Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Financial Times
Financial Times
Business
Sam Jones in London

More than 1m computer systems vulnerable to WannaCry cyber attack

More than 1.3m computer systems are still vulnerable to infection by the cyber attack that swept across the world on Friday, paralysing hospitals, disrupting transport networks and immobilising businesses.

So far, 200,000 computers across 150 countries are known to have been infected in the first wave of the WannaCry cyber attack, Europol, the European police agency, said in a statement on Sunday. Government officials have warned of more potential attacks in the coming week.

"The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits," Europol said.

Intelligence agencies in Europe and the US have spent the weekend warning large companies and organisations that the threat from the ransomware - a category of malicious software that encrypts infected machines' hard drives and demands payment to release the data again - may escalate.

"A lot of preventative work has been undertaken in the last 48 hours to minimise the threat," said one British intelligence official on the risk of a second wave of WannaCry infections.

The list of affected organisations has steadily lengthened in the past 48 hours: alongside Britain's National Health Service, which saw more than a third of its hospitals and clinics incapacitated, victims include Deutsche Bahn, the Germany railway operator, FedEx, the US logistics company, Russia's ministry of the interior, Renault, the French carmaker and Telefónica, the Spanish mobile phone group.

------------------------

More on the cyber attack

● Cyber Attack Survival guide● What is WannaCry and how can it be stopped?● Ransomware's scope means authorities have to act● Security experts dash to contain ransomware attack● NHS fights to restore services after global hack● Microsoft issues WannaCry patch for unsupported operating systems● Opinion: We must act now to prevent future malware epidemics● UK cyber security researcher slams brakes on virus● Hackers use tools stolen from NSA in worldwide cyber attack● UK finance groups face surge in cyber attacks

------------------------

Russia, Ukraine, India and Taiwan are the most seriously afflicted countries, according to data from cyber security company Kaspersky Lab.

Despite urgent appeals from law enforcement and security authorities for organisations to address the critical Windows software security vulnerability exploited by WannaCry, many still have not done so.

According to web analysis by the cyber intelligence company Digital Shadows, more than 1.3m computers are still connected to the internet with the vulnerability in their file-sharing protocols unaddressed.

"It's only a matter of time before cyber criminals evolve the WannaCry ransomware malware to become even more virulent," Becky Pinkard, vice-president of service delivery and intelligence at the company, said. "The SMB protocol [the vulnerability] is one that should never be allowed to be accessed from the internet anyway. As we have seen, this is allowing it to spread very quickly and it is causing havoc."

WannaCry's potency is based on a cyber weapon known as Eternal Blue, developed by the US National Security Agency before it was stolen and leaked online last year by a group known as the Shadow Brokers, believed by western intelligence to be connected to Russia's spy agencies.

Eternal Blue, built by the NSA to exploit the then-unknown Windows software loophole, was used as a platform by WannaCry's operators to supercharge their ransomware, enabling it to spread laterally through and across organisations via any file-sharing protocols - such as drop boxes for documents or databases - they had set up.

The spread of WannaCry was halted early on Friday thanks to the efforts of one anonymous British cyber security researcher, who works under the online pseudonym of Malwaretech. He identified an effective "kill switch" coded into WannaCry by its creators - a web domain sought out by the ransomware before each new infection, which if activated, would automatically halt the infection process. He bought and registered the domain, halting WannaCry's spread.

But he warned that the kill switch could easily be written out of a repurposed version of WannaCry if the ransomware's operators wanted.

"Version 1 of [WannaCry] was stoppable but version 2.0 will likely remove the flaw. You're only safe if you patch ASAP," he tweeted on Sunday, urging companies to apply the Windows software update closes the loophole exploited by Eternal Blue.

Government security officials have also stressed the potential for a new, refined version of WannaCry to be set lose - or for other criminal groups or malicious actors to repurpose the Eternal Blue exploit or other NSA tools in the Shadow Brokers trove for more destructive purposes.

A senior British security official said that the ransomware component of WannaCry could easily be swapped out for another purpose: "The payload could have simply been a command to wipe the hard drive of the machine entirely," he said. "That would have been devastating and it still could be."

Copyright The Financial Times Limited 2017

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
In My Tiny Kitchen, Every Inch Counts – Yet Drew Barrymore’s Ingenious Blender Earned a Spot on My Counter (And Replaced 3 Bulky Appliances)
The new 'Kitchen System' is a personal blender and food processor all in one, making it a must-have for small spaces (starting with mine)
Homes & Gardens
Homes & Gardens
Former Texas Roadhouse worker calls out the outlet for ‘scooping out’ a bug from their cinnamon butter, but people noticed something even worse
Everyone has seen the viral videos of secret menu hacks or behind-the-scenes kitchen tours. But one former Texas Roadhouse server’s “throwback” TikTok of a bug in cinnamon butter is a literal nightmare. People with a fear of bugs, you might want to sit this one out.
The Mary Sue
The Mary Sue
From YouTuber to NASCAR driver: Cleetus McFarland expands his racing resume at Daytona
Garrett Mitchell is better known as “Cleetus McFarland” to his millions of followers gained over the years as a racing influencer
The Independent UK
The Independent UK
Woman orders wedding dress from Dior. Then she sees the box it came in. People are alarmed at the reveal: ‘I thought that was a fridge’
Forget butterflies and happy tears. This Dior bride’s big moment arrived looking less like couture and more like a Home Depot delivery. In a now-viral TikTok, handymen lug a massive wooden crate into her house–except it’s the kind you’d expect to hold a fridge, not a frock.
The Mary Sue
The Mary Sue
8 Signs Your Healthy Southern Diet is Actually Causing Inflammation
Traditional Southern flavors often rely on fresh produce and lean proteins, but common preparation methods can unintentionally trigger inflammation. While many believe they are following a wholesome regional diet, specific dietary habits might be working against health goals. Identifying these subtle shifts in nutrition can help restore balance and improve…
Budget and the Bees
Budget and the Bees
The science behind the trend for showering in the dark before bed
The latest wellness trend and “sleep hack” involves switching off the bathroom light before stepping into the shower. In the dimness, the water feels louder, the day’s visual clutter fades and the hope is that sleep will come more easily. This practice, often called “dark showering”, has spread on social…
The Conversation
The Conversation
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.
Download on the AppStore Get it on Google Play