Reports indicate that a cyberattack experts claim may have originated somewhere in Europe has infected over 200,000 computers in 150 various countries in the span of just three days.
“WannaCry,” as the bug has been named, works by locking users out of their computer accounts, then demanding that they pay hefty sums of money to get their information back. Officials say that, so far, the cyberattack has more or less stolen upwards of $50,000 from its victims.
However, according to sources, European intelligence agency Europol says paying the ransom may not actually be a wise decision- even though it seems like the only viable option. The agency indicates that by paying the ransom in exchange for control of their computers, users are only proving that the worm is effective- thus making the attackers much more likely to strike again.
“As a result, cybercriminals will continue their activity and look for new ways to exploit systems that result in more infections and more money in their accounts.”
Technology specialists indicate the complex “ransomware” program was launched on Friday, 12 May 2017, and primarily targets Microsoft’s Windows operating system- though computers that run on other systems aren’t completely protected from it either. It asks users to pay fees using Bitcoins, a sort of “cryptocurrency” that can conceal the identity of those involved in monetary transactions. According to Europol, the scale of the attack is “unprecedented.”
The initial attack allegedly occurred through a vulnerability in the Windows network involving the program’s “Server Message Block” protocol. Once the worm infected one computer, it then spread to others on the same network with relative ease. It also used random IP addresses found on this network to begin affecting computers internationally.
When the worm is displayed on a user’s computer, it shows the user a screen that says files have been encrypted, and the only way to get those files back is to make a payment of at least $300 in Bitcoin within three days, or $600 in Bitcoin in one week. According to Ken Collins, a regular contributor to Quartz news, three different Bitcoin addresses have been set up to receive the victims’ payments. While the balances and all transactions regarding those particular addresses are accessible by the public, the names of the owners of the IP addresses, obviously, are not.
Reports indicate that the attack has affected many servers in the National Health Service (the public health services of England, Scotland, and Wales)- though of the three participating nations, Wales has been relatively unaffected. In England and Scotland, however, sources claim that almost 70,000 devices- including MRI scanners and refrigerators used to store blood- have suffered from the worm. On the first day of the attack, several ambulances and other NHS services were diverted from their original destinations in both countries due to the virus’ damage. The Nissan manufacturing company in the UK also reportedly had to stop production because the bug had affected some of its computing software.
Sources indicate that the attack could have been significantly worse had a certain internet security expert, whose identity remains unknown, not found a kill-switch in the malware’s programming that was installed by the creators.
His discovery has slowed down the worm considerably, but experts warn that it is not completely contained- so users should still be wary when surfing the web. To combat the ransom issue, two cybersecurity companies have teamed up with the European Cybercrime Centre and the National High Tech Crime Unit of the Netherlands to introduce a site called nomoreransom.org. Here, victims of the cyberattack can receive instructions on how to potentially unlock their computers without having to shell over any money to the attackers.
Software specialists have indicated that they hope to get this situation under control quickly.
[Featured Image by Mark Schiefelbein/AP Images]