By Matt Hamblen
May 16, 2017
A variant of the WannaCry ransomware that emerged Monday has been able to infect some of the computers patched after the original malware struck last week, according to a top cyber official at the Department of Homeland Security (DHS).
"We're working on how to address that [variant] and sharing as we can," said the official who asked not to be named. The official did not say how many computers have been affected by the variant, other than to say "some." The original WannaCry attack hit more than 200,000 computers starting Friday in more than 150 countries, UK officials said over the weekend.
DHS worked with FBI and other law enforcement officials through the weekend to identify victims of the attack and to help them recover systems without paying a ransom, primarily by installing Windows patches.
"We're ideal from a U.S. perspective," the DHS official said at mid-day Monday. "In the U.S, we're in a decent place. We don't have many victims and the ones we do have are not experiencing significant operational impacts.... We're very much focused on getting people to patch if they haven't. "
DHS did not name any U.S. organizations affected by WannaCry or its variants, which go by similar names like WannaCryp and WannaCrypt. However, Fedex did acknowledge on Friday that some of its Windows-based systems were hit.
DHS is not focused on identifying the perpetrators, leaving that to the FBI, which wouldn't comment. The attackers used tools first built by the U.S. National Security Agency to counter terrorists, but the tools were stolen by a group called Shadow Brokers that could have ties to the Russian government or could be working separately as a criminal gang. Each computer hit by WannaCry was frozen with a warning to pay $300 in bitcoin to free up the data.
Analysts and cyber officials said the U.S. fared better than other countries because of an active campaign by DHS and others to warn U.S. organizations about ransomware over the last 18 months. That effort arose after ransomware hit several U.S. hospitals.
"We are probably better off than a lot of countries," the DHS official said. "We're so aggressively training about awareness..., which could have had some effect. We've published guidance like the need for basic backup systems. We were pretty aggressively pushing that Microsoft patch in March."
DHS said its guidance for how to avoid ransomware attacks remains the same. "It's fairly basic: Don't click on links and download from people you don't know; update systems and back them up," the official said. "Ransomware was not well understood, but as attacks have become more sophisticated, people have understood over the last year."