There’s going to be even more chaos from an ongoing massive global cyberattack on Monday morning.
Europol’s executive director Robert Wainwright told ITV that there were at least 200,000 victims across 150 countries so far, and that number will go up on Monday morning when people go back to work.
And a security researcher warned there might be another attack imminently.
The Australian government says the first Australian business is believed to have been infected, and more are expected to be hit.
Prime Minister Malcolm Turnbull’s cyber security adviser, Alastair MacGibbon, said on Sunday: “People going back to work on Monday may switch on their computers and see their systems have been impacted.
“The affected company doesn’t fall under critical infrastructure, it’s not a medical or health service and it is not a big company.
“The most important message we want to get out there is that we haven’t seen a wholesale impact like we’ve seen in Europe and other parts of the world. It appears at this stage, it is unlikely there will be any large-scale ramifications.”
Wainwright from Europol said: “We’re in the face of an escalating threat, the numbers are going up, I’m worried about how numbers will continue to grow when people go to work and turn their machines on on Monday morning.”
Europol is the EU’s law enforcement and intelligence agency. It’s working with the FBI to track down the criminals responsible for the malware, but Wainwright said this was “very difficult.”
“We have never seen anything like this,” he said. “We’ve seen the rise of ransomware becoming the principal cyber threat, but this is something we’ve never seen before — the global reach is unprecedented.”
The anonymous researcher who managed to slow the original attack on Friday also told the BBC there was “another one coming … quite likely on Monday.” The researcher, who is known as MalwareTech, registered a domain name to track the virus, unintentionally halting it in the process.
The attack caused hospital shutdowns on Friday
The attack has plunged Britain’s health service into disarray, and affected French car manufacturers, Russian banks, and a Spanish telecoms operator, according to reports on Saturday. At least 48 NHS organisations were affected by the hack, including St. Bartholomew’s Hospital and the East and North Hertfordshire Trust. Staff resorted to working with pen and paper while their computer systems were down, and hospitals had to cancel appointments.
The attack took the form of ransomware that is nicknamed “WannaCry”. Ransomware is malicious software that encrypts data on your computer, then asks for payment in return for decryption. In this case, messages seen by affected NHS staff showed that the attackers were asking for $US300 in Bitcoin in exchange for decryption.
A BBC analysis found people paid the hackers £22,080 in Bitcoin so far.
No one has died because of the NHS attack, and there’s no evidence patient data was leaked, according to Home Secretary Amber Rudd.
The NHS is running old, insecure computer software
But the attack has sparked a massive debate about why the NHS, as a critical piece of the UK’s infrastructure, was running out-of-date software at all.
WannaCry is spread by a worm that targets a particular Windows vulnerability. That flaw has been patched in more up-to-date versions of Windows — but many NHS trusts run Windows XP, according to Freedom of Information requests. Microsoft no longer supports Windows XP, and the extra security the NHS paid for as a getaround had expired.
The UK government was repeatedly warned about the risks of attack, but failed to heed the advice.
Europol’s Wainwright said organisations should learn from the banking sector, which had learnt the “painful” way to keep systems updated.
“They have learnt through painful experience of being the number one target for cybercrime of the value of having a proper strategy in place, and I think the health sector and others should follow the example to make sure they sit up and take notice of what is absolutely a huge strategic concern.”