Hidden behind emails thought to contain job offers and other important information, hackers have infected computers in 100 different countries. The malware is reportedly called WCry, WannaCry or Wana Decryptor.
The cyber-attack used hacking tools that were thought to be developed by the U.S. National Security Agency. Tens of thousands of computers were infected, including FedEx and Britain’s Healthy systems. Security software maker Avast stated their researchers had noted 57,000 infections. The brunt of the attack was focused on Russia, Ukraine and Taiwan.
The virus was most likely made into a “worm” which is a self-spreading malware. The malware exploited a NSA code known as “Eternal Blue” that was released last month. As of now, there is no lead on who was behind the attack as no group or individuals have come forward to claim the vicious worm.
Once the emails were open and the computers infected, the ransomware encrypted data demanded payment to restore access to files. The payments ranged from $300 to $600. Security researches noted some victims of the attack did pay the ransom, in the form of digital currency called bitcoin, but it is unknown how much money the extortionists collected from the victims. The message attacthed the the emails reads: "You can decrypt some of your files for free, but if you want to decrypt all your files, you need to pay. You only have 3 days to submit the payment. After that the price will be doubled." The screen also includes a countdown clock that threatens all files will be deleted after 7 days.
Hospitals in Britain were forced to turn patients away when they were hit by the attack and unable to access their computers. FedEx also reported they had been affected, releasing in a statement they “are implementing remediation steps as quickly as possible.”
Edward Snowden, who in 2013 leaked information regarding the NSA’s collection program, called this software a “dangerous attack tool.”
By the time the hackers turned their attention to the United States, the emails had been flagged as malicious and the spam ware detected. There has been concern raised after such large corporations were attacked, which will most likely give other cyberattackers confidence in reaching such high platform servers and computers. The infection has also been slowed significantly after a security researcher bought the domain the malware was connecting to. This in turn stunted the effectiveness of the virus, and the number of infections has greatly decreased. But there are multiple warnings that the attackers will alter the code and send out an updated version of the virus.