A British researcher unexpectedly found and activated a “kill switch” to an “unprecedented” ransomware cyberattack that hit hundreds of thousands of computers around the globe including at hospitals, transportation systems, government offices and large companies like FedEx in the U.S.
But even with the spread of the malware temporarily halted, researchers warn that another attack could be imminent and that the next one could target the U.S.
“Currently the spreading of the ransomware is slowed down dramatically because a researcher found a logic bug in the malware, not because the companies around the world are having good security practice,” Matt Suiche, founder of Comae Technologies, a cybersecurity company in the United Arab Emirates, told ABC News on Saturday.
Suiche said the cyberattackers could soon release a new update to the malware, making it more robust and resuming the global infection.
“I’d even say this update probably already happened,” he added.
FedEx was among the many companies and government agencies worldwide hit by the sophisticated cyberattack that used leaked tools of the U.S. National Security Agency.
A FedEx spokesperson confirmed to ABC News that the international shipper is among the victims of the global cyberattack.
“Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware,” the spokesperson said in a statement. “We are implementing remediation steps as quickly as possible. We regret any inconvenience to our customers.”
Ryan Kalember, a senior vice president at the cybersecurity firm Proofpoint, told ABC News he is aware of other U.S.-based companies who were affected but have not spoken publicly. He said the virus spread rapidly, making it difficult to identify “patient zero” and attribute the cyberattack to a particular hacker group.
The unidentified people behind the attack targeted networks in North America, Europe and Asia, seizing control of computers in dozens of countries by infecting them with malicious software and restricting access until a ransom is paid. Cybersecurity firm Avast said it has detected more than 75,000 so-called ransomware attacks in 99 countries.
“According to our data, the ransomware is mainly being targeted to Russia, Ukraine and Taiwan, but the ransomware has successfully infected major institutions, like hospitals across England and Spanish telecommunications company, Telefonica,” Avast said in a statement.
A British cybersecurity researcher who cut short his vacation to look into the spreading ransomware attack on Friday happened in his work on it to come across a “kill switch” in the malware code that stopped its spread at least temporarily.
The researcher, who tweets and blogs under the name “Malware Tech,” recounted the experience in a blog post, “How to accidentally stop a…