Massive ransomware attack hits 74 countries


Tens of thousands of ransomware attacks are targeting organizations around the world on Friday.

Security firm Kaspersky Lab has recorded more than 45,000 attacks in 74 countries in the past 10 hours. Most of the attacks have targeted Russia.  

What is it?

The ransomware, called “WannaCry,” locks down all the files on an infected computer and asks the computer’s administrator to pay in order to regain control of them. Researchers say it is spreading through a Microsoft (MSFT, Tech30) Windows exploit called “EternalBlue,” which Microsoft released a patch for in March. A hacking group leaked the exploit in a trove of other NSA spy tools last month.

“Affected machines have six hours to pay up and every few hours the ransom goes up,” said Kurt Baumgartner, the principal security researcher at Kaspersky Lab. “Most folks that have paid up appear to have paid the initial $300 in the first few hours.”

Sixteen National Health Service (NHS) organizations in the UK have been hit, and some of thosehospitals have canceled outpatient appointments and told people to avoid emergency departments if possible. Spanish telecom company Telefónica was also hit with the ransomware.

Spanish authorities confirmed the ransomware is spreading through the EternalBlue vulnerability and advised people to patch.

“It is going to spread far and wide within the internal systems of organizations — this is turning into the biggest cybersecurity incident I’ve ever seen,” UK-based security architect Kevin Beaumont said.

Related: NSA’s powerful Windows hacking tools leaked online

Kaspersky Lab says although the WannaCry ransomware can infect computers even without the vulnerability, EternalBlue is “the most significant factor” in the global outbreak.

How to prevent it

Beaumont examined a sample of the ransomware used to target NHS and confirmed it was the same used to target Telefónica. He said companies can apply the patch released in March to all systems to prevent WannaCry infections. Although it won’t do any good for machines that have already been hit.

He said it’s likely the ransomware will spread to U.S. firms too. The ransomware is automatically scanning for computers it can infect whenever it loads itself onto a new machine. It can infect other computers on the same wireless network.

“It has a ‘hunter’ module, which seeks out PCs on internal networks,” Beaumont said. “So, for example, if your laptop is infected and you went to a coffee shop, it would spread to PCs at the coffee shop. From there, to other companies.”

According to Matthew Hickey, founder of the security firm Hacker House, Friday’s attack is not surprising, and it shows many organizations do not apply updates in a timely fashion. When CNNTech first reported the Microsoft vulnerabilities leaked in April, Hickey said they were the “most damaging” he’d seen in several years, and warned that businesses would be most at risk.

Consumers who have up-to-date software are protected from this ransomware. Here’s how to turn automatic updates on.

It’s not the first time hackers have used the leaked NSA tools to infect computers. Soon after the leak, hackers infected thousands of vulnerable machines with a backdoor called DOUBLEPULSAR.

9 thoughts on “Massive ransomware attack hits 74 countries

  1. Sounds like the US foreign government in occupation is losing money and are looking for other ways of financing their military operations by extorting money from other companies and countries through the use of computer malware.

  2. “… this is turning into the biggest cybersecurity incident I’ve ever seen,”


  3. It could be the Deep State, or it could be private hackers seeking money. I’m leaning toward the latter in this case. But regardless of who is responsible, this incident proves once again that networked computers aren’t safe, and the push to “connect” everything from cars to medical records to financial information is just plain stupid.

  4. Now who would want to scare people away from the internet
    because they can’t control the narrative?

    I would bet it’s the same ones that created bank panics of the past
    like the panic of 1907 that scared everyone into the federal reserve…

    New laws on the internet will probably result from this. Watch what laws are proposed and just who’s pushing them, for what benefit.


  5. Well what are people gonna do when these people release ransom ware on your bank accounts.

    Sorry your bank accounts say zero.
    Please hold.

    AI voice message…
    If you would like your money back..
    press #1
    If you would like your money back in Spanish.
    Press # 2.
    If your really pissed off… Press #3. and a customer representative will be with you shortly.
    Please hold…

    Estimated wait time is …
    Your fkd up life.

    Your call is very important to us…
    Please wait on the line. .
    Estimated wait time is forever.

    Your call is very important to us.
    Your call is very important to us.
    Your call is very important to us.

    Please hold while we contact the next available slave foreigner that you can’t understand.

    Your call is very important to us.
    Your call is very important to us.

  6. “It’s not the first time hackers have used the leaked NSA tools to infect computers.”

    That’s all I needed to read in this article to know who is behind it, who is responsible for it, and where the problem lies. Note that the majority of computers targetted by the “leaked” NSA tools were located in Russia.

    Here it goes again… walk into the bar and pick the biggest, meanest looking guy. Grab his beer and throw it into his face, and see what happens.

Join the Conversation

Your email address will not be published. Required fields are marked *