Ransomware Attack Raises Concerns Over Future Assaults

© 2017 New York Times News Service

Governments and organizations around the world grappled on Wednesday to contain a cyberattack that struck parts of Europe, the United States and Asia, the second time in two months that hackers have tried to shake down computer users, threatening to delete their data unless they paid up.

The worldwide cyberattack, which began and was most prevalent in Ukraine, has raised concerns that similar attempts will become more widespread as hackers mimic the same techniques in copycat digital assaults.

Experts said that the most recent attack was less severe than a similar hacking in May, when software called WannaCry introduced the term “ransomware” to much of the world. It forced the closure of hospitals in Britain, and it disrupted other vital infrastructure, mostly in Europe.

Yet as law enforcement, governments and companies from the United States to India assessed the damage of the new attack, many cautioned that people should be prepared for such events to become a regular danger as criminals worldwide looked to take advantage of vulnerabilities in organizations’ digital infrastructure.

“It’s pretty clear that this attack was inspired by WannaCry,” said Gavin O’Gorman, an intelligence analyst at Symantec, a cybersecurity company.

Like the WannaCry attack last month, computers struck by the virus displayed a message that their data had been encrypted and demanded a ransom — in this case, $300 — to decrypt it.

The reason the cyberattack was less widespread was not immediately clear, though experts expressed doubt that the world had learned its lesson and prepared properly. So far, it has generated more than $10,000 in ransom payments.

Brian Lord, former deputy director for intelligence and cyber operations at Britain’s Government Communications Headquarters, the country’s equivalent to the NSA, said the attackers had made it overly complicated for individuals to pay the potential ransom.

He said that, rather than aiming for financial rewards, the hackers were trying to create the largest amount of disruption — particularly in Ukraine where the digital attack began.

“They get a double whammy from the initial cyberattack, and then from organizations being forced to shut down their operations to avoid spreading the attack,” said Lord, now managing director for cyber and technology at PGI Cyber, an online security company. “That causes the most amount of disruption.”