Click to Skip Ad
Closing in...

New variants of the NSA-derived cyberattack already spotted

Updated Nov 22nd, 2019 4:32AM EST
BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

The world is facing the most dangerous cyberattack it ever had to deal with so far, and it’s an attack that it can’t be stopped entirely for the time being. Created by the NSA and set up to take advantage of a Windows security issue, the WannaCry ransomware crippled businesses and state-run organizations around the world as the malware spread from computer to computer. A British security researcher was able to put a temporary stop to it, heavily decreasing its virality, but the WannaCry threat isn’t gone and will affect more Windows users on Monday as they return to work.

The critical aspect of WannaCry is that it can spread through organizations that share files — which is what businesses and governments do — without the user’s knowledge. That’s why no computer is safe, as long as it’s not running the latest updates.

Microsoft released a critical update in March, following revelations that a server belonging to the NSA was robbed, with hackers stealing critical exploits the agency used for its own hacking purposes.

However, not all Windows users out there updated their systems, especially organizations who rely on older systems. That is why WannaCry worked the way it did. The attack took the world by surprise, with targets scrambling to fix it. Microsoft even went ahead and issued security patches for older Windows versions it no longer supports, including Windows XP — here’s how to get it.

The company also blasted governments for their practice of stockpiling vulnerabilities like the one that made WannaCry possible, rather than disclosing them with software makers so they can’t be used by hackers.

Image source: Health Service Journal

“[This] attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem,” Microsoft said in a blog post.

“This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage.”

According to Bloomberg, the hackers made around $50,000 from the attack. WannaCry encrypts the data on a computer, and the user has to pay $300 in Bitcoin to receive the decryption key. Bitcoin payments are all traceable online, and that’s how researchers figured out how much money hackers made to date — however, there’s no way to identify the hackers using their Bitcoin addresses.

Meanwhile, The Washington Post reports that more computer systems have been hit in Europe and Asia on Monday.

The malware hit more than 200,000 targets in 150 countries since Friday and might worsen if computer systems aren’t updated to the latest Windows versions. The Post says that a new variant of the malware have been spotted on Sunday and they don’t include the kill switch that allowed the British researcher to divert the malware to a website. That variant does not encrypt computers because it has a flaw, but that doesn’t mean hackers will not keep releasing others.

The initial WannaCry code included a way to stop the spread of the malware. The program would check whether an obscure website was online before propagating to other computers in the same network. The domain was not registered, so the virus simply moved on to new targets until a researcher bought it for $11.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2007. When he’s not writing about the most recent tech news for BGR, he closely follows the events in Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming new movies and TV shows, or training to run his next marathon.