KONFRONTASI-Businesses around the world scrambled on Saturday to prepare for a renewed cyber attack, convinced that a lull in a computer offensive that has stopped car factories, hospitals, schools and other organizations in around 100 countries was only temporary.
The pace of the attack by a destructive virus dubbed WannaCry slowed late on Friday, after the so-called "ransomware" locked up more than 100,000 computers, demanding owners pay to $300 to $600 get their data back.
"It's paused but it's going to happen again. We absolutely anticipate that this will come back," said Patrick McBride, an executive with cyber-security firm Claroty.
Symantec predicted infections so far would cost tens of millions of dollars, mostly from cleaning corporate networks. Ransoms paid so far amount to only tens of thousands of dollars, one analyst said, but he predicted they would rise.
Companies rushed to protect Windows systems with patches that Microsoft released last month and on Friday. WannaCry exploited a vulnerability to spread itself across networks, a rare and powerful feature that caused infections to surge on Friday.
Code for exploiting that bug, which is known as "Eternal Blue," was released on the internet in March by a hacking group known as the Shadow Brokers. The group claimed it was stolen from a repository of National Security Agency hacking tools. The agency has not responded to requests for comment.
The identity of the Shadow Brokers is not known, though many security researchers say they believe they are in Russia, which is a major source of ransomware and was one of the countries hit first and hardest by WannaCry.
Cyber security experts, who have been on watch for months for an "Eternal Blue"-based attack, said on Saturday that they expect the computer code to be used in types of cyber attacks beyond extortion campaigns, including efforts to seize control of networks and steal data.
Governments and private security firms on Saturday that they expect hackers to tweak the malicious code used in Friday's attack, restoring the ability to self-replicate. Those expectations prompted businesses to call in technicians to work over the weekend to make sure networks were protected with security updates needed to thwart Eternal Blue.
"It's all hands on deck," said Shane Shook, an independent security consultant whose customers include large corporations and governments.
Guillaume Poupard, head of France’s national cyber security agency, told Reuters he is concerned infections could surge again on Monday, when workers return to the office and turn on computers.
The U.S. government on Saturday issued a technical alert with advice on how to protect against the attacks, asking victims to report attacks to the Federal Bureau of Investigation or Department of Homeland Security.