Ransomware cyber-attacks started hitting hospitals, governments, schools and various companies in different parts of the world on Friday.
Kaspersky initially recorded more than 45,000 attacks in almost 100 countries, including Russia, Britain, Germany, Taiwan and more.
However, Avast anti-virus software reported that as of the morning of Saturday, May 13th, it is "now seeing more 126,000 detections of WanaCrypt0r 2.0, in 104 countries." (Source: Avast blog)
The WanaCrypt0r 2.0 is the name of the infected malware that's been attacking different computers with an email that requires the various organizations to pay ransom in Bitcoin currency.
📎Hackers hacked the computers of dozens of hospitals in the UK through ransomware the name of this virus #WanaCrypt0r2 .0 #CyberAttack â˜
— Ankit G. Dange (@ankit_dange) May 13, 2017
Avast reported that it became familiar with WanaCrypt0r 2.0 back in February:
"We saw the first version of WanaCrypt0r in February and now the ransomware is available in 28 different languages, from languages like Bulgarian to Vietnamese. Today at 8 am CET, we noticed an increase in activity of this strain, which quickly escalated into a massive spreading, beginning at 10 am." (source: Avast blog)
As far as who is responsible for the attacks, many are suspecting the attacks were caused by a leak of the National Security Agency's (NSA) cyber weapon tool kit last year.
While the NSA has yet to make a statement about the attacks, whistle blower Edward Snowden is tweeting that organizations could have been better prepared for the attack if the government had been more transparent.
If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened https://t.co/lhApAqB5j3
— Edward Snowden (@Snowden) May 12, 2017
But Snowden also suggests why he believes the NSA isn't doing more to help with the investigation:
Pause a moment to consider why we're left with researchers, not governments, trying to counter the @NSAGov-enabled ransomware mess. Hint: https://t.co/IE8LKctgAF
— Edward Snowden (@Snowden) May 13, 2017
Some of the major locations hit include Britain's healthcare system. Surgeries had to be delayed.
Dr Anne Rainsberry, National Health Service Incident Director, said: “We’d like to reassure patients that if they need the NHS and it’s an emergency that they should visit A&E or access emergency services in the same way as they normally would and staff will ensure they get the care they need. More widely we ask people to use the NHS wisely while we deal with this major incident which is still ongoing. NHS Digital are investigating the incident and across the NHS we have tried and tested contingency plans to ensure we are able to keep the NHS open for business.” (Source: NHS)
Spain's major mobile company, Telefonica also released a statement regarding the attack on Friday:
"Earlier today Telefónica detected a cibersecurity incident affecting the PC's of some employees within the company's internal corporate network. Telefónica inmediately activated the security protocols for this type of incident in order to resolve the problem as soon as possible." (Telefonica press)
As far as who was behind the attacks, the investigation continues.
In order to be prepared for future potential attacks, Europol is putting out resources and also researching how to prevent future attacks.
What is #ransomware? Find out more about how you can prevent and report it: https://t.co/3HIV2MNttQ. #NoMoreRansom #NeverPay @EC3Europol pic.twitter.com/ey8I0K8NpP
— Europol (@Europol) May 13, 2017
