Businesses around the world have been warned to brace themselves for an escalation in the unprecedented global cyber attack which struck the NHS, O2 owner Telefonica, Nissan and Renault over the weekend.
“At the moment, we are in the face of an escalating threat. The numbers are going up, I am worried about how the numbers will continue to grow when people go to work and turn on their machines on Monday morning,” Europol director Robin Wainwright said yesterday.
He added that many victims will be businesses “including large corporations”.
The UK’s National Cyber Security Centre said: “It is important to understand that the way these attacks work means that compromises of machines and networks that have already occurred may not yet have been detected, and that existing infections from the malware can spread within networks.
“This means that as a new working week begins it is likely, in the UK and elsewhere, that further cases of ransomware may come to light, possibly at a significant scale.”
More than 200,000 victims in 150 countries have been identified by the agency as being affected by the “Wannacry” ransomware, which locks key computer files until a ransom is paid in bitcoin. It afflicted dozens of NHS trusts on Friday, leading to severe disruption. FedEx, the Russian Interior Ministry, German train operator Deutsche Bahn and Portugal Telecom were also affected.
Just one computer needs to be affected for it to spread across an organisation’s network.
Windows XP is more vulnerable to malware than newer operating systems as it is no longer supported by Microsoft. However, the tech giant took the unprecedented step of issuing a patch to fix the vulnerability.
An independent researcher also managed to find a “kill switch” that slowed the spread of the ransomware, but Wainwright said criminals have now overcome the fix, issuing a second version of the ransomware. It is not clear whether a similar switch exists for the new version.
The perpetrators have yet to be identified and the National Crime Agency, which is also part of the investigation, has said that there is “no indication that UK policing or other government departments have been infected with the ransomware”.
According to research by AIG, published just before the attack emerged, financial services was cited as the most at risk of a systemic attack.