FIRMS and organizations across the Asia Pacific are bracing for a possible second wave of the large-scale ransomware cyberattacks that swept Europe and North America from Friday, as workers return to the office for the new workweek.
Over the weekend, some firms in the region reported incidents. According to Bloomberg, they include two Indonesian hospitals, The Japan Times publication and Australia’s Sky News. Bloomberg analysts also noted Chinese social media users complained of malfunctions at the payment systems of several gas stations.
Early Monday, The New York Times reported on other cases that have come to light – one on a private citizen’s personal computer in Japan, while Taiwan noted a hospital computer in New Taipei City had been compromised.
Russia was again at the center of a global hacking scandal. But this time, Russians were among the victims. https://t.co/tcKNPXnz8o
— The New York Times (@nytimes) May 14, 2017
According to the European Union’s law enforcement agency Europol, 150 countries have reported more than 200,000 incidents. The UK government’s cybersecurity division called it an attack of “a significant scale”, as reported by Bloomberg. Europol executive director Rob Wainwright told ITV ransomware had become a particular threat, but the widespread reach of this attack was a first.
The attacks have mostly centered on UK businesses and government organizations, notably the UK’s National Health Service (NHS), which resulted in hospitals turning away patients and surgery appointments as a safety precaution.
The malware largely affected computers running Microsoft, and the company has urged users of the operating system to download a patch to their units immediately.
The ransomware worm that began causing havoc around the world is going by a number of names, some of which include “WannaCry”, “Wanna”, or “WannaCrypt” – ransomware is particularly notorious for its stubbornness and the speed at which it infects computers.
WannaCry is a “highly virulent” “self-replicating”, multilingual computer virus that has been alleged to be based on a leaked US National Security Agency (NSA) cyberweapon, and is aimed at locking down computers until the victim has paid a ransom to the hackers, typically a sum of US$300 in bitcoin currency.
And people are paying up – according to some estimates, the hackers have amassed around US$30,000 in ransoms. Ransomware has proven to be especially lucrative for hackers, with some security experts valuing the market at as much as US$1 billion in annual revenue.
In a stroke of luck, the attacks screeched to a halt in the afternoon in the UK when a researcher, who goes by the Twitter handle @MalwareTechBlog, unwittingly activated a kill switch in the virus’s spread by taking control of an Internet domain that was “hard-coded into the self-replicating exploit”, as reported by Ars Technica.
The worst might still be on its way though, as laptops and desktops all across Asia Pacific are being turned back on for the new workweek.
@MalwareTechBlog warned on Twitter the version of WannaCry he managed to accidentally kill was only Version 1, and the second version would likely get rid of the kill switch loophole. He urged Twitter users to install the Microsoft patch the company had released a month ago on May 14.
Version 1 of WannaCrypt was stoppable but version 2.0 will likely remove the flaw. You're only safe if you patch ASAP.
— MalwareTech (@MalwareTechBlog) May 14, 2017
However, as netizens all over the the eastern half of the world begin to log onto their computers, the risk of the stronger strain of WannaCry spreading is worrying many security experts.
The New York Times consulted analyst Allan Liska who confirmed the latest version of WannaCry did not have the same kill switch and would likely cause even more harm.
Furthermore, the Microsoft patch will take time to implement – time many large organizations do not have.
The Trump administration has characterized the attack as much more complex than currently thought because “this code was cobbled together from many places and sources,” The New York Times reported an anonymous administration source as saying.
US President Donald Trump has ordered homeland security adviser Thomas P. Bossert to begin coordinating the country’s response, but the White House has also remained mum on the malware’s origins in the intelligence world.
Governments worldwide have begun buckling down.
Indonesian communication and information minister Rudiantara pleaded with the populace to remain vigilant against the malware while the Japanese police have begun looking into the matter. But already allegations are flying the ransomware worm got its start from Russian-language speakers.
Some experts say the use of ransomware is a kind of calling card for Russian hackers, and many recall the influence said hackers have been purported to have had on several elections in the last year or so. It’s an accusation that might not have any legs, especially considering the fact many actors in Russia too were hit hard.
In response to the attack, Microsoft broke with tradition and released security patches for older versions of their Windows operating system, including Windows XP and Windows Server 2003, which are largely unsupported. Before this, the company only offered support to paid versions of their software and in the interim have also complained about the many pirated versions of their operating system, which led to to the vulnerability of many units.
The government when they realize their systems are currently being pwned by exploits they helped write pic.twitter.com/qLzqKLDyl1
— MalwareTech (@MalwareTechBlog) May 12, 2017
The company has also lashed out against the governmental efforts to “[stockpile] vulnerabilities” in the cybersecurity realm.
In a lacerating blog, Microsoft president and chief legal officer Brad Smith cited leaks from the CIA and NSA, which have showed up on public forums such as Wikileaks, as well as the theft of the WannaCry exploit by a mysterious hacking group called the “Shadow Brokers”.
Smith pointed to the “emerging pattern” of governments harnessing the power of cyberweapons in a kind of Cold War arms race for the digital age.
“The governments of the world should treat this attack as a wake-up call,” Smith wrote. “They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world.”
“We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”
Smith also acknowledged the need for technology companies and consumers to work together by bridging the evident gaps created by the lack of vigilance on both parties.
He wrote consumers would have no way to protect themselves against future attacks if they fail to update their computers regularly, a practice that needs to be taught by those in the technology industry.
Instances of cybercrime have begun spreading like wildfire in recent years and governments are struggling to contain it, ill-equipped as they are.
Smith notes many are trying to combat a present and future threat with “tools from the past”, an assertion difficult to refute when even large corporations such as Renault SA, global logistics giant FedEx, and developed countries like the UK fall prey to and become paralyzed by instances of highly intrusive malware.
Many countries still lack the appropriate infrastructure to deal with cyberattacks, much less one whose scale has been a constant source of worry. Should the next version of WannaCry begin spreading, even the US might experience hits, especially if a new kill switch is not found.
Universities in China and Japan are already reporting losses of control over their systems.
UK Home Secretary Amber Rudd reportedly told the BBC on Saturday, “We are not able to tell you who is behind that attack. That work is still ongoing.”