Ransomware may be mostly thought of as a (sometimes costly) nuisance, but when it hinders the ability of doctors and nurses to provide aid to those in need of emergency medical care, then it qualifies as armed robbery.
UK-based security architect Kevin Beaumont said:
"It is going to spread far and wide within the internal systems of organizations -- this is turning into the biggest cybersecurity incident I've ever seen,"
Cybersecurity firm Avast said it tracked more than 75,000 ransomware attacks in 99 countries on Friday.
This quickly spreading, nasty piece of malware crossed mountains and oceans to infect more than 70,000 machines around the world in a matter of hours.
Avast also said the majority of the attacks targeted Russia, Ukraine and Taiwan. But hospitals in the U.K., and global firms like Fedex (FDX) also reported they had come under assault.
How Did it happen?
Unknown attackers deployed a virus targeting Microsoft servers running the file sharing protocol Server Message Block (SMB). Only servers that weren’t updated after March 14 with the MS17-010 patch were affected; this patch resolved an exploit known as ExternalBlue, once a closely guarded secret of the National Security Agent, which was leaked last month by ShadowBrokers, a hacker group that first revealed itself last summer.
The ransomware, a suitably named WannaCry, did not spread due to people clicking on bad links. The only way to prevent this attack was to have already installed the update.
Kurt Baumgartner, the principal security researcher at security firm Kaspersky Lab, said:
"Affected machines have six hours to pay up and every few hours the ransom goes up, Most folks that have paid up appear to have paid the initial $300 in the first few hours."
Sixteen National Health Service (NHS) organizations in the UK have been hit, and some of those hospitals have canceled outpatient appointments and told people to avoid emergency departments if possible. Spanish telecom company Telefónica (TEF) was also hit with the ransomware. The infected systems rendered files encrypted and inaccessible and a warning flashed across the screens. “You only have 3 days to submit the payment. After that the price will be doubled,” it reads. “Also if you don’t pay in 7 days, you won’t be able to recover your files forever.”
People are especially furious because hospitals were attacked
If you think you might be vulnerable to WannaCry, or you don’t remember installing any updates over the past month, your first step is to address that issue immediately.