The threat from the WannaCryptor ransomware is not yet over, IT security experts were warning throughout this week.
The outbreak of the WannaCry version appeared to have died down as of Friday 19th May, after a UK based researcher accidentally discovered a ‘killswitch’ coded in the malware allowing to be flushed down a DNS ‘sinkhole’.
But other versions of WannaCryptor are still at large, and if linked to a worm as in the latest attack, and with bugs fixed, could prove even more devastating.
“Just so you know, WannaCry is just a beginning,” Rodney Joffe, Senior Vice-President and Fellow at global information services provider Neustar told delegates by video-link at a Neustar security summit in London on Thursday.
“It’s created a great deal of turmoil and the possibility of a great deal of damage that could still be done,” he said.
Another variant could be launched without a kill switch and with a better connection to a bitcoin wallet in a future attack. It’s reported that none of the approximately $35,000 in bitcoin deposited in a wallet in response to WannaCry attack had been collected this week, possibly because the link between the wallet and the extortionists failed.
“It is quite likely that the coders will fix the bugs and start the game over from scratch,” the tech magazine SC Media commented on Wednesday. “That certainly will mean that hashes we have now are no good going forward and we have no idea about the other indicators, though we can imagine that they will change as well.”
30,000 companies, plus many other organisations, in 100 countries were reported to be affected in the three days WannaCry was active, according to the UK’s Institute of Risk Management.
Major retailers have not been widely reported among those affected, so far. Fedex, the German rail network Bahn, and the Spanish phone network Telefonica (parent company to the UK’s O2) were among the highly publicized victims.
An online system for Japanese retailers to place orders for Hitachi’s household appliances was also affected, disrupting deliveries of refrigerators and washing machines. The company has installed new software to fix the problems but said it was still investigating the reason why its systems were targeted.
IT security expert Nazia Khaleeq, director of Globenet Security Ltd, commented that if Hitachi’s deliveries had been seriously affected in Europe this would have been reported.
The UK’s National Health Service was among the worst affected organisations. The NHS’s dependence on old versions of Windows for which security patches were no longer available from Microsoft left it especially vulnerable.
Patrick Keady, chair of the Institute of Risk Management’s Health and Care Sector Interest Group commented:
“The NHS is unusual because it has so few people with the skills to fundamentally understand risk across the enterprise. While the NHS in England employs 1,300,000 workers, it has just 27 partially/fully trained and experienced enterprise risk managers.”
Experts have suggested that the WannaCry attack was launched without intensive preparation and the perpetrators may even have left the Killswitch in the malware to limit possible damage.
“They weren’t expecting to become millionaires with this,” Joffe said.
But now that criminals have seen the impact the malware has had, future attacks could be better planned and more ruthless, experts said.