The Slatest

Ransomware Attack Could Keep Spreading After Hitting 200,000 Computers

A computer running a Windows Server is seen connected into a network server in an office building in Washington, D.C. on May 13, 2017.  


A massive global cyberattack that began on Friday and has already affected 200,000 computers in 150 countries could continue spreading on Monday as people get back to work. Many workers had already logged off their computers on Friday when the malware began spreading, wreaking havoc on the U.K.’s hospital network, Germany’s railway system, and companies around the world. The malicious software took control over computers and demanded ransom payments to restore access.

Although the virus slowed over the weekend as researchers discovered ways to thwart the spread of the malware, experts said the respite was likely to be brief as new versions have already started cropping up. “The numbers are still going up,” Rob Wainwright, the head of Europol, Europe’s policing agency, said. “We’ve seen that the slowdown of the infection rate over Friday night, after a temporary fix around it, has now been overcome by a second variation the criminals have released.”

So far, most of the large attacks have been outside the United States but it’s unclear whether that will continue to be the case. Security officials in Washington have been meeting over the weekend to try to figure out how to minimize any risk to domestic computer networks.

Microsoft blamed government secrecy for the rapid spread of the virus. The ransomware seems to have exploited a vulnerability in Microsoft Windows that was identified by the National Security Agency and used for its own intelligence-gathering. A group of hackers leaked the code for exploiting that bug earlier this year, saying it was taken from the NSA.

“We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world,” wrote Microsoft President and Chief Legal Officer Brad Smith in a blog post. “The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”

Despite the unprecedented nature of the attack, the hackers behind the malware that has gone by multiple names, including WannaCry, WannaDecryptor, and WannaCrypt, don’t seem to have been able to extort that much money from people. As of Saturday afternoon, the hackers appeared to have received less than $30,000, according to security researchers.