NEW YORK (CBSNewYork/AP) — Homeland Security Advisor Tom Bossert said less than $70,000 has been paid in a “ransomware” scheme that has infected more than 300,000 computers across the globe.
Global computer disruptions following last week’s global “ransomware” cyberattack as computers that were turned off over the weekend are being turned back on.
“The U.S. infection rate has been lower than in many parts of the world, but we may still see significant impacts in additional networks as these malware attacks morph and change,” Bossert said.
The initial attack, known as “WannaCry,” locked up more than 200,000 computers in more than 150 countries on Friday. The virus displayed messages demanding a payment of $300 to unlock files.
The attack appears to exploit a weakness, exposing a vulnerability to Microsoft’s operating systems, that was purportedly identified by the U.S. National Security Agency and leaked to the internet.
When Bossert was asked what the bottom line was for the average consumer, he said, “Patch your software. Provide automated patch support if you can – turn that automated on. Make sure your IT service providers or IT folks within your corporation are patching your software. This particular malware and the three reported variants that we’ve all seen since is all fixable with a patch that you can get from Microsoft.”
Factories, hospitals, shops and schools were affected last week. Europe and Asia took the brunt of the attack, but the U.S. was mostly spared.
A computer engineer in Michigan stopped the attack by finding a “kill switch” left by the ransomware creator. But cybersecurity experts warn more malicious variations could appear.
“The concern being that potentially a new variant of this ransomware could show up on Monday,” vice president of intelligence at Crowd Strike Adam Meyers said. “And it would take a lot more effort to try to stop that next wave of attack.
Chris Wysopal of the software security firm Veracode says criminal organizations are likely behind this, given how quickly the malware has spread. He says “for so many organizations in the same day to be hit, this is unprecedented.”
Homeland security officials held a meeting over the weekend to assess the threat.
Microsoft issued a security update on March 14 about vulnerabilities in the Windows system. But many companies and individuals haven’t installed the fixes yet, or are using older versions of Windows that Microsoft no longer supports and didn’t fix.
In a statement over the weekend, Microsoft President Brad Smith said “the governments of the world should treat this attack as a wake-up call.”
As for who is behind the attack, Bossert said, “We don’t know. That’s the attribution that we’re after right now. It’d be very satisfying for me, for all of our viewers I think if we find them and bring them to justice.”
(© Copyright 2017 CBS Broadcasting Inc. All Rights Reserved. The Associated Press contributed to this report.)