British security researcher “MalwareTech” helped take down an epidemic of ransom-seeking malware that crippled more than 125,000 computers worldwide last week, but experts say additional attacks are sure to come.
“Another one is coming,” wrote MalwareTech, “quite likely on Monday.”
Last week’s ransomware virus encrypted user files on computer systems in 100 countries, including the UK, Spain, France, and Russia.
The UK’s National Health Service was particularly hard-hit. Spokesmen say 48 hospitals in England were victimized by the malware, plus 13 more in Scotland. UK hospitals canceled procedures in the wake of the virus, routing ambulances to other hospitals that had not been digitally compromised.
The malware worked by encrypting a user’s hard drive and demanding a Bitcoin payment equivalent to $300 for a password that would return the computer to the user’s control. British analysts say the hackers have received more than
After taking computers over, the virus displayed messages demanding a payment of $300 (£230) in virtual currency Bitcoin to unlock files and return them to the user.
BBC analysis of three accounts linked with the global attack suggests the hackers have already been paid the equivalent of $28,500.
MalwareTech “accidentally” halted the spread of the virus by registering a domain name that he hoped would help him track the malware’s spread. The 22-year-old security expert said: “It's very important that people patch their [Windows] systems now. We have stopped this one, but there will be another one coming and it will not be stoppable by us. There's a lot of money in this. There's no reason for them to stop. It's not really much effort for them to change the code and then start over. So there's a good chance they are going to do it...maybe not this weekend, but quite likely on Monday morning."
A Microsoft patch released in March protects against the Malware. The security update is generally applied automatically among home users, but large organizations often delay rolling out updates until they have tested the new code for compatibility with vital custom software systems in internal use. That is one reason corporations and organizations like the NHS were particularly hard-hit by the ransomware epidemic.