Microsoft Windows users, brace yourselves. People are worried a second wave of cyberattacks could strike around the world on Monday as employees return to their desks and log onto their computers.
Security experts say the unprecedented ransomware attack that on Friday locked up computers across the globe including UK hospital, FedEx, train systems in Germany among other institutions in exchange for payment, could cause even more trouble as the work week begins. On top of that, copycat versions of the malicious software have already started to spread.
“We are in the second wave,” Matthieu Suiche of the cybersecurity firm Comae Technologies told the New York Times on Sunday.
Officials urged companies and organizations to update their Microsoft operating systems immediately to ensure networks aren’t still vulnerable to more powerful variants of the malware known as WannaCry or WannaCrypt.
The outbreak, which began last Friday, is already believed to be the biggest online extortion scheme ever recorded.
WannaCry locks up computers, encrypts their data, and demands large Bitcoin payments, which begin at $300 and rise to $600 before the software destroys files hours later. Cyber criminals targeted users in 150 nations, including the U.S., Russia, Brazil, Spain, and India, along with major government agencies, such as the U.K.’s National Health Service and Germany’s national railway.
Two researchers in their 20’s had halted the ransomeware attack on Saturday after discovering and activating the software’s “kill switch.” The temporary fix initially helped slow down the rate of infected computers.
But some networks may have caught the malicious bug after workers went home, meaning the malware is already there, waiting for employees to power up their computers.
“The way these attacks work means that compromises of machines and networks that have already occurred may not yet have been detected, and that existing infections from the malware can spread within networks,” Britain’s National Cyber Security Center said in a statement on Sunday.
“This means that as a new working week begins it is likely, in the U.K. and elsewhere, that further cases of ransomware may come to light, possibly at a significant scale,” officials warned.
The cyber criminals, whose identities are still unknown, also rebounded from the kill switch activation by releasing a second variation of the malware.
Europol, the European Union’s policing agency, said the attack remains an “escalating threat” whose numbers “are still going up” after a brief slowdown on Friday. The agency estimates some 200,000 victims — including 100,000 public and private sector organizations — have been affected since the start of the cyberattack.
The 22-year-old British cyber researcher who found the kill switch said he was now looking into a possible second wave of attacks.
“It’s quite an easy change to make, to bypass the way we stopped it,” MalwareTech, who uses an alias, told the Associated Press.
The WannaCry malware exploits a vulnerability in Microsoft Windows that was reportedly developed and used by the U.S. National Security Agency. Experts said this vulnerability has been known for months, and Microsoft had fixed the problem in updates of recent versions of Windows. But many users did not apply the software patch, AP reported.
So, in case you needed another reminder, update your software often. And maybe change your passwords while you’re at it.