Ransomware leaked by hackers and stolen originally from NSA documents has been infecting computers worldwide Friday, with some of the first reports coming from hospitals and offices in England. The Washington Post reports that the ransomware, which cripples computers and threatens to delete data unless a ransom is paid to the hacker, exploits a flaw in Microsoft system software, and though the company has issued a patch, that has not stopped the spread of the malware across the internet. As one cybersecurity expert puts it to the New York Times, "When people ask what keeps you up at night, it’s this."
In this case, the scope of the attacks is vast, but the ransoms demanded are relatively small, starting around $300. The sum goes up the longer you wait to pay.
According to the Times, the attack has affected at least 36 hospitals in England, and other attacks have been reported in 74 countries so far, per Consumerist, including the US, Russia, Spain, India, Japan, Taiwan, the Philippines, Turkey, and Vietnam. The hackers appear to have targeted large computer networks that had yet to be updated and were therefore vulnerable, and among the large companies affected were major telecommunication companies like Spain’s Telefónica and Russia’s MegaFon. Interestingly, targets in Russia appear to be the hardest hit so far, according to SecureList.
Britain’s National Health Service issued a statement identifying the ransomware as a variant of something called Wanna Decryptor, saying that their cybersecurity team was working quickly to "ensure patient safety is protected."
The attacks were first reported by one security firm at 1 p.m. Eastern Time.
So far, we have recorded more than 45,000 attacks of the #WannaCry ransomware in 74 countries around the world. Number still growing fast.— Costin Raiu (@craiu) May 12, 2017
Gizmodo and Malwarebytes have example screenshots of what the ransomware screens looks like:
TechCrunch reports that the ransomware, which was one of a number of hacking tools that was discovered and developed by the NSA, was leaked by a hacking group called Shadow Brokers last month, but the Microsoft flaw it exploits had been preemptively fixed in a patch that was released in March.
Reportedly there have already been some 57,000 computers affected worldwide so far, and TechCrunch also notes that money has been steadily flowing into the hackers' bitcoin wallet in small sums of $250 to $500, indicating that many are opting to pay the ransom.
BoingBoing notes that this attack has echoes of another ransomware attack that targeted several hospitals in the US in February and March 2016. In those attacks, the hackers initially demanded large sums and then backed down to accepting smaller sums as they realized that using hospitals as targets to lead to a more aggressive criminal investigation effort.