An unprecedented global “ransomware” attack that hit at least 100,000 organizations in 150 countries spread to thousands more computers Monday as people returned to work and logged in for the first time since the massive online assault began.
The attack that began Friday is believed to be the biggest online extortion attack ever recorded, spreading chaos by locking computers that run Britain’s hospital network, Germany’s national railway and scores of other companies, factories and government agencies worldwide.
A BBC analysis determined about $38,000 had already been paid to those behind the attacks, however, that figure could climb exponentially as users log on Monday and those already infected give in to rising demands.
Steven Wilson, Head of Europol’s European Cybercrime Centre, told Sky News that it was now important that IT departments checked their systems on Monday morning to ensure they had not been compromised.
He added: “It’s not a massively sophisticated attack. What is new is the use of a worm to propagate through systems.
“It is beyond anything we have seen before.”
Wilson spoke as hospitals in the United Kingdom were beginning to get back to normal, although some were still experiencing problems after the global attack which hit 48 National Health Service trusts in England and 13 Scottish health boards, according to Sky News.
President Donald Trump ordered his homeland security adviser, Tom Bossert, to hold an emergency meeting Friday night to assess the threat posed by the cyberattack, senior administration official told Reuters.
Senior security staff held another meeting in the White House Situation Room on Saturday, and the FBI and National Security Agency were trying to identify the perpetrators of the massive cyber attack, said the official, who spoke on condition on anonymity to the news agency to discuss internal deliberations.
Security experts warned that further cyberattacks are likely.
“The global reach is unprecedented and beyond what we have seen before,” Rob Wainwright, director of the Netherlands-based Europol said Sunday “The latest count is over 200,000 victims in at least 150 countries, and those victims, many of those will be businesses, including large corporations.”
“At the moment, we are in the face of an escalating threat. The numbers are going up,” he added. “I am worried about how the numbers will continue to grow when people go to work and turn on their machines on Monday morning.”
Jan Op Gen Oorth, spokesman for Europol, said the number of individuals who have fallen victim to the cyberextortion attack could be much higher.
Wainwright said the attack was indiscriminate, fast-spreading and unique, because the ransomware was being used in combination with a worm, which means the infection of one computer automatically could spread it through a whole network.
The Europol spokesman said it was too early to say who is behind the onslaught and what their motivation was. The main challenge for investigators was the fast-spreading capabilities of the malware, he said, adding that so far not many people have paid the ransoms that the virus demands.
The effects were felt across the globe, with Russia’s Interior Ministry and companies including Spain’s Telefonica, FedEx Corp. in the U.S. and French carmaker Renault all reporting disruptions.
Had it not been for a young cybersecurity researcher’s accidental discovery of a so-called “kill switch,” the malicious software likely would have spread much farther and faster. Security experts say this attack should wake up every corporate board room and legislative chamber around the globe.
Nonetheless, the experts say such widespread attacks are
tough to pull off.