At the time of publishing, Kaspersky Lab, an internet security firm, is reporting that more than 57,000 attacks in 74 countries have been generated by a piece of ransomware called “WannaCry” or “Wcry.” The software encrypts all of a user’s data unless they pay a fee to regain control of their system, and is likely derived from leaked NSA hacking software.
Currently, sixteen hospitals and offices within the UK’s National Health Service (NHS) have been affected by the attack, as well as large firms like Spain’s Telefónica, and international banks like BBVA. However, the largest concentration of attacks is seen within the Russian Federation.
The bug is made possible by a vulnerability in Microsoft Windows known as “EternalBlue.” Microsoft released a fix for the exploit in March, but users may not have updated their systems and the exploit is designed to also affect computers that do not have the vulnerability exposed. Ars Technica says of the virus:
Wcry is demanding a ransom of $300 to $600 in Bitcoin to be paid by May 15, or, in the event that deadline is missed, a higher fee by May 19. The messages left on the screen say files will remain encrypted. It’s not yet clear if there are flaws in the encryption scheme that might allow the victims to restore the files without paying the ransom.
It is expected that the virus will spread to the United States soon enough, so security experts are advising users to update and backup their systems before disaster strikes.
The malware was published online by the hacker group The Shadow Brokers last month, after the group announced in January that it would be auctioning off hundreds of megabytes worth of NSA hacking tools.
Yes, “WannaCry” is a copycat of a weapons-grade hack that was developed by the NSA to remotely take over computers. The NSA exploit was pared with a so-called worm that can spread with very little action on the part of the computer’s user. Emails do not have to be opened and there are no suspicious links that need to be clicked in order for the exploit to spread.
The viral attack comes as hacking tools developed by and for the CIA and NSA have been leaked online. Concern has grown over the government’s hoarding of so-called “zero-day exploits,” which would seem to violate an Obama-era rule called the Vulnerabilities Equities Process (VEP). The VEP demanded that when a government agency found software exploits, they should identify the developer, in the name of better overall cyber security.
Users are advised to back up their systems and ensure that they have applied the Microsoft patch, which can be found here: Microsoft Security Bulletin MS17-010 – Critical.