Friday morning (May 12), a ransomware attack started spreading across the globe, infecting tens of thousands of computers and shutting down vital systems. Those affected included over 40 health service trusts and FedEx’s offices in the United Kingdom, a telecom in Spain, and apparently, the Russian Interior Ministry.
The malicious software, transferred over email and stolen from the National Security Agency(NSA), exposed vulnerabilities in computer systems in almost 100 countries in total, constituting one of the largest ransomware attacks on record.
The WannaCrypt ransomware, also called WannaCry and similar, targeted Microsoft servers running the file sharing protocol Server Message Block (SMB). It used an exploit called ExternalBlue, which had first been revealed last month as part of a leaked stash of NSA documents. Once it gained access to Windows computers, it encrypted their contents before demanding payments of hundreds of dollars for the key to decrypt files.
The coordinated attack was first reported in the UK, where at around 12:30pm local time, the National Health Service’s (NHS) systems began crashing. Pop-up messages appeared on computer screens, demanding $300 in bitcoin in exchange for access. By 3:30pm, infection had been reported in 16 NHS hospitals, and the number has surged to over 40 by now. Surgical procedures were postponed and some hospital operations shut down as government officials struggled to respond to the attack.
The Russian Interior Ministry also reported thousands of computers affected by a virus. However, officials played down the incident, saying the attacks had been contained.
The attack was in fact largely preventable, if only more Windows users had >installed the critical security patch that Microsoft released for it two months ago.
Late Friday, Microsoft posted an official notice on its TechNet site about the security update as well as general guidance regarding the WannaCrypt attack. Additionally, the company urged users to “use vigilance when opening documents from untrusted or unknown sources.”
The attack also brought the infamous NSA leak back into the spotlight. Speaking to NPR, tech reporter Aarti Shahani said: “This attack is raising one of these fundamental issues that we talk about in the security world, about whether NSA surveillance protects people or creates unexpected damage that does more harm than good.”