Home / / WannaCry ransomware: worst yet to come, experts say

WannaCry ransomware: worst yet to come, experts say

Hackers likely to release a WannaCry version 2 as early as today

WannaCry ransomware: worst yet to come, experts say
Hackers are demanding payments of $300 to $600 to restore access to encrypted data.

The WannaCry ransomware is expected to continue spreading today as much of the world returns to work after the weekend.

Already Reuters reports from Asia indicate widespread attacks as the region opens for business.

Further, there are fears that the original hackers, or copy cats, will release a second version of the ransomware as early as today. The second will most likely be altered version that will be even harder to contain, experts contend.  

Rick Holland, vice president, strategy for Digital Shadows observes that keeping up-to-date with ransomware is not easy, as there are many variants. “Many do get shut down and their encryption cracked, only for another version to spring up – therefore it’s a constant game of constant cat and mouse.”

WannaCry ransomware was released on Friday, causing havoc all over the world, from disrupting public healthcare in the UK to affecting information displays at German train stations.

The Middle East seemed to have escaped the brunt of the initial attack, most likely because it struck during the weekend in much of the Arab World. The region may not be so lucky second time out, unless organisations take urgent measures to patch vulnerable Windows systems.

WannaCry exploited vulnerabilities on Windows, using hacking tools apparently stolen from America’s NSA.  

The tools that were dumped by a group known as Shadow Brokers use private/undiscovered vulnerabilities that allowed NSA to exploit and break-in to any organisation worldwide. However, Bilal Baig, technical lead Middle East, Mediterranean, Africa, Russia & CIS at Trend Micro says it’s likely ShadowBrowkers still have tools that were not released to the public. “These tools still have the ability to break-into systems without being discovered, which is scary,” Baig warns.  

Microsoft had released a patch in March to protect users against the ransomware, but many users were yet to run it. It released a new patch on Friday as the malware spread globally.

Jimmy Graham, ‎director of product management, AssetView at security firm Qualys says because this exploit took only 28 days to go from the from the initial zero day leak to a fully functional global assault, companies that rely on monthly scan cycles may not have even detected, let alone patched, the MS17-010 vulnerability.

The ransomware is a worm, allowing it to propagate itself through the network, hence its ability to spread far and wide.

The attack began on Friday, when cybercriminals tricked victims into opening malicious malware attachments to spam emails that appeared to contain legitimate invoices, job offers, security warnings etc., or what is known as social engineering.

The ransomware encrypted data on victim computers, demanding payments of $300 to $600 to restore access. A number of victims are known to have paid via the digital currency bitcoin.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.