Dozens of countries were hit with a huge cyberextortion attack Friday that locked up computers and held users' files for ransom at a multitude of hospitals, companies and government agencies.
Companies worldwide are bracing for even more fallout from the biggest cyberattack ever as their workers head back to the office Monday.
Once inside an organization, WannaCry uses a Windows vulnerability purportedly identified by the NSA and later leaked to the internet. Russian Federation appeared to be the hardest hit, according to security experts, with the country's Interior Ministry confirming it was struck.
Lawrence Abrams, a New York-based blogger who runs BleepingComputer.com, says many organizations don't install security upgrades because they're anxious about triggering bugs, or they can't afford the downtime.
On affected computers, the WannaCry software encrypts files and displays a ransom message demanding $300 in bitcoin.
Microsoft's lawyer says governments should "report vulnerabilities" that they discover to software companies, "rather than stockpile, sell, or exploit them".
Globally active ransomware virus has partially affected the computer systems in some institutions in Maharashtra, including that of its police department, a police official said here today. So far, he said, not many people have paid the ransom demanded by the malware.
"The way these attacks work means that compromises of machines and networks that have already occurred may not yet have been detected, and that existing infections from the malware can spread within networks", Britain's National Cyber Security Center said in a statement on Sunday.
"For so many organizations in the same day to be hit, this is unprecedented", he said. Whatever its source, it was published on the internet last month by a hacker group called ShadowBrokers.
Ed Boon Won't Rule Out Watchmen Characters in Injustice 2
Injustice 2 on consoles will be available for PS4 and Xbox One in the United Kingdom on the 19th of May 2017. That's because Injustice 2 has turned out to be one of the most handsome fighting games we've ever seen.
Shortly after that disclosure, Microsoft announced that it had already issued software "patches" for those holes. And many computer networks, particularly those in less-developed parts of the world, still use an older version of Microsoft software, Windows XP.
By Kaspersky Lab's count, the malware struck at least 74 countries. The WannaCry attack should give urgency to boosting cyber security.
Hospitals in areas across Britain found themselves without access to their computers or phone systems. Doctors' practices and pharmacies reported similar problems.
Tom Griffiths, who was at the hospital for chemotherapy, said several cancer patients had to be sent home because their records or bloodwork couldn't be accessed. "Otherwise they're literally fighting the problems of the present with tools from the past". "It's stressful enough for someone going through recovery or treatment for cancer".
A top Russian mobile operator said Friday it had come under cyberattacks that appeared similar to those that have crippled some United Kingdom ho.
Avast said the majority of the attacks targeted Russia, Ukraine and Taiwan. This is something Microsoft has been arguing for a while, but perhaps this recent attack will make organisations like the NSA listen harder. Authorities said they were communicating with more than 100 energy, transportation, telecommunications and financial services providers about the attack. Spanish telecom company Telefónica was also hit with the ransomware.
At the moment, all PCs that do not have the latest Microsoft security updates are vulnerable to attack by the ransomware. However, computers, operators and networks that didn't update their operating systems were still at risk.
"There's a lot of older Windows products out there that are "end of life" and nobody's bothered to take them out of service", said Cynthia Larose, a cybersecurity expert at the law firm of Mintz Levin.
"Very few banks if any have been affected because they've learned from painful experience of being the number one target for cybercrime", he said on ITV's Peston on Sunday program. "I did not expect an attack on this scale". That was a shock.