Spoiled Milk
Banned
UPDATE: Kaspersky reporting at least 74 countries affected.
Security firm Kaspersky Lab has recorded more than 45,000 attacks in 74 countries in the past 10 hours. Most of the attacks have targeted Russia.
The ransomware, called "WannaCry," locks down all the files on an infected computer and asks the computer's administrator to pay in order to regain control of them. Researchers say it is spreading through a Microsoft (MSFT, Tech30) Windows exploit called "EternalBlue," which Microsoft released a patch for in March. A hacking group leaked the exploit in a trove of other NSA spy tools last month.
"Effected machines have six hours to pay up and every few hours the ransom goes up," said Kurt Baumgartner, the principal security researcher at Kaspersky Lab. "Most folks that have paid up appear to have paid the initial $300 in the first few hours."
Sixteen National Health Service (NHS) organizations in the UK have been hit, and some of those hospitals have canceled outpatient appointments and told people to avoid emergency departments if possible. Spanish telecom company Telefónica was also hit with the ransomware.
Spanish authorities confirmed the ransomware is spreading through the EternalBlue vulnerability and advised people to patch.
"It is going to spread far and wide within the internal systems of organizations -- this is turning into the biggest cybersecurity incident I've ever seen," UK-based security architect Kevin Beaumont said.
Kaspersky Lab says although the WannaCry ransomware can infect computers even without the vulnerability, EternalBlue is "the most significant factor" in the global outbreak.
Beaumont examined a sample of the ransomware used to target NHS and confirmed it was the same used to target Telefónica. He said companies can apply the patch released in March to all systems to prevent WannaCry infections. Although it won't do any good for machines that have already been hit.
He said it's likely the ransomware will spread to U.S. firms too. The ransomware is automatically scanning for computers it can infect whenever it loads itself onto a new machine. It can infect other computers on the same wireless network.
"It has a 'hunter' module, which seeks out PCs on internal networks," Beaumont said. "So, for example, if your laptop is infected and you went to a coffee shop, it would spread to PCs at the coffee shop. From there, to other companies."