Security researchers are warning of a ransomware outbreak that is spreading around the globe. Hospitals in the UK have been hit particularly hard, with reports of entire wards being shut down, patients being turned away, and staff sent home, Forbes (opens in new tab) reports.
The ransomware appears to be one of several tools belonging to the National Security Agency (NSA) that a hacking group known as The Shadow Brokers has been leaking to the web over the past several months. According to an Arstechnica (opens in new tab) report last month, The Shadow Brokers leaked around a gigabyte worth of weaponized software exploits, including one that targeted most versions of Windows.
This particular ransomware is called WCry. It's also been called several other names, including WannaCry, WannaCryptor, WannaCrypt, and Wana Decryptor. They're all the same and reference version 2.0 of WCry, BleepingComputer (opens in new tab) reports.
As the day has gone on, WCry has spread to the U.K. and other parts of the world. Earlier in the day a researcher for Kaspersky Lab 45,000 attacks in 74 countries, and said that WCry's list of victims was "growing fast."
There is a that shows WCry spreading to victims in real time. According to Avast security researcher Jakub Kroustek, WCry has claimed over 57,000 PCs in just a few hours, some of the first of which were Spanish companies, such as utility outfits Telefonica, Gas Natural, and Iberdrola.
Something like this is incredibly significant, we've not seen P2P spreading on PC via exploits at this scale in nearly a decade.May 12, 2017
Forbes says victims have been asked to cough up $300 to remove the infection and decrypt their files. Otherwise, their data remains encrypted and inaccessible. On top of that, victims are being told that after 7 days, their files will be lost forever if the ransom is not paid.
The ransomware is said to have initially spread through spam containing fake invoices, job offers, and other attempts aimed at random email addresses. However, it's also been able to spread through the worm-like EternalBlue exploit.