A digital worm powered by stolen National Security Agency software caused $1 billion in damages when it infected hundreds of thousands of computers in less than a week, a Florida digital security company says. And new attacks may be in the offing.
Hackers unleashed the worm, dubbed WannaCry, on May 12. Some 200,000 to 300,000 computers were affected in at least 150 countries.
“The estimated damage caused by WannaCry in just the initial four days would exceed $1 billion, looking at the massive downtime caused for large organizations worldwide,” Stu Sjouwerman, chief executive at KnowBe4, a Clearwater, Florida, firm that helps firms avoid phishing efforts, wrote in a statement.
The damage estimates include loss of data, lost productivity, disruptions to business, forensic investigation, reputational harm and other factors, the company said.
The digital contagion encrypted the hard drives of computers. Hackers then demanded payment in the digital currency bitcoin to unfreeze the hard drives. The hackers provided three bitcoin wallets, or repositories, for payment of a minimum of $300.
“The release of attribution evidence is premature, inconclusive and distracting,” James Scott, a senior fellow at the Institute for Critical Infrastructure Technology, a Washington research center, said in a blog posting. Scott argued that Lazarus has never been proved to be a North Korean state entity and is more sophisticated than the WannaCry perpetrators.
A rogue faction of Lazarus could be involved, Scott said, although the malware “appears to have been developed with Chinese keyboard settings and used an automatic English translation for ransom demands.”