Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Cyber attack: Fears of surge in ransomware infections as people return to work on Monday

'I am worried about how the numbers will continue to grow when people go to work and turn (on) their machines on Monday morning'

Ian Johnston
Sunday 14 May 2017 14:06 BST
Comments
Cyber attack hit 200,000 victims across 150 countries, says Europol chief

Fears are growing that Monday could see a surge in the number of computers taken over by the devastating WannaCry ransomware hack.

As people return to work and connect laptops to their office system, this could potentially spark a new wave of infections.

About 200,000 victims in 150 countries or more have so far been affected, although this number was reduced after a 22-year-old British security analyst accidentally triggered a hidden ‘kill switch’.

But the analyst, known as MalwareTech on Twitter, warned the hackers could easily reconfigure the software to get around this and urged people to instal a patch issued by Microsoft.

Some 48 out of 248 NHS trusts in the UK were affected although this was reduced to just six trusts within 24 hours of the start of the attack.

Marin Ivezic, a Hong Kong-based cybersecurity partner at financial giant PwC, told Reuters that some clients had been "working around the clock since the story broke" to restore their computer systems.

Some clients were abandoning their usual cautious testing of patches "to do unscheduled downtime and urgent patching, which is causing some inconvenience”, he added.

And Rob Wainwright, head of the European Union police agency, Europol, warned anyone who thought the problem was going away was mistaken.

"At the moment, we are in the face of an escalating threat. The numbers are going up, I am worried about how the numbers will continue to grow when people go to work and turn (on) their machines on Monday morning,” he said.

Christian Karam, a Singapore-based security researcher, underlined this point.

"Expect to hear a lot more about this tomorrow [Monday] morning when users are back in their offices and might fall for phishing emails" or other scams, he said.

One analyst suggested he had already seen WannaCry ransomware 'worms' without the kill switch in circulation, but he later backtracked saying this was not actually the case, adding "my bad".

However the hackers are widely expected to try again.

Darien Huss, a research engineer who assisted the anonymous 22-year-old British researcher who has been lauded a hero, said he was "still worried for what's to come in the next few days, because it really would not be so difficult for the actors behind this to re-release their code without a kill switch or with a better kill switch".

"Or we could potentially see copycats mimic the delivery or exploit method they used," he said.

There are concerns that patient safety may have been compromised by doctors and other medical staff being unable to access medical files.

Dr Mark Porter, who chairs the British Medical Association’s council, said: “This cyber-attack on NHS information systems is extremely worrying for patients and the doctors treating them.

“There have been reports of hospital doctors and GPs unable to access patients’ medical records, appointment booking systems and in some cases having to resort to pen and paper.

“NHS staff are working extremely hard to provide the best possible patient care, and we hope NHS Digital are able to resolve these problems as soon as possible.”

He also questioned whether the Government had spent enough on security systems to protect the NHS.

“We need to quickly establish what went wrong to prevent this happening again and questions must also asked about whether inadequate investment in NHS information systems has left it vulnerable to such an attack.”

The Associated Press contributed to this report

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in