Following ransomware attack, Microsoft urges governments to ‘wake up’
The attack will “require a complex global investigation to identify the culprits”, the European law enforcement agency said.
Europol said a special task force at its European Cybercrime Centre was “specially created to assist in such investigations and will play an important role in supporting the investigation”.
The ransomware appeared to exploit a vulnerability in Microsoft Windows that was purportedly identified by the U.S. National Security Agency for its own intelligence-gathering purposes and was later leaked to the internet. Infected computers demanded users pay $300 (£230) in Bitcoin to retrieve the encrypted documents.
If you do, this message will pop up on your screen, demanding money to get your files back while infecting other computers on the same network.
But experts and government alike warn against ceding to the hackers’ demands.
Security expert Troy Hunt says the ransomware’s unprecedented impact only reinforces what the security community has been advising for years.
Analysts had feared that the attack, which started spreading on Friday, could accelerate as workers returned to their desks after the weekend and turned on compromised machines.
That may be because schools tend to have old computers and be slow about updates of operating systems and security, said Fang Xingdong, founder of ChinaLabs, an internet strategy think tank.
Microsoft released a patch for the vulnerability earlier this year – but only for the most recent operating systems. “The latest count is over 200,000 victims in at least 150 countries, and those victims, many of those will be businesses, including large corporations”, he said. Security firms have suggested that users immediately disconnect the infected device from the local network to contain the spread of infection.
Microsoft took the unusual step late Friday of making free patches available for older Windows systems, such as Windows XP from 2001. That’s why the attack has been so successful on corporate targets, which often make active use of shared folders in their networks.
That quick thinking may have saved governments and companies millions of dollars and slowed the outbreak before US -based computers were more widely infected. The other is to disable a type of software that connects computers to printers and faxes, which the virus exploits, O’Leary added.
The list of institutions affected has grown as more become aware of hacks and variants of the virus spread. Universities in Greece and Italy also were hit. Microsoft had apparently been informed of the exploit sometime previously, as it released security updates to combat it in March, but any computer not up to date is potentially at risk. “You’re only safe if you patch ASAP”.
On Saturday, a cyber security researcher told AFP he had accidentally discovered a “kill switch” that could prevent the spread of the ransomware.
Some experts said the threat had receded for now, in part because a British-based researcher, who declined to give his name, registered a domain that he noticed the malware was trying to connect to, and so limited the worm’s spread. “Now I should probably sleep”.
“Even if a fresh attack does not materialise on Monday, we should expect it soon afterwards”, she said.