While Europol is worried about people going back to work, security researchers are afraid of a brand new attack

May 14, 2017 19:45 GMT  ·  By

Europol is spreading bad news today as it has announced that a new wave of WannaCry ransomware infections, even worse than the first, is coming on Monday. 

The European law enforcement agency estimates that so far there are some 200,000 victims of WannaCry and the number keeps growing. Furthermore, the number of affected countries has grown from a little over 100 to over 150.

Robert Wainwright, executive director of Europol, told ITV that the number of infections is expected to go up on Monday morning, mostly because people will be back to work and firing up their computers.

Even Indonesia's government has issued a warning about this ahead of people starting the work week.

"We're in the face of an escalating threat, the numbers are going up. I'm worried about how numbers will continue to grow when people go to work and turn their machines on on Monday morning," said Wainwright.

The Europol chief admitted they've never seen anything like this. "We've seen the rise of ransomware becoming the principal cyber threat, but this is something we've never seen before - the global reach is unprecedented," he added.

Europol, the law enforcement and intelligence agency of the European Union, is working alongside the FBI to track down the attackers behind the WannaCry ransomware, but his is proving to be a very difficult job. Of course, when it comes to catching cyber criminals, it's never easy.

It's not just state officials and law enforcement that are issuing warnings about the coming week but also security researchers. The 22-year-old researcher that figured out WannCry had a kill switch, MalwareTech, has told the BBC that another attack is coming, quite likely on Monday.

Therefore, on Monday, we're quite likely to see an overlap of two situations. On the one hand, more computers will go online as people go back to work, and on the other, we're going to see a brand new attack unleashed on the world.

Experts issue warnings

"With the success of the initial infection of WannaCry, it wouldn’t be at all surprising to see the next iteration released soon. Although there has been a significant amount of interest in the media and inescapable coverage of the outbreak, many systems will still be lacking the MS17-010 patch required to mitigate the threat," Gavin Millard, EMEA Technical Director of Tenable Network Security.

"For users that are rightfully concerned about another WannaCry wave, updating their system to remove the vulnerability that it targets and blocking SMB traffic (Ports 139 and/or 445) to any system that can’t be updated is critically important. A quick check on Shodan, the search engine for devices connected to the internet, yielded 229,000 Windows systems with SMB exposed and remotely accessible. Not all of these will be vulnerable, but many could well be leverage to spread this aggressive ransomware further or be a point of entry into organizations," he added.

The complicated WannaCry ransomware

WannaCry takes advantage of a Windows vulnerability that was being exploited by the NSA. The problem was made evident after hacker group Shadow Brokers dumped some classified NSA files online detailing one of its programs.

Soon after, Microsoft released a patch to fix this vulnerability, but since most people don't really install those Windows updates that keep pestering us, the number of individuals exposed is high. Following the WannaCry attack, Microsoft also released a patch for Windows XP and 2003, even though they were no longer supported.