Play Live Radio
Next Up:
Available On Air Stations
Watch Live

KPBS Midday Edition

Log In, Look Out: Cyber Chaos Spreads With Workweek's Start

A screenshot of the warning screen from a purported ransomware attack, as captured by a computer user in Taiwan, is seen on laptop in Beijing, May 13, 2017.
Associated Press
A screenshot of the warning screen from a purported ransomware attack, as captured by a computer user in Taiwan, is seen on laptop in Beijing, May 13, 2017.
Log In, Look Out: Cyber Chaos Spreads With Workweek's Start
Log In, Look Out: Cyber Chaos Spreads With Workweek's Start GUEST: Darin Anderson, chairman, CyberTech San Diego

Organizations in Europe are bracing for an expected second wave of hacker attacks this morning after so-called ransomware attacks disrupted thousand the businesses on Friday, but the software attack seems concentrated on Asian today, perhaps because businesses closed earlier on Friday due to the time difference. The U.S. is not see much of this current hacking which is transmitted by email and it locks users out of their computers and threatens to destroy data if a ransom is not paid. Joining me is Cybertek in San Diego. This ransomware is called wannacry. To we know where it originated and who is responsible? This is been a tricky one in terms of what we call attribution, determining where the source of the hack came from. We are not sure. There are different investigations open, encoding Russia, China,, but this one might even have some connections to the U.S., Canada and Brazil. Vladimir Putin and Brad Smith of Microsoft both pointing to the NSA for the origination of this. The ransomware definitely has some aspects included in some of the so-called kits produced by the and is a clearly we can see in the attacks and some of those tools were used as part of the overall attack. How serious has this been quite What is serious about this is that it is global in nature. Ransomware is an insidious type of malware that locks up your computer by encrypting data contained on the computer but and then usually --. And then usually a hacker asks for a ransom, usually in the form of bitcoin. What is tricky is that it is very broad-based, about 250,000 computers worldwide that we know about across multiple countries. I suspect that the computer numbers will come in much higher. If indeed the national security agency developed this kind of malware, how did other -- anybody else get their hands on it quite Just a few weeks ago there was a big release of NSA hacking kicks -- kits by WikiLeaks and some people are suggesting that tools released in that WikiLeaks leak led to some of the tools being used. Companies, especially in Europe, were bracing for a second wave. Why do you think that has not happened? It is interesting. I think it could be because the adversaries are doing proof of concept. This is a common tactic. Just like in any business enterprise, a trial version. I think they may be trying to figure out if they can actually attack globally, what systems are affected. It is difficult. Asia was less impacted, but I believe that had to do with the fact that computers started up later in the attack. On the other hand, that could have been planned. Clearly, the perpetrators were pretty good at off the skating their footprints. We have some clues and I think we will find out where this came from, but right now it is up in the air. Why do you think the U.S. has not been affected so much? I think we are getting better at ransomware attacks. Really midsize and small businesses are the ones that find themselves most targeted. I should say most susceptible to the attacks. Large companies have gotten better at pushing out these attacks. The other thing is, you don't necessarily hear about who is been impacted because if someone is going to pay rent the, they may not actually let it be known that they did. Apparently a software patch against the malware was issued back in March by Microsoft. The question computer experts are asking is why has not that that's why hasn't that been installed by more users? It is always a question of what I call malware and security hygiene for companies just get behind in their release cycles and leave computers unpatched and vulnerable. Do you know of companies who have paid ransom? Yes. Some companies stash certainly some comfort -- some hospitals and universities in town had actually paid. But I would say that certainly Fortune 500 companies many midsize companies across America are actually unfortunately finding a cheaper to pay the ransom which by the way may sometimes be as little as 25,000 or $30,000. The attackers know that if the right price of where to bring in that request for span -- ransom is, and a lot of times it is easier to pay a cost then bear the burden of all the things you need to go to or lose your data. When you say organizations and how, do you mean San Diego. Yeah. I was referring to San Diego but we work on a national basis, we are definitely seeing a kind of attack across the country, across the world. Companies adeptly paying them. Besides making sure to update software, what other precautions can someone take to dash dash Mac You want to make sure your computers are patched and updated and that your employees are trained because in many cases what are starting these attacks is some type of fishing email. So keep your eyes open. Look for small differences in the email. If you're getting a requested says I must have something now, take the extra minute to check that out and call the person that the email pretends to be fun to make sure things are copacetic. I have been speaking with Cybertek in San Diego. Thanks a lot.

Global cyber chaos was spreading Monday as companies booted up computers at work following the weekend's worldwide "ransomware" cyberattack.

The extortion scheme created chaos in 150 countries and could wreak even greater havoc as more malicious variations appear. The initial attack, known as "WannaCry," paralyzed computers running Britain's hospital network, Germany's national railway and scores of other companies and government agencies around the world.

As a loose global network of cybersecurity experts fought the ransomware hackers, Chinese state media said 29,372 institutions there had been infected along with hundreds of thousands of devices.


The Japan Computer Emergency Response Team Coordination Center, a nonprofit providing support for computer attacks, said 2,000 computers at 600 locations in Japan were reported affected so far.

Government agencies said they were unaffected. Companies like Hitachi and Nissan Motor Co. reported problems they said had not seriously affected their business operations.

In China, universities and other educational institutions were among the hardest hit, about 15 percent of the internet protocol addresses attacked, according to the official Xinhua News Agency.

That may be because schools tend to have old computers and be slow about updates of operating systems and security, said Fang Xingdong, founder of ChinaLabs, an internet strategy think tank.

Railway stations, mail delivery, gas stations, hospitals, office buildings, shopping malls and government services also were affected, Xinhua said, citing the Threat Intelligence Center of Qihoo 360, a Chinese internet security services company.


Elsewhere in Asia, officials in Japan and South Korea said they believed security updates had helped ward off the worst of the impact.

The most public damage in South Korea was to cinema chain CJ CGV Co. It was restoring its advertising servers at dozens of theaters after the attack left the company unable to display trailers of upcoming movies.

The attack was disrupting computers that run factories, banks, government agencies and transport systems in scores of countries, including Russia, Ukraine, Brazil, Spain, India and Japan, among others. Russia's Interior Ministry and companies including Spain's Telefonica, FedEx Corp. in the U.S. and French carmaker Renault all reported troubles.

Experts were urging organizations and companies to immediately update older Microsoft operating systems, such as Windows XP, with a patch released by Microsoft Corp. to limit vulnerability to a more powerful version of the malware — or to future versions that can't be stopped.

Paying the ransom will not ensure any fix, said Eiichi Moriya, a cyber security expert and professor at Meiji University.

"You are dealing with a criminal," he said. "It's like after a robber enters your home. You can change the locks but what has happened cannot be undone. If someone kidnaps your child, you may pay your ransom but there is no guarantee your child will return."

New variants of the rapidly replicating worm were discovered Sunday and one did not include the so-called kill switch that allowed researchers to interrupt its spread Friday by diverting it to a dead end on the internet.

Ryan Kalember, senior vice president at Proofpoint Inc. which helped stop its spread, said the version without a kill switch could spread. It was benign because it contained a flaw that prevented it from taking over computers and demanding ransom to unlock files but other more malicious ones will likely pop up.

"We haven't fully dodged this bullet at all until we're patched against the vulnerability itself," Kalember said.

The attack held users hostage by freezing their computers, popping up a red screen with the words, "Oops, your files have been encrypted!" and demanding money through online bitcoin payment — $300 at first, rising to $600 before it destroys files hours later.

Just one person in an organization who clicked on an infected attachment or bad link, would lead to all computers in a network becoming infected, said Vikram Thakur, technical director of Symantec Security Response.

"That's what makes this more troubling than ransomware was a week ago," Thakur said.

The attack has hit more than 200,000 victims across the world since Friday and is seen as an "escalating threat," said Rob Wainwright, the head of Europol, Europe's policing agency.

"The numbers are still going up," Wainwright said.

Microsoft's top lawyer is laying some of the blame at the feet of the U.S. government. Brad Smith criticized U.S. intelligence agencies, including the CIA and National Security Agency, for "stockpiling" software code that can be used by hackers. Cybersecurity experts say the unknown hackers who launched this weekend's "ransomware" attacks used a vulnerability that was exposed in NSA documents leaked online.

It was too early to say who was behind the onslaught, which struck 100,000 organizations, and what their motivation was, aside from the obvious demand for money. So far, not many people have paid the ransom demanded by the malware, Europol spokesman Jan Op Gen Oorth told The Associated Press.

Researchers who helped prevent the spread of the malware and cybersecurity firms worked around the clock during the weekend to monitor the situation and install a software patch to block the worm from infecting more computers in corporations across the U.S., Europe and Asia.

"Right now, just about every IT department has been working all weekend rolling this out," said Dan Wire, spokesman at Fireeye Security.

Installing the Microsoft patch is one way to secure computers against the virus. The other is to disable a type of software that connects computers to printers and faxes, which the virus exploits, O'Leary added.

Microsoft distributed a patch two months ago that could have forestalled much of the attack, but in many organizations it was likely lost among the blizzard of updates and patches that large corporations and governments strain to manage.