We have not seen the last of ransomware attacks and more of them will follow soon, warn cyber-security experts.
Thousands of computers in the UK continue to remain vulnerable to potent malware and ransomware attacks.
Last Friday, a new form of ransomware named WannaCry infected as many as 200,000 systems around the world. The NHS was among the worst-hit, with as many as 16 NHS organisations reportedly affected by it. Not only did the ransomware attack affect computers and equipment, but also telephone systems, making it difficult for patients and relatives to contact individual trusts. The malware included bitcoin virus pop-ups demanding $300 in three days to return patient data to the NHS.
While some NHS trusts have found ways around the ransomware, a lot of them are still unable to cope with it and may need to invest heavily in cyber-security to ward off future attacks. However, cyber-security experts warn that the NHS and other organisations may not have seen the last of potent ransomware attacks.
The main reason why WannaCry was so successful was that hundreds of thousands of computers around the world are still running outdated operating systems like Windows XP. "This problem is made worse by the presence of so many agency staff who inevitably will have less cyber security training. Stories of passwords taped to screens or computer mice are common: it’s not really laziness but rather the prioritising of operational efficiency at the expense of security," said a report from Business Reporter.
Researchers believe many new strains of the new malware are now coming up to take advantage of similar vulnerabilities in systems across the globe.
“We are in the second wave. As expected, the attackers have released new variants of the malware. We can surely expect more,” said Matthieu Suiche of cyber-security firm Comae Technologies. “At the moment, we are in the face of an escalating threat. The numbers are going up. I am worried about how the numbers will continue to grow when people go to work and turn their machines on Monday morning.”
“This vulnerability still exits; other people are bound to exploit it. The current variant will make its way into antivirus software. But what about any new variants that will come in the future?” said Robert Pritchard, a cyber-security expert to The Irish Times.
The British Government is reportedly spending £50 million to modernise NHS systems and improve cyber-security, but it remains to be seen if the government will be able to move fast enough to destroy malware as soon as they emerge.
"Something like this was always inevitable. While organisations are distracted by high profile dramatized threats, such as Russian election hacking, they are neglecting basic cyber hygiene measures which can prevent the mass effectiveness of mass ransomware attacks like this. Until basic cyber hygiene is taken seriously, these attacks will continue to happen at this scale with an impact disproportionate to the nature of the attack," Brian Lord OBE, former Deputy Director GCHQ Cyber and Intelligence.