A massive ransomware attack has spread across at least 74 countries, hitting the IT systems of banks, telephone companies and hospitals and holding affected computers hostage for $300 in Bitcoin.
According to Wired, the ransomware strain WannaCry (also known as WanaCrypt0r and WCry) has gained particular traction in Spain, where it has hobbled the telecom company Telefonica, the natural gas company Gas Natural, and the electrical company Iberdrola.
In the U.K., the bug locked up IT systems and phone lines at National Health Service (NHS) hospitals, causing officials to discourage people from visiting unless they need emergency treatment.
“The spread is immense,” Adam Kujawa, the director of malware intelligence at Malwarebytes, which discovered the original version of WannaCry, told Wired. “I’ve never seen anything before like this. This is nuts.”
On Friday alone, Avast detected up to 52,000 attacks from the ransomware, most of which were targeting Russia, Ukraine and Taiwan.
Ransomware is malware that essentially locks people out of their computers, holding the decryption or other release key ransom until the victim pays a fee, usually in Bitcoin. According to Symantec, such attacks have jumped from 340,665 in 2015 to 463,841 last year.
WannaCry exploits a vulnerability on older Microsoft systems that was first discovered by the National Security Agency. “Microsoft released a patch for the exploit, known as MS17-010, in March, but clearly many organizations haven’t caught up,” Wired said.
Once WannaCry enters a network, it can spread to other computers on that same network, a typical trait of ransomware that maximizes the damage to companies and institutions.
The NHS has experienced hobbled computer and phone systems, system failures, and widespread confusion after hospital computers started showing a ransom message demanding $300 worth of bitcoin. The malware demands that hospitals pay by May 15, or all the encrypted files will be deleted by May 19, according to cybersecurity firm Foursys.
“Emergency operations may have been cancelled, and automated systems that help monitor in and outpatients could be affected as well,” Andy Wool, Foursys’s marketing director, told CNET. “It is all hands on deck to try and stop the spread.”