The hackers behind the massive WannaCry ransomware attacks are now reportedly being hunted by law enforcement authorities across the globe. The attacks, which began over the weekend hit hundreds of thousands of organisations across 150 countries and had the infosec community scrambling to discover more about the attacks to mitigate the scope of the attacks and defend against further attacks.
Even as security researchers continue to discover new, destructive WannaCry variants, authorities across the globe have kick-started the hunt for the cybercriminals responsible for the attacks.
"We are deploying all covert and overt means available to us," Lynne Owens, Director General of the National Crime Agency (NCA), said in a statement.
"We're trawling through huge amounts of data associated with the attack and identifying patterns," ZDNet quoted Owens as saying. The NCA is collaborating with other international law enforcement authorities, including the FBI, Europol and Interpol to identify the attackers.
"Because of the quantity of data involved and the complexity of these kinds of enquiries we need to be clear that this is an investigation which will take time," said Owens."But I want to reassure the public that investigators are working round the clock to secure evidence and have begun to forensically analyse a number of infected computers."
"We are actively sharing information related to this event and stand ready to lend technical support and assistance as needed to our partners, both in the United States and internationally. DHS has a cadre of cybersecurity professionals that can provide expertise and support to critical infrastructure entities," the Department of Homeland Security said in a statement.
Threat of future attacks remains
Despite the spread of the attacks having been stopped, security experts have warned about a fresh wave of ransomware attacks. Several new strains of the WannaCry ransomware have been detected, with one already active in the wild. "An additional variant containing a new kill switch domain was found today," Proofpoint threat research manager Christopher Lezzoni told IBTimes UK.
Numerous businesses in China and Hong Kong were affected by fresh attacks as the week began, according to the South China Morning Post.
Kaspersky Lab told us in an emailed statement that as of 15 May, it had noted "500 new attempted WannaCry attacks". The firm added: "By comparison, on Friday 12th there were six times as many attempts during the first hour alone. This suggests the infection may be coming under control."
"We do not believe any of these variants were created by the original authors - most likely they were patched by others keen to exploit the attack for their own ends," Kaspersky added.
Security firm Cyphort also discovered a new WannaCry variant without a kill switch, which they said was currently "live in the wild" and infecting systems in at least four countries. Cyphort researcher Mounir Hahad told us: "This discovery clearly shows the threat actors have a pulse on the progress of their campaign and are able to quickly turn around enhancements to work around the security industry. It also shows they are confident of their steps: instead of backing off and hide after causing so much damage, they boost their campaign."