Ransomware Attacks Begin To Stabilize After Compromising Networks Worldwide
ARI SHAPIRO, HOST:
The massive cyber-attack known as WannaCry keeps spreading. It has now hit more than 300,000 computers in 150 countries. Those are the latest numbers from the White House. The ransomware locks down computers, and then hackers demand payment from victims to restore their files. And we're learning that while the numbers are growing, the actual threat from this attack may be receding.
To help sort this out, we're joined by NPR's Aarti Shahani. Hi, Aarti.
AARTI SHAHANI, BYLINE: Hi.
SHAPIRO: This attack blew away cyber security experts because of how quickly it spread. Is it still infecting at the rate that we saw on Friday?
SHAHANI: No, it's not. According to government officials and security experts, the onslaught is letting up. These ransomware attacks, the so-called WannaCry attack, is stabilizing worldwide. A DHS official says the list of victims here in the U.S. is very small. Outside the U.S., experts who are working directly with victims say that the attack has been especially viral, hard to contain in two countries, China and Russia. And that is for a very interesting reason. It's because computers in those countries are using a lot of pirated versions of Windows, not legit versions from Microsoft. And since the way you prevent this attack is by updating, patching your Windows operating system, well, you know, that's hard to do when you've got a stolen copy.
SHAPIRO: Yeah. What about the extent of the damage? How much of a problem did this become for companies and organizations that were affected by the attack?
SHAHANI: You know, that's a key question, and here's what I've been able to gather about the actual damage, OK? I talked with a spokesperson at Renault, the French automaker, and they say that only a handful of their computers in France, Romania and Slovenia were actually hit and that no significant data was lost, and they did not pay any ransom.
Now, that said, Renault did decide to do a wide-scale shutdown, and that's because they needed time to go through their systems and make sure that every single computer was patched. That's something they hadn't done before. So they're manufacturing plants that usually work over the weekend came to a standstill. One is still closed until tomorrow morning. And so in that way, they lost money through operating costs.
SHAPIRO: Do we know of companies that lost money by paying ransoms?
SHAHANI: Well, according to a firm called Chainalysis - that's a company that works against money laundering and tracks online payments - there were about 210 payments made to three addresses that were hardcoded into the malware. The payments were made in bitcoin. That's a digital currency that many hackers like to use, and the payments amounted to 32.5 bitcoin which at the time of payment translates to about $56,000. That is not much money, OK? The Chainalysis researcher says he's seen more money made just by sending empty threats to financial institutions. And it could be it's not that much money because word on the street is that for those people who bothered to pay the hackers, the hackers didn't make do on their promise and didn't give files back.
SHAPIRO: Oh, wow. Well, any more information about who these hackers might be?
SHAHANI: Well, Homeland Security says that they don't know who the hackers are. And according to an expert at the company FireEye - that's a security firm with a huge global clientele - the hackers are not the creme de la creme, not the most sophisticated. And the reason he says that is because the malicious code they used had some significant weaknesses, so it was relatively easy to sabotage from the outside. But still, you know, that's an educated guess, and we don't have specific names for right now.
SHAPIRO: That's NPR's Aarti Shahani on the latest on this malware attack around the world. Thank you, Aarti.
SHAHANI: Thank you. Transcript provided by NPR, Copyright NPR.