth just under 11 bitcoins or $19,400; 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw had 67 transactions amounting to 11.5 bitcoins or $20,000; and 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn had 60 transactions with 7.7 bitcoins, totaling $13,500.
The latest transactions have all taken place today, and yet, while a kill switch was discovered by 22-year-old British cyber expert Marcus Hutchins after he registered a domain name used by the malware to prevent it spreading, he believes the crisis attack isn’t over and that people ‘need to update their systems ASAP to avoid attack.’ Going by the name of Malware Tech, Hutchins posted a blog after the cyberattack to detail the process he undertook that led him to discovering the kill switch. He’s now, reportedly, working the U.K.’s Government Communication Headquarters (GCHQ), a British intelligence and security organization, to prevent another cyberattack.
Of course, until systems are patched and a solution is found many organizations either have to pay the ransom or risk losing access to their files forever.
According to Troy Hunt, Microsoft Regional Director, he expects the ransoms paid to go up.
Regardless of the kill switch, many machines remain infected and if there’s a 3-day window of payment before the cost escalates, you’d expect plenty of people to be holding off for a bit. It’ll be interesting to look at those Bitcoin addresses in another 48 hours.
Featured image from Shutterstock.