The attack, known as “WannaCry,” encrypts Windows users’ computer files before demanding a $300 payment in Bitcoin. Although Microsoft issued a patch for the vulnerability in March, thousands of users have either failed to apply the update or are running outdated operating systems.
The ransomware is spreading at an alarming rate given its use of “EternalBlue,” a powerful NSA SMB exploit recently leaked online by the mysterious Shadow Brokers hacking group.
The attack has been reported thus far in 74 countries including the US, UK, China, Russia and Spain.A ransomware spreading in the lab at the university pic.twitter.com/8dROVXXkQv— ＲｅａｄＮｉｅｒＡｕｔｏｍａｔａ (@dodicin) May 12, 2017
Screenshots of infected machines everywhere from universities to the Russian Interior Ministry were shared widely online Friday.Fresh IDR based heatmap for WanaCrypt0r 2.0 ransomware (WCry/WannaCry).— MalwareHunterTeam (@malwrhunterteam) May 12, 2017
Also follow @MalwareTechBlog‘s tracker: https://t.co/mjFwsT3JzH pic.twitter.com/SPeZfBpckm
Other victims include as many as 16 NHS hospitals in the UK – many of which are still using Windows XP – as well as FedEx and multiple telecommunications companies across Europe.Looks like this ransomware campaign reached the Russian Interior Ministry https://t.co/UVhBIDgQNN (hat tip to tipster) pic.twitter.com/MAxoWrnSL2— Joseph Cox (@josephfcox) May 12, 2017
Cybersecurity experts examining the hacker(s) Bitcoin wallets say they have already been paid “6 figures.”Here’s what a London GP sees when trying to connect to the NHS network pic.twitter.com/lV8zXarAXS— Rory Cellan-Jones (@ruskin147) May 12, 2017
WannaCry SMB worm BitCoin wallets just crossed over to 6 figures (!) in BitCoins (converted to $)— Kevin Beaumont (@GossiTheDog) May 12, 2017
Windows users are being urged to either upgrade their operating systems or to apply security patches immediately.Wallet 1: https://t.co/bF0VbAJvwvWallet 2: https://t.co/JxkjaI5bpj#nhscyberattack
— Shad (@_sh4d) May 12, 2017
IF YOU HAVE NOT APPLIED THESE SECURITY PATCHES FROM MICROSOFT https://t.co/tTotbKuZlh. DO SO NOW OR GET OFF THE INTERNET PLEASE.— Lauri Love (@laurilove) May 12, 2017
Then even if you fall behind, a patch doesn’t get applied, antivirus doesn’t work – it makes it very difficult to spread.— Kevin Beaumont (@GossiTheDog) May 12, 2017
Cybersecurity companies are also attempting to create a decryption tool that would allow users to retrieve their files without being forced to pay the ransom.How not to be hit by WCry 2.0: Apply MS17-010 immediately, remove NT4, 2000, XP-2003 from production, Firewall ports 445/139 & 3389. Simple.— Hacker Fantastic (@hackerfantastic) May 12, 2017