Vote 2020 graphic
Everything you need to know about and expect during
the most important election of our lifetimes

There's a Massive Ransomware Attack Spreading Globally Right Now [Updated]

Screenshot: MalwareHunterTeam
Screenshot: MalwareHunterTeam

A ransomware attack is quickly spreading across the globe rendering vital systems inaccessible.

Advertisement

Friday morning, the Twitter account MalwareHunterTeam reported ransomware known as WanaCrypt0r (a WannaCry variant) spreading at an alarming rate. “In less than 3 hours (even can say less than 2 hours if we count it from the explosion), they got victims already from 11 countries.”

Approximately 6 hours later, at 1pm ET, Kaspersky Lab reported more than 45,000 attacks in 74 countries. “Number still growing fast,” tweeted Costin Raiu, director of global research for the Moscow-based security firm.

Advertisement

Update: There is a patch for this exploit—see the bottom of the post for instructions.

Russia, Taiwan and Spain appear to be those initially hit the hardest, but a map of the infections generated by MalwareTech show the ransomware spreading to all populated continents, and numerous reports from security researchers indicate that WanaCrypt0r has also found its way into the US.

An initial report from UK-based MalwareTech researcher indicate that the ransomware was spreading peer-to-peer and may have been weaponized using a leaked Microsoft Windows exploit (EternalBlue) stolen from the U.S. National Security Agency.

Advertisement

Among those to first report infections publicly are 16 hospitals in England and the Spanish telecom Telefonica. The infected systems rendered files encrypted and inaccessible and a warning flashed across the screens. “You only have 3 days to submit the payment. After that the price will be doubled,” it reads. “Also if you don’t pay in 7 days, you won’t be able to recover your files forever.”

Advertisement


Update 5/12/17 2:34p EDT: FedEx confirmed to the BBC that it is experiencing “interference” with some of Windows-based systems “caused by malware.” The company said it was “implementing remediation steps as quickly as possible.”

Advertisement

According to SwiftOnSecurity, after FedEx detected WannaCry infections at its UK offices, the company ordered its US partners to shut down all non-critical networked Windows-based systems.

Update 5/12/17 3:04p EDT: Click here for information about the Windows versions or editions affected and for details on how to patch (MS17-010) the EternalBlue exploit. Or click here for instructions on how to review and install high-priorities updates on your Windows laptop or PC.

Advertisement

This article will continue to be updated as new information comes in.

Senior Reporter, Privacy & Security

Share This Story

Get our newsletter

DISCUSSION

Thanks for reporting this.

Man, it’s almost like governments hoarding known security flaws and exploits so that they can later weaponized is a really terrible idea that risks costing the global economy billions per day and exposing their citizens to financial and personal ruin.