The attack uses ransom-ware to extort money from victims. First, their computers are locked. Then they are given a ransom demand. If they don’t pay, the files will be deleted.
At The Wall Street Journal, Nick Kostov, Jenny Gross and Stu Woo report that progress is being made in fighting the attack, but that it’s not over yet.
The virus was slowed down over the weekend by the identification and activation of a “kill switch” embedded in the virus’ code, computer experts said. But few believe it was halted completely, and one security expert had identified late Sunday at least one new strain, unaffected by the kill switch, though it was spreading slowly.
While the U.S. appears relatively unscathed compared with Europe and Asia, the Federal Bureau of Investigation, the National Security Agency and the Department of Homeland Security all were on the case. Tom Bossert, President Donald Trump’s homeland security and counterterrorism adviser, held emergency meetings with cabinet members Friday night and Saturday morning at the White House, an administration official said Sunday.
Government agencies have started a global manhunt for the perpetrator—a complex international probe that requires the same sort of cooperation and intelligence sharing common in large terrorist attacks.
Security experts have been able to track a small amount of bitcoin transactions they said were likely ransom linked to the attack. It was impossible to say how many companies were paying, or whom they were paying. Unlike bank and other financial accounts, bitcoin accounts are theoretically untraceable to their owners.
The attack took advantage of security vulnerabilities in Microsoft Corp. MSFT -0.12%software that was either too old to be supported by security patches or hadn’t been patched by users. Microsoft on Sunday said that the software tool used in the attack came from code stolen from the National Security Agency. The NSA has declined to comment on the matter.
Read more here.