The massive ransomware campaign across 99 countries is seen by cybersecurity experts as the one of the worst cyberattack ever. Ransomware is a type of malicious code that encrypts a user's data until they pay up.
The campaign has taken down scores of large-scale institutions, significantly the NHS and its network of hospitals, Spanish telecommunication giant Telefonica as well as hundreds of internet users. Kaspersky Lab's latest figures indicate over 45,000 attacks across 99 countries with Europe and Russia being hit the hardest. Malware Tech Blog's latest map indicates 104,118 attacks as of 13 May 6.30am GMT.
The ransomware, which originates from theft of NSA's "cyber weapons" by hacking Group Shadow Brokers, is being dubbed "WanaCrypt0r 2.0" or WannaCry. It stems from a bug that exploits a vulnerability in Windows for which Microsoft released a patch. Many computers that did not install the security update remain vulnerable.
IBTimes UK spoke to various cyber experts to understand who is to blame, why its broad scale is such a big concern and how entities need to be more aware of such attacks in future.
The group or groups behind the attacks are not yet known but Phillip Hallam-Baker, principal scientist, global cybersecurity firm Comodo, blames US intelligence agencies for failing to defend their systems in the first place.
"The US government clearly had its priorities wrong. These weapons should be properly secured. Imagine if someone had lost a nuclear weapon, heads would have rolled," says Baker.
While nuclear arsenal info may not have been stolen, the attacks managed to cripple thousands of systems and the worst affected was the NHS which was forced to divert patients as hundreds of staff were locked out of their systems. CFC Underwriting estimates the losses borne by the UK companies including the NHS could amount to nearly £100m.
"Patient diversion, system restoration, and a whole host of other costs will begin to add up. This strain is one of the fastest-spreading and most damaging that we've seen and if it continues at its current rate, this could end up costing UK businesses in excess of £100m," says Graeme Newman, Chief Innovation Officer at CFC.
Generally, ransomware attacks are well targeted, but attacks on this massive scale look to be scattered and random, according to researchers.
David Emm, principal security researcher at Kaspersky Lab, says: "The attackers asking for $300, suggests it is a random attack rather than a targeted attack; if a cyber criminal can impact so many systems at once, why not ask for lots of money? "
However, the technique shows sophistication and increased threat as the ransom message was translated in 28 different languages. Such advance exploit mechanism calls for even greater spends by firms on cyebersecurity by experts.
"Prevention needs to be at the forefront of any ransomware strategy," says Nick Pollard, Security Intelligence Director at Nuix. "Since the endpoint is ground-zero for ransomware attacks, the ability to detect and put a stop to malicious behaviour as early as possible in the kill chain is a priority," he adds.
What is worrisome is that there is no tool to decrypt the data held by the ransomware as of now, even as security experts continue to investigate the scale of the attacks. Meanwhile, security researchers are alerting Windows users to patch their systems as quickly as possible to stay safe from the ransomware attack.