- More than 45,000 targets in 74 countries suffered ransomware attacks Friday, according to Kaspersky Lab, though the security firm said its limited visibility means the number of attacks could be much higher. Another cybersecurity firm, Avast, detected 75,000 instances of the malware in 99 countries Friday afternoon.
- Reports surfaced Friday morning about ransomware attacks on 16 hospitals in the United Kingdom. The hospitals were forced to only take emergency patients because computer systems were rendered unusable from malware demanding a ransom payment, KrebsonSecurity reports. Kaspersky recorded the same strain of ransomware, "WannaCry," in 73 other countries and largely centered in Russia.
- The malware was originally released on the internet in April by the Shadow Brokers hacking group. The exploit targeted Microsoft Windows, however the company said it had released a patch in March for the exploit. The ransomware encrypts files and demands users pay in Bitcoin to unlock them, according to Kaspersky. The request started at $300, but rose to $600 by the afternoon.
A large-scale cyberattack that experts have long warned organizations about hit the internet Friday, crippling emergency services and forcing experts to scramble to respond. The exploit in question was patched in March by Microsoft, but if enterprises failed to implement the necessary updates they could find their systems impacted. Hackers claim to have stolen the exploit tools from the Nation Security Agency and many feared the data dump from Shadow Brokers could lead to a global cyber event.
Cybersecurity firms will rush to help affected organizations, but as long as malicious actors are crippling machines, other threats lurk, such as unauthorized access of patient data in hospital systems.
The attack method is not unique. Since early 2016, hospitals and other vulnerable targets have been hit with ransomware attacks that force organizations to scramble for resources, debating whether to pay the ransom or restore from backups. What's different about this case is the scale of the attack.
Ransomware attacks have undergone and evolution, according to Daniel Smith, senior researcher at Radware. "No longer does a malware author have to target large swaths of the population via a phishing campaign with the hopes that someone open an infected document." The WannaCry attack was far more automated, said Smith. "The author only has to infect one computer on the network. Once that device is infected the ransomware will worm across the network compromising other computers."
In the end, there are only so many ways security experts can remind organizations to keep their software up-to-date. Though the attack is still developing, and much is still unknown about what organization is behind the attack, it took advantage of a flaw many had yet to patch to wreak havoc.