A massive cyberattack infected some 200,000 computers in at least 150 countries Friday with ransomware — malicious software that encrypts the computer’s files and demands a payment to regain access to them. The attack was “unprecedented in scale,” Europol’s chief Rob Wainwright told the BBC.
Here’s what you need to know about the attack:
- The software is a variant of ransomware called WannaCry. It encrypts afflicted computers’ files — displaying a message that reads, “Oops, your files have been encrypted!” — and demands a payment of about $300 in Bitcoin, an online cryptocurrency, in order to restore access.
- The attack appears to have exploited a flaw in the Windows operating system identified by the National Security Agency last August and released publicly in a trove of files leaked last month by a hacker group called the Shadow Brokers.
- The attack primarily targeted Russia, Ukraine, and Taiwan, but also affected the United Kingdom, Chinese universities, and major companies such as FedEx. Some hospitals in the UK were forced to cancel outpatient appointments; it’s not yet known whether anyone suffered injury or death as a result of the cyberattack.
- Twitter user @MalwareTechBlog, a 22-year-old cybersecurity expert in the United Kingdom, helped to stop the spread of the attack by inadvertently activating the ransomware’s “kill switch” that was built into the virus by the hackers who created it. Experts believe that the 22-year-old, who is insisting on anonymity, is largely responsible for keeping the attack from spreading to the U.S.
- It’s not over yet: @MalwareTechBlog flipped the killswitch on Friday, but warns that a new version of the ransomware likely won’t have one.
Version 1 of WannaCrypt was stoppable but version 2.0 will likely remove the flaw. You're only safe if you patch ASAP.
— MalwareTech (@MalwareTechBlog) May 14, 2017