The threat from the cyber attack that crippled international services will continue to grow as people return to work on Monday, the head of Europol warned.
Speaking to ITV’s Peston on Sunday, Europol director Rob Wainwright said the attack was indiscriminate across the private and public sectors.
At the moment we are in the face of an escalating threat, the numbers are going up, I am worried about how the numbers will continue to grow when people go to work and turn their machines on Monday morning.
The latest count is over 200,000 victims in at least 150 countries. Many of those will be businesses including large corporations.
A virus and spyware warning message on a laptop screen at a home in London, following a major cyber attack on NHS computer systems. Organisations across the globe, including investigators from the National Crime Agency (NCA), are now working non-stop to hunt down those responsible for the ransomware.
Mr Wainwright’s warning came after a UK security expert, who was hailed an “accidental hero” for halting the spread of Friday’s virus, predicted that a further attack could come on Monday.
The virus, which took control of users’ files, has already infected 125,000 computer systems and spread to 100 countries, including Spain, France and Russia. In England, 48 NHS trusts fell victim, as did 13 NHS bodies in Scotland.
Some hospitals were forced to cancel procedures and appointments, as ambulances were directed to neighbouring hospitals free from the computer virus.
The scale of the damage was limited by a UK cyber security researcher.
The MalwareTech blogger, who wants to remain anonymous, was hailed as an accidental hero after registering a domain name to track the spread of the virus, which actually ended up halting it.
My real life friends don’t know about my blog/twitter/job, etc… So today is going to be interesting.
— MalwareTech (@MalwareTechBlog) May 14, 2017
He learned that on infecting a new computer, the virus contacted a web address and started to take files hostage only if it found the address unreachable. If it could connect, it terminated itself – which it began to do, after he registered a domain name hidden in the malware.
The anonymous 22-year old has now warned that a further attack is likely.
He told the BBC: It’s very important that people patch their systems now.
We have stopped this one, but there will be another one coming and it will not be stoppable by us.
There’s a lot of money in this. There’s no reason for them to stop. It’s not really much effort for them to change the code and then start over.
So there’s a good chance they are going to do it… maybe not this weekend, but quite likely on Monday morning.
In England, 48 NHS trusts fell victim, as did 13 NHS bodies in Scotland.
Operations and appointments were cancelled and ambulances diverted as hospital trusts became infected by a “ransomware” attack demanding payment to regain access to vital medical records.
Doctors warned that the infiltration the largest cyber attack in NHS history – could cost lives.
Home Secretary Amber Rudd said on Saturday that the problem was largely resolved but that there’s always more that could be done to protect against computer viruses.
About half a dozen NHS trusts are believed to still be experiencing IT difficulties related to the attack, including Barts NHS trust, the largest in the country.
@MalwareTech, who wants to remain anonymous, was hailed as an “accidental hero” after registering a domain name to track the spread of the virus, which actually ended up halting it.
On Sunday he warned hackers could upgrade the virus to remove the kill switch that helped to stop it.
Version 1 of WannaCrypt was stoppable but version 2.0 will likely remove the flaw. You’re only safe if you patch ASAP, he tweeted.
Fellow security researcher Darien Huss, from tech firm Proofpoint, warned that copycat attacks were now likely.
I highly suspect that, with the amount of coverage that this incident is getting, there are probably already people that are working to incorporate the exploit that was used for spreading, he said.
Investigators are working to track down those responsible for the ransomware used on Friday, known as Wanna Decryptor or WannaCry.
The virus exploits a vulnerability in Microsoft Windows software, first identified by the US National Security Agency.
A security update was released by Microsoft in March to protect against the virus.
However, it seems that many NHS trusts had not applied it or were using an older version of the operating system which is no longer supported – Windows XP. NHS Digital said that 4.7 per cent of devices within the NHS use Windows XP, with the figure continuing to decrease.
Microsoft has now sent out patches for WindowsXP in an attempt to limit the damage, while the NHS took steps over the weekend to sent out the recent security updates for trusts who had not put it in place.