World

Worst of WannaCry virus may not be over

Ransomware virus hits more than 100,000 computers

SINGAPORE/TORONTO: Technical staff scrambled yesterday to patch computers and restore infected ones.

This comes amid fears that the ransomware worm that stopped car factories, hospitals, shops and schools could wreak fresh havoc today when employees log back on.

The spread of the virus dubbed WannaCry - "ransomware" which locked up more than 100,000 computers - had slowed, cybersecurity experts said, but they warned that the respite may be brief.

New versions of the worm were expected, and the extent of the damage from Friday's attack was still unclear.

Mr Marin Ivezic, cybersecurity partner at PwC, said that some clients had been "working around the clock since the story broke" to restore systems and install software updates or patches, or restore systems from backups.

Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm to spread across networks, a rare and powerful feature that caused infections to surge on Friday.

Code for exploiting that bug, which is known as "Eternal Blue," was released on the Internet in March by a hacking group known as the Shadow Brokers.

The group claimed it was stolen from a repository of National Security Agency hacking tools.

The agency has not responded to requests for comment.

Hong Kong-based Mr Ivezic said the ransomware was forcing some more "mature" clients affected by the worm to abandon their usual cautious testing of patches "to do unscheduled downtime and urgent patching, which is causing some inconvenience."

Today was expected to be a busy day, especially in Asia which may not have seen the worst of the impact yet, as companies and organisations turned on their computers.

"Expect to hear a lot more about this tomorrow morning when users are back in their offices and might fall for phishing e-mails" or other as yet unconfirmed ways the worm may propagate, said Singapore-based security researcher Mr Christian Karam yesterday.

A Jakarta hospital said yesterday that the cyber virus had infected 400 computers, disrupting the registration of patients and finding records. The hospital said it expected big queues today when about 500 people were due to register.

Symantec, a cybersecurity company, predicted infections so far would cost tens of millions of dollars, mostly from cleaning corporate networks.

Ransoms paid amount to tens of thousands of dollars, one analyst said, but he predicted they would rise. - REUTERS

hackingAsiaJakarta