Since its discovery on Friday afternoon, the WannaCry ransomware attack has continued to spread this weekend, impacting over 10,000 organizations and 200,000 individuals in over 150 countries, according to European authorities. However, while measures have been taken to slow the spread of the malware, new variations have begun to surface.
This morning, Europol director Rob Wainwright told the BBC that the cyberattack is “unprecedented in its scale,” and noted that it will likely continue as people return to work on Monday. While Microsoft took the unusual step to issue a patch for Windows XP, the patch will only work if installed, and authorities have been warning businesses to ensure that their systems are updated.
The ransomware attack began on Friday afternoon, where it affected England’s National Health Service, prompted automaker Renault to idle factories in France, and many others. A 22-year-old cybersecurity expert known as MalwareTech slowed the attack by registering a domain name he discovered in the ransomware’s code. He told the BBC that another attack is likely coming soon, one that works around his fix.
Version 1 of WannaCrypt was stoppable but version 2.0 will likely remove the flaw. You're only safe if you patch ASAP.— MalwareTech (@MalwareTechBlog) May 14, 2017
Researchers have since discovered two new variations of the ransomware. One has been blocked with another domain name registration, but the other variant has no kill switch, but is only partially working.
The software exploits a security flaw in Windows XP, and once it infects a computer, it encrypts the files and spreads to other computers. Victims receive a demand for a payment of $300 in Bitcoin in order to regain access. However, despite the widespread nature of the attack, it’s believed that the perpetrators have only raised around $20,000 in payments.
Wainwright said that businesses should ensure that their systems are updated with the latest security patches to help prevent further infections and to slow the spread of the ransomware. He noted that Europol is working with the Federal Bureau of Investigation to try and discover the people behind the attack.