World Struggles to Cope in Ransomware Aftermath


Users find affected computers are encrypted, still impossible to use.

Businesses around the world are still recovering from the effects of last week's Wanna Cry ransomware epidemic.

The malware, which targeted Windows computers, affected systems that hadn't applied critical security patches distributed by Microsoft in March.

The ransomware struck users in 150 countries, experts say, encrypting hard drives and denying users access to their computers until they paid $300 in Bitcoin funds for the decryption key.

Especially hard-hit were large businesses and other organizations that had delayed applying security patches. Corporate IT departments sometimes postpone applying even critical patches until the new code has been tested to ensure compatibility with internally written software. That's why the effects of Wanna Cry were felt primarily by businesses and governments.

In the UK, the ransomware crippled hospitals, clinics, and doctors' offices. Many healthcare locations found themselves unable to schedule appointments or access patient records.

A security researcher found a way to halt the spread of the malware, but the solution did nothing to help users and businesses gain access to locked-up systems.

Experts say the ransomware was particularly effective in targeting factories, banks, government agencies, transport systems, and other large organizations. Russia's interior ministry and America's FedEx Corp. reported particular damage.

Renault closed one of its French auto plants on Monday so security experts could deal with the effects of the attack.

The nonprofit Japan Computer Emergency Response Team Coordination Center said about 2,000 computers were affected in Japan at 600 sites. Minor infections were reported at Japanese companies, including Hitachi and Nissan Motor Co.

Chinese government sources said more than 29,000 Chinese institutions had been infected.

Experts say the only way to prevent infection by future variants of the malware is to apply Windows patches promptly.

New versions of the malware have begun appearing. One, experts say, did not included the "kill switch" that allowed researchers to halt the spread of the original. That variant had a software bug that prevented it from locking down users' computers completely, said Proofpoint senior VP Ryan Kalember, but that doesn't mean unpatched computers are safe. "We haven't fully dodged this bullet at all until we're patched against the vulnerability itself," he said.