The malware includes an encryption package that automatically downloads itself to infected computers, locking up almost all of the machines' files and demanding payment of $300 to $600 for a key to unlock them. He added that the rate of infection has slowed over the weekend.
"Clearly having the vulnerability be in Microsoft software was one of the key elements", said Steve Grobman, chief technology officer of McAfee, a security company in Santa Clara, California.
Alan Woodward, visiting professor of computing at the University of Surrey, said there was evidence the ransomware was spreading using a Microsoft flaw exposed in a recent leak of information from USA intelligence agencies. "But there's clearly some culpability on the part of the U.S. intelligence services".
Security officials in Britain urged organizations to protect themselves by installing the security fixes, running antivirus software and backing up data elsewhere.
Businesses and networks across Asia are coping with the first wave of WannaCry during their workweek.
He said Russian Federation and India were hit particularly hard, largely because Microsoft's Windows XP - one of the operating systems most at risk - was still widely used there. If we identify more opportunities to take action, we will do so. Using a cloud-storage service doesn't mean your data will be completely secure, as these companies could also be hacked, but they have better security than individuals and should be able to respond more quickly to an attack.
Japanese broadcaster NTV reported 600 companies in that country had been hit, and automaker Nissan and the Hitachi conglomerate said they were addressing the problem at their units that were affected. In India too, there have been reports of some systems of Andhra Pradesh Police being affected. Doctors' practices and pharmacies reported similar problems.
Malware-tracking maps show WannaCry has remained active in Europe over the past 24 hours. The National Cyber Security Centre said it had detected 188 "high-level" attacks in just three months.
Chris Wysopal of the software security firm Veracode said criminal organizations were probably behind the attack, given how quickly the malware spread.
Europol said a special task force at its European Cybercrime Centre was "specially created to assist in such investigations and will play an important role in supporting the investigation".
The identity of whoever deployed the software remains unknown.
In a blog post on Sunday, Microsoft President Brad Smith appeared to tacitly acknowledge what researchers had already widely concluded: The ransomware attack leveraged a hacking tool, built by the US National Security Agency, that leaked online in April. He said the situation is now under control. Although Microsoft released fixes in March, the attackers counted on many organizations not getting around to applying those fixes. "And they're taking advantage of it". "The only options are to wipe the machines and move on or to pay the ransom". Updating software will take care of some vulnerability. The malicious software - called "ransomware" because it encrypts systems and threatens to destroy data if a ransom is not paid - is spreading among computers that have not been patched, experts said.
"In this case, when we registered it, it turned out to be a kill switch", Salim Neino, CEO of Kryptos Logic, which employs MalwareTech as a cybersecurity researcher, told ABC News.
Researchers discovered at least two variants of the rapidly replicating worm Sunday and one did not include the so-called kill switch that allowed them to interrupt its spread Friday by diverting it to a dead end on the internet. So, when the malware makes a request to that domain, if the domain is alive, it enables the kill switch and the spreading comes to halt. And now, after an anonymous British blogger finds a way to stop it, they are back with a newer version after updating their code.
He also suggested to update the systems as soon as possible in twitter.
Back up your computer and store the safety version in the cloud or on a drive that is not connected to your computer.
As you know, many of our customers were affected by this attack. And remember that any account can be compromised. This will make it much easier to spot potentially malicious files. It can infect other computers on the same wireless network.
- Cornyn says he won't be Federal Bureau of Investigation director
- U.S. should take some of blame for massive cyberattack, Chinese media says
- Ransomware cyberattack a wake-up call
- Lewis Hamilton WINS Spanish Grand Prix after epic battle with Sebastian Vettel
- Amazon Refreshes Fire Tablets, Keeps Low Price Tag
- Massive ransomware attack hits 74 countries
- Leonardo Jardim pense à un départ — AS Monaco
- Warriors throttle Spurs to take 2-0 lead
- The Penguins, NHL can't get story straight on Sidney Crosby
- Ligue 1: Monaco quasi au paradis, suspense en bas du classement