A ransomware virus is spreading aggressively around the globe, with over 100,000 computers in 99 countries having been targeted, according to the latest data. The virus infects computer files and then demands bitcoins to unblock them.
An increase in activity of the malware was noticed starting from 8am CET (07:00 GMT) Friday, security software company Avast reported, adding that it “quickly escalated into a massive spreading.”
In a matter of hours, over 75,000 attacks have been detected worldwide, the company said. Meanwhile, the MalwareTech tracker detected over 100,000 infected systems over the past 24 hours.
Dozens of countries around the globe have been affected, with the number of victims still growing, according to the Russian multinational cybersecurity and anti-virus provider, the Kaspersky Lab.
The ransomware, known as WanaCrypt0r 2.0, or WannaCry, is believed to have infected National Health Service (NHS) hospitals in the UK and Spain’s biggest national telecommunications firm, Telefonica.
Britain and Spain are among the first nations who have officially recognized the attack. In Spain, apart from the telecommunications giant, Telefonica, a large number of other companies has been infected with the malicious software, Reuters reported.
The virus is said to attack computers on an internal network, as is the case with Telefonica, without affecting clients.
Computers at Russia’s Interior Ministry have been infected with the malware, the ministry said Friday evening.
Some 1,000 Windows-operated PCs were affected, which is less than one percent of the total number of such computers in the ministry, spokeswoman Irina Volk said in a statement. The virus has been localized and steps are being taken to eliminate it.
The servers of the ministry have not been affected, Volk added, saying it’s operated by different systems for Russia-developed data processing machines.
“Several” computers of Russia’s Emergency Ministry had also been targeted, its representative told TASS, adding, that “all of the attempted attacks had been blocked, and none of the computers were infected with the virus.”
Russian telecom giant, Megafon has also been affected.
“The very virus that is spreading worldwide and demanding $300 to be dealt with has been found on a large number of our computers in the second half of the day today,” Megafon’s spokesperson Pyotr Lidov told RT.
The internal network had been affected, he said, adding that in terms of the company’s customer services, the work of the support team had been temporarily hindered, “as operators use computers” to provide their services.
The company immediately took appropriate measures, the spokesperson said, adding that the incident didn’t affect subscribers’ devices or Megafon signal capabilities in any way.
British Prime Minister Theresa May has said the cyberattack on UK hospitals is part of a wider international attack.
In Sweden, the mayor of Timra said “around 70 computers have had a dangerous code installed,” Reuters reported.
According to Avast, the ransomware has also targeted Ukraine and Taiwan.
The virus is apparently the upgraded version of the ransomware that first appeared in February. Believed to be affecting only Windows operated computers, it changes the affected file extension names to “.WNCRY.”
It then drops ransom notes to a user in a text file, demanding $300 worth of bitcoins to be paid to unlock the infected files within a certain period of time.
While the victim’s wallpaper is being changed, affected users also see a countdown timer to remind them of the limited time they have to pay the ransom. If they fail to pay, their data will be deleted, cybercriminals warn.
According to security experts, the ransomware exploits a vulnerability that was discovered and developed by the National Security Agency.
“Our analysis indicates the attack, dubbed “WannaCry”, is initiated through an SMBv2 remote code execution in Microsoft Windows. This exploit (codenamed “EternalBlue”) has been made available on the internet through the Shadowbrokers dump on April 14th, 2017,” Russian cybersecurity firm, Kaspersky Lab, wrote in a blog post about the attack.
Although Microsoft had already patched the backdoor roughly a month before it became public, many users who did not install the latest security updates seem to have become the primary victims of the attack.
Meanwhile, NSA whistleblower Edward Snowden has led the discussion on NSA’s role and responsibility in Friday’s extensive cyberattacks, noting that if the NSA had “privately disclosed the flaw used to attack hospitals when they found it, not when they lost it, this may not have happened.”
Snowden noted that the NSA developed these “dangerous attack tools that could target Western software” despite warnings, and that it’s now up to congress to question the agency on its knowledge of any other software vulnerabilities.
Wikileaks also referred to its dealings with the whistleblower behind its Vault 7 CIA releases who warned of the extreme proliferation risk in the creation of cyber weapons.