At least 75,000 computers in 100 countries were held ransom by a worldwide malicious software attack that struck more than a dozen English hospitals plus major companies, including FedEx and Telefonica, Spain’s largest telecom, throughout the day on Friday.
Antivirus provider Avast reported that at least 75,000 computers had been infected by the crippling malware called the “WanaCrypt0r 2.0” ransomware.
Ransomware is a particularly frightful variety of malware that blocks access to a computer or its data while demanding money to reverse its effect.
“We have observed a massive peak in WanaCrypt0r 2.0 (aka WCry) ransomware attacks today, with more than 57,000 detections, so far,” said a statement from Avast.
According to Avast, the ransomware is mainly being targeted to the UK, Russia, Ukraine, India, Taiwan, Italy, and Egypt, but it has also infected hospitals across England.
The ransomware apparently used a vulnerability exploit developed by the National Security Agency to infect Windows PCs and encrypt their contents, before demanding payment for the key to decrypt crucial files. Infected computers display a message demanding a ransom of $300 worth of bitcoins.
The vulnerability was initially revealed to the public as part of a stash of NSA documents stolen from the United States government during extensive cyberattacks on Friday.
Ransomware is a particularly nasty type of malware that blocks access to a computer or its data and demands money to release it.
Hospitals in Britain appeared to be the most severely affected by the attacks, which blocked doctors’ access to patient files and forced emergency rooms to divert people seeking urgent care.
Security researchers with Kaspersky Lab said, “Our analysis indicates the attack, dubbed “WannaCry”, is initiated through an SMBv2 remote code execution in Microsoft Windows. This exploit (codenamed “EternalBlue”) has been made available on the internet through the Shadowbrokers dump on April 14th, 2017 and patched by Microsoft on March 14.”
They added: “Unfortunately, it appears that many organizations have not yet installed the patch.”
The global ransomware attack came a day after President Donald Trump signed an executive order aimed at tightening U.S. cybersecurity.
The hackers, who have not come forward to claim responsibility or otherwise been identified, likely made it a “worm,” or self spreading malware, researchers with several private cyber security firms said.
Connect with NJTODAY.NET
Join NJTODAY.NET's free Email List to receive occasional updates delivered right to your email address!