Security experts struggle in search for WannaCry clues

"There are plenty of reasons people wait to patch and none of them are good", said Mador, a former long-time security researcher for Microsoft.

WannaCry is a ransomware virus that holds computers hostage until the user meets the demands.

Windows 10 users are unaffected by the attack, and numerous operating systems affected are no longer supported.

"We haven't fully dodged this bullet at all until we're patched against the vulnerability itself", Kalember said.

Universities and other educational institutions in China were among the hardest hit, possibly because schools tend to have old computers and be slow to update operating systems and security, said Fang Xingdong, founder of ChinaLabs, an internet strategy think tank.

Microsoft said it had released a Windows security update in March to tackle the problem involved in the latest attack, but many users were yet to run it.

Those hit by WannaCry also failed to heed warnings a year ago from Microsoft to disable a file sharing feature in Windows known as SMB, which a covert hacker group calling itself Shadow Brokers had claimed was used by NSA intelligence operatives to sneak into Windows PCs.

Intelligence and law enforcement officials said they feared WannaCry might foreshadow a wave of damaging attacks, as criminals and others race to make use of digital weapons that for years were available only to the most technologically sophisticated nation-states. Also, Russian computer users commonly use unlicensed (pirated) or outdated version of Windows OS, and thus are not privy to security updates.

On Monday, a Microsoft spokesman declined to comment beyond Smith's post.

On Sunday, the US software giant called on intelligence services to strike a better balance between their desire to keep software flaws secret - in order to conduct espionage and cyber warfare - and sharing those flaws with technology companies to better secure the internet.

Reuters also reports that half of all internet addresses corrupted globally by WannaCry are located in China and Russian Federation, with 30 and 20 percent respectively. Infection levels spiked again in both countries this week and remained high through Thursday, according to data supplied to Reuters by threat intelligence firm Kryptos Logic.

Calling the attacks "painful", Phillip Misner, Principal Security Group Manager Microsoft Security Response Center, said Microsoft was worked throughout the day to protect their customers.

The ransomware mixes copycat software loaded with amateur coding mistakes and recently leaked spy tools widely believed to have been stolen from the U.S. National Security Agency, creating a vastly potent class of crimeware. "That's liability to individuals, consumers and patients".

An unknown number of computers sit behind the 300,000 infected internet connections identified by Kryptos. WannaCry is by far most severe malware attack in history and could continue to spread to untold numbers. The company is crunching data to arrive at a firmer estimate it aims to release later Thursday.

After the Wannacry attack, the central bank reissued its recommendations to Russian banks, it said, adding it would start to publish on its website statements about cyber attacks it had caught as well as steps taken to reinforce IT security. A researcher from Google posted on Twitter that an early version of WannaCrypt from February shared some of the same programming code as malicious software used by the Lazarus Group, the alleged North Korean government hackers behind the destructive attack on Sony Corporation in 2014 and the theft of $81 million from a Bangladesh central bank account at the New York Fed past year. But in this case, according to Kaspersky Lab, the shared code was removed from the versions of WannaCrypt that are now circulating, which reduces the likelihood of such a "false flag" attempt at misdirection. This is largely because at the helm of the attack is the country's aging computing infrastructure and a sloppy approach to cybersecurity.

WannaCry landed nine weeks after Microsoft's patch arrived.

"People have extremely short memories when it comes to this", said Jan Dawson, an analyst with Jackdaw Research.

Latest News