The global ransomware attack known as WannaCry has so far claimed 12 victims in Australia, the government said this morning.
The number of local victims is steadily rising. On Monday night the government said the ransomware -- also known as Wana Decryptor, WannaCrypt and Wana -- had affected eight Australian businesses, an increase from the 'at least three' figure the government had claimed that morning.
Further victims were expected, the Prime Minister's cybersecurity adviser Alastair MacGibbon told ABC radio last night.
"We will see more victims here and that's very sad always," MacGibbon said.
"It's always bad for any businesses to be a victim of crime, but as a whole of nation we can be confident so far that we have missed the worst of this," he added.
The government is targetting small businesses in it's mitigation messaging which it believes are most at risk from the ransomware.
“Small business owners should be pro-active about their cyber security in the wake of this ransomware campaign affecting computers around the world,” Minister Assisting the Prime Minister for Cyber Security Dan Tehan said in an after hours statement.
The ransomware attack first spread through a massive email phishing campaign with first reports of infected systems appearing on Friday last week. At least some of those emails appeared to be messages from a bank about a money transfer. Victims who opened the attachment in the email were served with the ransomware, which takes over the computer.
WannaCry exploits a Windows vulnerability patched in March by Microsoft. Microsoft over the weekend also released patches targeting out-of-support versions of Windows including Windows XP, Windows Server 2003 and Windows 8.
The exploit was among those employed by tools believed to have been used by the US National Security Agency released in a Shadow Brokers dump last month. The exploit codenamed EternalBlue exploited an SMB vulnerability.
Among the largest organisations to have been hit so far are the UK’s National Health Service and Spanish telco Telefónica.
In England, some hospitals were forced to cancel procedures and appointments, as ambulances were directed to neighbouring hospitals that had avoided the attack, according to BBC reports.
"We've seen no impact in the health system which is important, we've had no reports of any government agencies impacted by this," MacGibbon confirmed last night.
Tehan said that Australia’s critical infrastructure had also avoided infection.
Get in touch
The Australian Cyber Security Centre (ACSC) has been issuing advice on WannaCry since Saturday, and yesterday said the spread had slowed "temporarily".
"While the spread of the Ransomware appears to have temporarily slowed, it is still critical that businesses and individuals patch the operating systems on their computers," the centre said in a statement on its website yesterday.
Business that were infected were urged to call the ACSC 1300 CYBER1 for assistance or visit www.ascs.gov.au
“While Microsoft’s release of back-ported patches is a commendable proactive action, the ACSC considers organisations running Windows XP, Server 2003 and other unsupported operating systems to be exposed to extreme risk,” the organisation said in a statement.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.