Last week's WannaCry ransomware epidemic has been halted, but hundreds of thousands of computers are still disabled as users and businesses struggle to regain control of their systems and resume normal life. Worse yet, copycat malware has begun to appear.
WannaCry was a type of malware called ransomware. The infection targeted Windows computers, affecting systems that had delayed the installation of critical security patches that Microsoft began distributing in March.
The ransomware struck users in 150 countries, experts say, encrypting the contents of users' hard drives and denying access to infected computers until victims paid $300 in Bitcoin funds for the encryption key.
Large businesses and other organizations were especially hard-hit. Large networks of PCs under corporate control sometimes do not receive timely installation of security patches. Corporate IT departments postpone applying even critical patches until the new code has been proved to be compatible with mission-critical internally written software. That's why the effects of WannaCry were felt primarily by businesses and governments.
In the UK, the ransomware crippled the National Health Service's hospitals, clinics, and doctors' offices. Many locations could not schedule appointments or access patient records.
A security researcher discovered a method of halting the spread of the ransomware, but his "cure" did nothing to assist users and businesses who had lost access to locked-up systems.
Security experts say the ransomware hit factories, banks, government agencies, transport systems, and other large organizations as if it had been targeting them directly. The only way to prevent infection by future variants of the malware is to apply Windows patches promptly, experts say.
New variants of the WannyCry malware have begun appearing, all apparently derived from the same foundation source code, which experts believe to be leaked from the U.S. National Security Agency.
One of the variants released to date does not include the "kill switch" code that allowed researchers to halt the spread of the original WannaCry malware. Ryan Kalember, senior vice-president at cyber-security vendor Proofpoint, said it was lucky that the no-kill-switch variant had a software bug that prevented it from locking down users' computers. He said that unpatched computers are inherently unsafe. "We haven't fully dodged this bullet at all until we're patched against the vulnerability itself," he said.