As of the time I write this, there are reports from 99 countries, INCLUDING the Russian Ministry of the Interior, of ransomware attacks. It may have appeared first in the UK with an attack on the National Health Service, the second such attack in recent months. The attack may have struck Spain’s telecommunications company Telefonica first, or simultaneously.
The NHS hack has disrupted patient care.
More Than 70,000 Sites Attacked
By Friday 9:12 GMT the attack was literally worldwide and apparently still spreading. The Avast cyber security firm reported 75,000 individual attacks by this time.
Microsoft had previously released fixes for the vulnerabilities exploited in this attack and earlier disclosed by the TheShadowBrokers group.
Kaspersky Labs, which is reportedly under investigation by the FBI, has offered to assist any agency or company which has been involved in today’s ransomware attack.
The particular ransomware is called WannaCrpt0r 2.0 according to Avast and exploits a Windows vulnerability which Microsoft patched in March.
The ransomware locks a computer and requests $300 (US) paid in bitcoins to unlock the infected system.
The ransom message comes in several forms but most appear, to begin with, these words, “OOOPS, your important files are encrypted,” and goes on to ask for the money to unlock your files.
NSA Toolkit Utilized in Attack
The tools used to create the attack apparently come from a trove of hacked National Security Agency tools which were released on the Web several months ago – that is what triggered Microsoft to create and push a patch. Computers with automatic updates, which should include nearly all Windows 10 systems, are not vulnerable to the virus which can even spread via wifi networks at coffee shops or other locations with free wifi.
Kaspersky Labs has released data claiming that even patched systems may be vulnerable but there is no confirmation of that as yet.