Security experts say that a cyberattack that first hit British hospitals, holding their computer networks hostage, has now spread beyond the U.K., targeting other healthcare facilities, shipping companies, and utilities, in a rapidly growing number of countries.
The day began — here on the U.S. East Coast, anyway — with news that more than a dozen hospitals in England were simultaneously struck by a ransomware attack. But it didn’t stop there: A few hours later, news came down that the largest phone and utility companies in Spain were also being hit. And then news just kept coming.
An analyst from security firm Kaspersky tweeted around 1 p.m. Eastern time that his company had already recorded more than 45,000 attacks in 74 countries — and that the number was still climbing. An hour later, analysts at Avast said they’d detected more than 57,000 instances.
Kaspersky’s early analysis indicates that targets in Russia were hardest hit, with Ukraine, India, Taiwan, and Tajikistan rounding out the top five. Several European nations — and, yes, the U.S. — were also hit.
It’s pretty much your classic ransomware: A message takes over the screen, informing users that all their files have been encrypted and will only be unencrypted of a certain sum is paid in Bitcoin to an anonymous address within a certain period of time.
The sooner you pay up, the less it costs — unlocking apparently starts at $300, with this one — but the longer you wait, the more the data-nappers will charge you… until at last, your window closes and your data is wiped.
As Wired explains, this particular ransomware strain is called WannaCry (sometimes WanaCrypt0r and WCry), and it’s a new variant on a nasty bit of code that first surfaced in March.
To get in, WannaCry exploits a known vulnerability in Windows known as EternalBlue — an exploit that allegedly came from the NSA and was made public in a data dump from a hack a few weeks back.
Once the malware is in a computer, it then spreads like your classic virus to other computers sharing the same network.
An analyst from MalwareBytes told Wired, “This spread is immense. I’ve never seen anything before like this. This is nuts.”
The size, scope, and range of companies hit in this attack is extraordinary. As far as American companies go, the first one to confirm it’s been hit is FedEx, which said in a statement, “Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware. We are implementing remediation steps as quickly as possible.”
Microsoft has already released a patch for the exploit, but clearly, not every business updates its operating systems regularly enough. Experts say that home users are probably safer, because they are more likely to have let updates install on their machines. Though it never hurts to go run Windows Update and look for security patches again to make sure you’re up to date. Like, now.