US and European officials scrambled to catch the culprits behind a massive ransomware worm that caused damage across the globe over the weekend, stopping car factories, hospitals, shops and schools, as Microsoft pinned blame on governments for not disclosing more software vulnerabilities.
The attack, which leveraged malicious software that security researchers widely believe was stolen from the US National Security Agency, is the latest example of why the stockpiling of vulnerabilities by governments is such a problem, Microsoft President and Chief Legal Officer Brad Smith said in a blog post.
“The governments of the world should treat this attack as a wake-up call,” Smith wrote. “We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”
Cyber security experts said the spread of the virus dubbed WannaCry - “ransomware,” which locked up more than 200,000 computers in more than 150 countries - had slowed but that the respite might only be brief amid fears it could cause new havoc on Monday when employees return to work.
New versions of the worm are expected, they said, and the extent - and economic cost - of the damage from Friday’s attack were unclear.
“It’s going to be big, but it’s too early to say how much it’s going to cost because we still don’t know the magnitude of the attacks,” said Mark Weatherford, a security executive whose previous jobs included a senior cyber post with the US Department of Homeland Security.
The investigations into the attack were in the early stages, and attribution for cyber-attacks is notoriously difficult.
Monday morning rush?
Monday was expected to be a busy day, especially in Asia which may not have seen the worst of the impact yet, as companies and organizations turned on their computers.
“Expect to hear a lot more about this tomorrow morning when users are back in their offices and might fall for phishing emails” or other as yet unconfirmed ways the worm may propagate, said Christian Karam, a Singapore-based security researcher.
A Jakarta hospital said on Sunday that the cyber-attack had infected 400 computers, disrupting the registration of patients and finding records. The hospital said it expected big queues on Monday when about 500 people were due to register.
In Singapore, a company that supplies digital signage, MediaOnline, was rushing to fix its systems after a technician’s error had led to 12 kiosks being infected in two of the island country’s malls. Director Dennis So said the systems were not connected to malls’ or tenants’ networks.