A ransomware attack seemingly based on leaked NSA hacking tools is spreading like wildfire among unpatched Windows systems worldwide. Early reports suggested it was targeted at the UKs National Health Service, but its clear now that the attack is a global one, with thousands of computers apparently affected in Russia alone.
A Kaspersky lab analysis puts the number of infected computers at more than 45,000 as of early Friday afternoon, the vast majority of which are Russian (Ukraine, India, and Taiwan follow). The ransomwares code makes it pretty clear that its taking advantage of an exploit called EternalBlue, published in April by the Shadow Brokers but patched preemptively by Microsoft in March.
If everyone just kept their boxes up to date we wouldnt have the current viral conflagration, of course, but as usual thats too much to ask.
A bitcoin wallet reportedly used by the ransomers shows numerous incoming transactions of between 0.15 and 0.3 BTC, worth around $250-$500 today, so at least a few of those infected have opted to pay rather than attempt to extricate their data safely or do a full wipe and rollback.
This story is developing and we will update this story as new information appears.