Europol warned Wednesday that there’s not yet a “kill switch” that’s able to stop the cyberattack that has slammed businesses around the world.
The ransomware virus spread quickly beginning on Tuesday, shutting down entire computer networks and demanding users pay a ransom to get their files back.
“This is another serious ransomware attack with global impact, although the number of victims is not yet known,” said Europol executive director Rob Wainwright. “It is a demonstration of how cybercrime evolves at scale.”
A kill switch is a feature that would automatically stop the spread of the ransomware. During the WannaCry outbreak, a researcher accidentally stopped the spread of the worm when he created a kill switch by registering a domain contained in the malware.
One researcher created a temporary vaccine to stop the spread of ransomware on Tuesday. Cybereason’s Amit Serper said creating a file that tricks the malware into thinking it’s already infected the computer would be a temporary solution. The company also updated its security technology to automatically detect and prevent the ransomware.
The Moscow-based cybersecurity firm Group IB estimated that about 100 companies and organizations have been hit by the virus. The victims are spread around the globe and across different industries, including banking, transportation, energy and even candy.
They include big global brands like snack maker Mondelez, British advertising giant WPP and the real estate division of French bank BNP Paribas. Ukrainian companies and government agencies seem to have been hit particularly hard by the virus.
On Wednesday, FedEx said operations at its TNT Express subsidiary were disrupted due to an information system virus and that the financial impact “could be material.”
The ransomware infects computers and locks down their hard drives. It demands a $300 ransom in the anonymous digital currency Bitcoin.
The email account associated with the ransomware has been blocked, so even if victims pay, they won’t get their files back.
Law enforcement and cybersecurity experts agree that victims should never pay ransoms for such attacks.
“Do not pay,” warned Europol on Wednesday. “You will not only be financing criminals, but it is unlikely that you will regain access to your files.”
Researchers said the ransomware virus is a worm that infects networks by moving from computer to computer.
It uses a hacking tool called EternalBlue, which takes advantage of a weakness in Microsoft Windows. Microsoft released a patch for the flaw in March, but not all companies have used it.
EternalBlue was in a batch of hacking tools leaked earlier this year that are believed to have belonged to the U.S. National Security Agency.
Europol offered advice on how to protect computers that have not yet been infected:
Keep all apps and operating systems up-to-date on your electronic devices
Back-up your files and data
Do not click on attachments or links that come in suspicious or unexpected emails
Selena Larson contributed to this report.