The “ransomware” cyberattack that hit companies and governments around the world slowed in intensity on Monday, though experts warned that new versions of the computer virus could emerge.
Thousands more infections were reported Monday, largely in Asia, which had been closed for business when the malware first struck Friday. The cases were more contained, however, than the systemic outbreak that last week paralyzed computers running factories, banks, government agencies and transport systems around the world.
Many of the 200,000 victims in more than 150 countries were still struggling to recover from the first attack of the so-called “WannaCry” virus.
As cybersecurity firms worked around the clock to monitor the situation and install a software patch, new variants of the rapidly replicating malware were discovered Sunday. One did not include the so-called kill switch that allowed researchers to interrupt the malware’s spread Friday by diverting it to a dead end on the internet.
Local computer network experts said Monday it was one of the more vicious ransomeware attacks they have seen.
Simply opening the wrong email — never mind clicking a malicious link — will send the new ransomware virus scurrying through a user’s computer network, said Jack Gerbs, chief executive of Quanexus Inc.
“From what we’re hearing, inside track, users just have to open the email,” Gerbs said. “You don’t even have to click on a link for this one to spread.”
The attacks are called “ransomware” because they encrypt most of the files on a user’s computer. The malware then demands that a ransom be paid in order to have the files decrypted.
Once the virus is lodged in a computer network, its communication protocol will spread from one computer to other computers, the Quanexus CEO said. “Every machine is going to get infected once that one machine gets infected.”
Gerbs said early Monday he had not heard of the virus troubling local users, but he was still waiting to hear from clients.
“I’m not expecting our phones to ring, but I came in here not knowing,” he said.
Computer and network professionals have kept their eye on this particular virus strain or malware since at least March, he said.
The key, Gerbs emphasized, is to keep Microsoft software updated or “patched,” he said.
It’s not enough to be aware of emails from strangers, said CEO Shawn Waldman, of Secure Cyber Defense LLC. Don’t trust anything even from people you know that doesn’t look quite right, he said.
“Always be on the lookout for suspicious emails, from people you know and from people you don’t know,” Waldman said. “Don’t click on suspicious attachments. Listen to your gut. If it looks wrong or it looks too good to be true, it probably is.”
Waldman said his local customers have been able to avoid the problem thus far.
The “Wannacry” attacks were reported to have hit British hospitals especially hard. In a statement from a spokesman for Premier Health, the region’s largest hospital system said the attack has not affected Premier hospitals or computer systems.
“We were notified promptly of the incident on Friday and worked with our partners throughout Friday evening to ensure our networking environment is as safe as possible,” the Premier statement said. “Our partners continue to monitor our network around-the-clock for any suspicious activity.”
The initial ransomware spread is coming through spam, in which fake invoices, job offers and other “lures” are being sent out to random email addresses, Premier said. Within the fraudulent emails is a .zip file. Clicking on that file allows a computer to be infected, the company said.
Eric Geier, owner of On Spot Techs, said that he had only one concerned customer asking about the weekend attacks.
His advice: Buy good anti-virus software, like Norton or Bitdefender, and extra protection, like MalwareBytes. Use a full backup solution that saves prior versions of files, he said.
Make sure your Windows and other software applications are kept up-to-date. And beware of scammers cold-calling you warning of a virus or other computer issue.
“No legit company will call you first,” Geier said.
The Miami Valley Regional Planning Commission was hit with an ransomware attack in 2015, though the commission’s IT staff were able to deal with the problem then in less than an hour at that time. Laura Loges, a MVRPC spokeswoman, said the organization’s IT staff had readied some protections and the commission suffered no problems in this latest attack.
“We’re kind of being proactive in that regard,” Loges said.
Thank you for reading the Springfield News-Sun and for supporting local journalism. Subscribers: log in for access to your daily ePaper and premium newsletters.
Thank you for supporting in-depth local journalism with your subscription to the Springfield News-Sun. Get more news when you want it with email newsletters just for subscribers. Sign up here.