As a second wave of the WannaCry Ransomware attack is infecting more systems in more countries, the White House has ordered emergency meetings to deal with a threat that is, in part, the NSA’s fault. Experts believe that we may not even know the extent of how hard the attack hit Asia, and we won’t know until Monday.
WannaCry is believed to have originated from a set of hacking tools that were leaked online by a group of hackers known as the Shadow Brokers. One tool was a vulnerability in Windows that the NSA had kept secret from Microsoft in order to give themselves a back door when they needed it. When the leaks occurred, Microsoft patched the vulnerability, but the events that kicked off on Friday demonstrated that many, many systems weren’t up to date. At this point, 200,000 victims in 150 different countries are known to have been affected. The attackers have locked up users’ data and are demanding between $300 and $600 for the encryption key.
The NSA is now partially responsible for the global havoc that has caused hospitals to turn away patients, manufacturing to shut down, ATMs to go dark, and long shifts for cybersecurity professionals. According to reports from multiple outlets, some of those cybersecurity professionals work for the U.S. Cyber Response Group that has been huddled with Homeland Security Adviser Tom Bossert all weekend.
The relatively new group now has the unenviable task of cleaning up the NSA’s mess, and protecting systems in the U.S. from further attacks. So far, America has been pretty lucky, and infections here have been minimal. According to Politico:
The ransomware campaign — which has gone through at least two phases as researchers worked to halt its advance — mostly affected Europe and Asia. But at least two public universities in the United States have reported infections, according to a spokeswoman for a cyber-information-sharing organization dedicated to state and local governments.
A DHS official told POLITICO late Friday that the malware had not yet infected U.S. government agencies and critical infrastructure organizations, such as hospitals and power plants.
But many experts are afraid the beginning of the new work week will bring more attacks and reveal ones that already existed that went unnoticed. Many workers in Asia had already finished their business for the day on Friday. It’s possible that people could be heading into the office to find a nasty surprise. And despite the best efforts of a young security researcher in the U.K. who goes by MalwareTech, the temporarily halted ransomware has simply been altered and is being spread by copycats. “We are in the second wave,” Matthieu Suiche of Comae Technologies, tells the New York Times. “As expected, the attackers have released new variants of the malware. We can surely expect more.”