LONDON — Security experts warned that the global cyberattack that began on Friday might be magnified in the new workweek as users return to their offices and turn on their computers.
Many workers, particularly in Asia, had already logged off on Friday when the malicious software, stolen from the United States government, began proliferating across computer systems around the world. So the true impact of the attack may emerge on Monday as employees return and log in.
Moreover, copycat variants of the malicious software behind the attacks are likely to spread, since the malware is mostly open sourced and easily replicable.
Rob Wainwright, the executive director of Europol, said on Sunday that the attacks had hit 200,000 computers in more than 150 countries. He warned that the attacks were escalating, and could worsen.
Version 1 of WannaCrypt was stoppable but version 2.0 will likely remove the flaw. You’re only safe if you patch ASAP.
— MalwareTech (@MalwareTechBlog) May 14, 2017
“At the moment, we are in the face of an escalating threat,” he told the British network ITV on Sunday. “The numbers are going up. I am worried about how the numbers will continue to grow when people go to work and turn their machines on Monday morning.”
Among the organizations hit were FedEx in the United States, the Spanish telecom giant Telefónica, the French automaker Renault, universities in China, Germany’s federal railway system and Russia’s powerful Interior Ministry. The most disruptive attacks infected Britain’s public health system, where surgeries had to be rescheduled and some patients were turned away from emergency rooms.
Officials and experts warn that worse cyberattacks may be yet to come.
“We haven’t seen spikes of new attacks yet, but that’s a strong likelihood,” said Matthieu Suiche, founder of Comae Technologies, a cybersecurity company based in the United Arab Emirates. “We could see more attacks if people start to copycat this attack,” he added.
A 22-year-old British researcher who uses the Twitter name MalwareTech has been credited with accidentally helping to stanch the spread of the assault by identifying the web domain for the hackers’ “kill switch” — a way of disabling the malware.
On Sunday, MalwareTech was one of the many security experts warning that a less-vulnerable version of the malware is likely to be released. On Twitter, he urged users to immediately install a security patch for older versions of Microsoft’s Windows, including Windows XP. (The attack did not target Windows 10.)
Robert Pritchard, a former cybersecurity expert at Britain’s defense ministry, said that security specialists may not be able to keep pace with the hackers.
“This vulnerability still exits, other people are bound to exploit it,” he said. “The current variant will make its way into antivirus software. But what about any new variants that will come in the future?”
All it would take is for a new group of hackers to change the original malware code slightly to remove the “kill switch” and send it off into the world, using the same email-based methods to infiltrate computer systems that the original attackers used, experts said. The Microsoft patch will help, but it will take time to installs across large organizations.
Governments around the world are bracing themselves for the start of the workweek.
“This is crucial for businesses when reopening on Monday: Please beware and anticipate, and take preventive steps against the WannaCry malware attack,” Indonesia’s communication and information minister, Rudiantara, who like many Indonesians uses only one name, said at a news conference.
He advised those hit by the malware against paying the $300 to $600 in Bitcoin demanded as ransom to regain access to encrypted data, since there was no assurance that the extortionists would decrypt the files as promised.