Norway’s national security agency (Nasjonal Sikkerhetsmyndighet, NSM) was warning all Norwegian companies and Norwegians themselves through the weekend to make sure their computers are fully updated and backed up. They were worried a virus unleashed on an estimated 150 countries on Friday could flare up again on Monday, but by midday NSM officials believed it was under control.
“We’re still seeing a considerable spread of the virus internationally, and some countries are hit hard in critical functions,” Hans Christian Pretorius, leader of cyber security at NSM, told newssite VG.no just after noon on Monday. “But in Norway things are looking good. We don’t think this version of the virus will hit Norway hard. At the same time, we have to roll up our sleeves and be prepared for any new waves of it.”
Pretorius and his colleagues, along with those responsible for data security at public and private firms all over the country, were worried and working hard during the weekend, though. On Saturday Pretorius had told Norwegian Broadcasting (NRK) that attacks had increased during the course of Friday night, adding that “this is the biggest attack we’ve seen on a global basis.”
NSM officials who monitor data traffic for hundreds of Norwegian companies and critical public sector infrastructure had already said that Norway seemed to escape the worst of the attack that crippled, for example, health care authorities in the UK on Friday. By Saturday afternoon just three Norwegian companies, all of them privately owned, had reported attacks to NSM, including the Choice hotel chain. Several Norwegian top-league football clubs were hit as well.
Norway’s police intelligence unit PST (Politiets sikkerhetstjeneste) had reported earlier last week that it may have been hit by hackers after its website went down on Wednesday. “It was probably a DDoS (Distributed Denial of Service) attack,” PST told TV2, but that was before the worldwide attack hit on Friday.
It later emerged that Friday’s attack was not spread through email, as initially thought, but rather through a hole in the so-called “firewalls” tied mostly to Microsoft systems. NSM officials spent the weekend going through all firewalls at government ministries, public agencies and the owners of critical infrastructure. They found that out of 250,000, only two were using the Microsoft Windows version that’s believed to be the gateway for the virus.
“We’re close to reaching the conclusion that this (virus) won’t affect Norway to any large degree,” Pretorius told VG.
He told NRK on Monday, however, that it was important for all Microsoft users to update their programs to prevent their machines from being infected. The virus on Friday is believed to have affected at least 200,o00 computers in around 150 countries, with Russia and Taiwan especially hard-hit. Those behind the attack are believed to be extortionists who literally hold a computer hostage until its owner pays a ransom.
By midday, no attacks had been reported. NRK reported that Norway’s Sparebank1 chain of banks around the country was having trouble with its online service, but a bank spokeswoman told business news service E24 that there were “absolutely no indications” it was tied to any virus or hacker attacks.