REDMOND, Wash. (AP) — A cybersecurity expert says the biggest cyberextortion attack in history is going to be dwarfed by the next big ransomware attack.
Ori Eisen, an expert in Arizona, says the cyberattack Friday that held hospitals, factories and government agencies hostage around the world appears to be “low-level” stuff, given the ransom demands.
But he says the same thing could be done to crucial infrastructure, like nuclear power plants, dams or railway systems.
Eisen says “this is child’s play, what happened. This is not the serious stuff yet. What if the same thing happened to 10 nuclear power plants, and they would shut down all the electricity to the grid? What if the same exact thing happened to a water dam or to a bridge?”
Eisen says the internet itself is diseased and these attacks will continue until some serious restructuring is done.
He says “today, it happened to 10,000 computers … there’s no barrier to do it tomorrow to 100 million computers.”
A young cybersecurity researcher has been credited with helping to halt the spread of the global ransomware cyberattack by accidentally activating a so-called “kill switch” in the malicious software.
The 22-year-old Britain-based researcher, identified online only as MalwareTech, found that the software’s spread could be stopped by registering a garbled domain name.
The paper quoted the researcher as saying: “This is not over. The attackers will realize how we stopped it, they’ll change the code and then they’ll start again.”
He urged Windows users to update their systems and reboot.
The worldwide cyberextortion attack has been called “unprecedented” by Europol, which is investigating who is behind it.
The worldwide cyberextortion attack has prompted Microsoft to take the unusual step of making security fixes available for older Windows system.
Before this, Microsoft had made fixes for older systems, such as 2001’s Windows XP, available only to mostly larger organizations that pay extra for extended support. But millions of individuals and smaller businesses still had such systems.
Microsoft says now it will make the fixes free for everyone.
Friday’s attack was based on a Windows vulnerability that was purportedly identified by the U.S. National Security Agency and was later leaked to the internet.
Microsoft released fixes for the vulnerability in March, but computers that didn’t run the update were subject to the ransom attack. Once inside an organization’s network, the malware behind the attack spread rapidly using this vulnerability.
© Copyright 2017 The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed.