WASHINGTON, D.C. — Homeland Security Advisor Tom Bossert addressed the massive ransomware attack known as “WannaCry” or “WannaCrypt” on Monday at the White House, urging businesses and individuals to use security patches to protect themselves from the unknown responsible party.
Bossert told reporters that they are monitoring the situation “around the clock at the highest levels of government.” He added that the U.S. is working side by side with private sector and international partners.
Bossert said that he had spoken with officials in Great Britain and that they “have a feeling of control over this ransomware event and that as their effective computers seem to have been tied to this fact that their healthcare system is so large a network.”
The attack has reached 150 countries and affected more than 300,000 machines as of Monday morning, according to Bossert. It has disrupted telecommunications, hospitals, and thirty-eight of the U.K.’s national healthcare service, according to the official, resulting in inaccessible computers and telephone service. However, he said there was “extremely minimal” effect on patient care, according to his communication with U.K. officials.
Secretary Kelly continued to lead public-private coordination operations and his team is issuing twice daily situation reports, holding multiple calls per day among experts in operation centers managing the response.
Bossert stated that the U.S. infection rate has been lower than in other parts of the world, but could see additional incidents as malware attacks morph. He added that as of yet no federal systems had been affected.
Less than $70,000 in ransom had been paid as of Monday morning and Bossert said they were not aware of any data recovery.
Three variants of the ransomware using similar techniques have been recorded thus far. Bossert directed businesses and individuals to follow DHS, FBI, and Microsoft mitigation advice to patch systems. Those that do so are fully protected from the current attack. He added not to use unlicensed software to apply these patches.
He said that they are working quite seriously on holding those responsible accountable for the attacks, but that “the worm is in the wild so to speak at this point and patching is the most important message as a result.”
“Business and government have responded with patches and upgrades,” according to Bossert, who urged all to apply the latest security patches.
Bossert went on to say:
This was a vulnerability employed as one part of a much larger tool that was put together by the culpable parties and not by the U.S. government. This was not a tool developed by the NSA to hold ransom data.
He said that the tool was developed by criminals in foreign nation states put together using phishing emails and embedded documents.
Later asked who executed that attacks, Bossert said, “We don’t know.” He added that they hope to bring those responsible to justice, but that “attribution can be difficult” and they are still working on that.
Asked about the difference in effect in the United States and the U.K. and Europe, Bossert said, “No comparative lack of control, but my conversation today led me to believe that they felt quite comfortable, and my counterparts felt quite comfortable with where they stood today.”
He said they are gaining more information and getting their handle on the parameters of the malware.
Follow Michelle Moons on Twitter @MichelleDiana