With employees returning to work Monday, there are fears that more infected computers will be discovered. And there are also reports that new variations of the “WannaCry” virus are appearing.
New victims of the “WannaCry” computer virus emerged as expected on Monday, but government and security officials around the world expressed relief that it was proliferating at a much slower pace than feared, and said it appeared to have been the work of relatively unsophisticated hackers.
Even so, no one was ready to declare victory. Several security firms detected new variations of the virus, just as many had predicted would happen. Thus far, none of these new versions had made much of an impact, but security officials remained vigilant.
“Several new variants have emerged during Sunday and last night, of which only one appears to have gone some very limited traction, ” said Costin Raiu, director of Kaspersky Lab’s Global Research and Analysis team. “The other variants appear to have been manually patched by unknown entities and have not been created by the original WannaCry authors.”
In the United Kingdom, the National Health System appeared to be largely back to business today. The NHS said that seven out of the nearly 50 NHS trusts affected are still facing serious problems. Others are reporting problems, but not as severe. The majority of patients are being advised to turn up for their usual appointments, unless told otherwise.
Across the globe in China, cyber security firm Qihoo 360 released a statement saying that 29,372 institutions, including government offices, bank machines and hospitals had been infected over the weekend. French digital security agency ANSII reported that only a handful of organizations had been infected.
The car maker Renault said it had halted manufacturing at some of its factories in France and one in Slovenia because of the virus. In Germany, rail passengers posted pictures on Twitter of departure and arrival screens at Deutsche Bahn, the German train operator, showing the red WannaCry warning sign.
Still, in an interview with Agence France-Presse, Europol spokesman Jan Op Gen Oorth said the agency’s worst fears were not realized today.
« The number of victims appears not to have gone up and so far the situation seems stable in Europe, which is a success, » he told AFP. « It seems that a lot of Internet security guys over the weekend did their homework and ran the security software updates. »
The virus exploits a vulnerability in the Windows operating system that was discovered by the U. S. National Security Agency and later revealed by hackers who stole the information from the NSA. A top Microsoft executive lashed out at the NSA on Sunday, saying the agency bore the blame for turning an obscure computer vulnerability into a weapon.
Russian President Vladimir Putin — whose Interior Ministry was reported to be a victim of the attacks — picked up on that theme Monday, blaming the U. S. for the creation of the ransomware virus.
« We are fully aware that the genies, in particular, those created by secret services, may harm their own authors and creators, should they be let out of the bottle, » Putin said in Beijing, according to Russia’s Tass news agency.
Putin said Russia had invited Obama administration officials last year « to look into cyber security matters » and develop an intergovernmental agreement. « Regrettably, our proposal was rejected. Then the previous administration said it was prepared to get back to our proposal, but nothing was done in practice. »
Russia, of course, has since been blamed for hacking attacks aimed at influencing the 2016 U. S. presidential election.
On Sunday, Europol had disclosed that 200,000 computers had been infected with the WannaCry virus, an attack the agency described as “unprecedented.” It appears a move by a security researcher to register an address on the Internet that fooled the virus has blunted its momentum.
Still, many researchers believe the virus was likely the work of relatively clumsy hackers, despite its impact. The ability to stop it was too easily found, they said, and the scheme of asking people to pay in bitcoin to decrypt their information had netted the thieves only about $54,000 after three days.
Several governments, security agencies and research firms on Monday were calling on users not to pay the ransom for fear that it would inspire even more such attacks. Still, it was not clear whether those who had paid had their access restored, or what other options exist for users who found their computers still encrypted.
The newer variants of the virus that emerged seemed to be ineffective because they were quickly made. Researchers are still on the watch for more sophisticated versions that can better exploit the remaining vulnerabilities.
Microsoft called over the weekend for more of its customers to be more aggressive about installing the security patch it had issued several weeks earlier. But the reality remains that millions of machines are likely running on older versions of its Windows operating system, or lack the resources and organizational sophistication to install the patch across their tangled web of IT systems.
“The fact that so many computers remained vulnerable two months after the release of a patch illustrates this aspect, ” wrote Brad Smith, Microsoft’s president and chief legal officer in a blog post on Sunday. “As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems. Otherwise they’ re literally fighting the problems of the present with tools from the past.”
On Monday, the process of re-examining the policies and politics of cyber security in Europe were starting in the wake of the attack.
In the UK, there were reports that Health Secretary Jeremy Hunt was warned last summer that National Health System organizations were at risk of cyberattacks. An assessment of 60 hospitals was carried out by experts who warned that a cyberattack was becoming a « bigger consideration » as the NHS moved increasingly away from paper records to digital ones.
A July report presented to Hunt said that “computer hardware and software that can no longer be supported should be replaced as a matter of urgency.” And as long ago as 2014, the government told NHS trusts that they needed to update their systems and avoid using Windows XP as quickly as possible.
It appears many of those alarms were not heeded.
The British government announced it would hold an emergency meeting late Monday to discuss the cyberattack, chaired by Home Secretary Amber Rudd.
