KNOXVILLE (WATE/AP) – Security firm Kaspersky Lab has recorded more than 45,000 attacks in 74 countries in the past 10 hours.
The ransomware, called “WannaCry” has data encrypted with the extension “.WCRY” added to filenames. Kaspersky Lab’s research team said the ransomware exploits a Windows exploit called “EternalBlue,” locking computers while attackers demand a ransom.
The ransomware automatically scans for computers it can infect whenever it loads itself onto a new machine. It can infect other computers on the same wireless network.
“It has a ‘hunter’ module, which seeks out PCs on internal networks,” said Kurt Baumgartner, the principal security researcher at Kaspersky Lab told CNN. “So, for example, if your laptop is infected and you went to a coffee shop, it would spread to PCs at the coffee shop. From there, to other companies.”
Pictures posted on social media showed screens of computers with images demanding payment of $300 worth of the online currency Bitcoin, saying: “Ooops, your files have been encrypted!” Baumgartner says after a few hours the ransom goes up.
Microsoft released a patch for the exploit in March. A hacking group released details on the exploit in April when they published a collection of spy tools allegedly used by the National Security Agency online.
Britain’s health service was hit Friday by the ransomware. Hospitals in areas across Britain found themselves without access to their computers or phone systems. Many canceled all routine procedures and asked patients not to come to the hospitals unless it was an emergency. Some chemotherapy patients were even sent home because their records could not be accessed.
As similar widespread ransomware attacks were reported in Spain, Romania and elsewhere, experts warned that online extortion attempts by hackers are a growing menace. Hospitals, with their often outdated IT systems and trove of confidential patient data, are a particularly tempting target.
NHS Digital, which oversees U.K. hospital cyber security, says the attack used the Wanna Decryptor variant of malware, which infects and locks computers while the attackers demand a ransom.
How to prevent it
Security firms are encouraging companies and users to make sure they install the official patch from Microsoft.
Matthew Hickey, the founder of the security firm Hacker House, told CNN Friday’s attack is not surprising and shows many organizations do not apply updates in a timely fashion. He said consumers who have up-to-date software are protected from this ransomware.
Microsoft Window’s Automatic Updates feature notifies you when important updates are available for your computer. You can also specify the schedule that Windows follows to install updates on your computer.