The components of the global cyberattack that seized hundreds of thousands of computer systems last week may be more complex than originally believed, a Trump administration official said Sunday, and experts warned that the effects of the malicious software could linger for some time.
As a new workweek started Monday in Asia, there were concerns the malicious software could spread further and in different forms, with new types of ransomware afflicting computers around the globe.
President Trump has ordered his homeland security adviser, Thomas P. Bossert, who has a background in cyberissues, to coordinate the government’s response to the spread of the malware and help organize the search for who was responsible, an administration official said Sunday.
The attack is more complicated because “the experts tell us that this code was cobbled together from many places and sources,” according to an administration official who insisted on anonymity to discuss the government’s cybersecurity plans. The more potential sources of the malicious code, the harder it is for investigators to run down the trail of possible perpetrators.
The source of the attack is a delicate issue for the United States because the vulnerability on which the malicious software is based was published by a group called the Shadow Brokers, which last summer began publishing cybertools developed by the National Security Agency.
Government investigators, while not publicly acknowledging that the computer code was developed by American intelligence agencies as part of the country’s growing arsenal of cyberweapons, say they are still investigating how the code got out. There are many theories, but increasingly it looks as though the initial breach came from an insider, perhaps a government contractor.
Copycat variants of the malicious software behind the attacks have begun to proliferate, according to experts who were on guard for new attacks. “We are in the second wave,” said Matthieu Suiche of Comae Technologies, a cybersecurity company based in the United Arab Emirates. “As expected, the attackers have released new variants of the malware. We can surely expect more.”
The National Police Agency in Japan found two computers with the malicious software over the weekend, according to reports by NHK, the national broadcaster. One instance was found on a personal computer in a hospital and the other on a private citizen’s home computer. A hospital in Taiwan also reported that one of its computers was compromised, Taiwan’s Central News Agency said Sunday.
Asian governments and businesses reported some disruptions from the WannaCry ransomware worm on Monday but cybersecurity experts warned of a wider impact as more employees turned on their computers and checked e-mails.
The ransomware that has locked up more than 200,000 computers in more than 150 countries has been mainly spread by e-mail, hitting factories, hospitals, shops and schools worldwide.
“Most of the attacks are arriving via e-mail, so there are many ‘landmines’ waiting in people’s in-boxes,” said Michael Gazeley, managing director of Network Box, a Hong Kong-based cybersecurity company.
In China, the world’s second-largest economy, energy giant PetroChina said payment systems at some of its petrol stations were hit, although it had been able to restore most of the systems. Several Chinese government bodies, including police and traffic authorities, reported they had been impacted by the hack, according to posts on official microblogs.
The official China Daily newspaper, citing Chinese tech firm Qihoo 360, said that at least 200,000 computers had been affected in China, with schools and colleges particularly hard-hit.
The latest on the global extortion cyberattack that hit dozens of countries on Friday (all times local):
Chinese state media say more than 29,000 institutions across China have been infected by the global “ransomware” cyberattack.
Xinhua News Agency reports that by Saturday evening, 29,372 institutions had been infected along with hundreds of thousands of devices. It cited the Threat Intelligence Center of Qihoo 360, a Chinese internet security services company.
LOG IN, LOOK OUT: CYBER CHAOS MAY GROW AT WORKWEEK’S START
Employees booting up computers at work Monday could see red as they discover they’re victims of a global “ransomware” cyberattack that has created chaos in 150 countries and could wreak even greater havoc as more malicious variations appear.
As a loose global network of cybersecurity experts fought the ransomware hackers, officials and experts on Sunday urged organizations and companies to update older Microsoft operating systems immediately to ensure they aren’t vulnerable to a second, more powerful version of the software – or to future versions that can’t be stopped.
The initial attack, known as “WannaCry,” paralyzed computers that run Britain’s hospital network, Germany’s national railway and scores of other companies and government agencies worldwide in what was believed to be the biggest online extortion scheme ever recorded.