It appears that malware hacked from the NSA in April 2017 has been set loose on the world. The massive ransomware infection hit at least 99 countries. The ransomware is called WannaCry. The source was leaked as part of a WikiLeaks dump of NSA spytools. The stolen code was modified by hackers to takeover computers. Then, a ransom note says you must pay $300 in BitCoin to save your computer. The price increases every couple of hours if the ransom isn't paid. The ransomware spreads by taking advantage of a vulnerability in Microsoft Windows. Microsoft issued a patch after the NSA leak; however, computers that did not apply the patch were at risk.
In the UK, 16 National Health Service organizations were taken off-line. Europol said the attack was of an "unprecedented level and requires international investigation." Cybersecurity firm Avast said, "the majority of the attacks targeted Russia, Ukraine and Taiwan. But U.K. hospitals, Chinese universities and global firms like Fedex also reported they had come under assault."
Later in the day, the "accidental hero" halted the global spread. The Guardian reported, "The researcher, who identified himself only as MalwareTech, is a 22-year-old from south-west England who lives with his parents and works for Kryptos logic, an LA-based threat intelligence company."
"I was out having lunch with a friend and got back about 3pm and saw an influx of news articles about the NHS and various UK organizations being hit," he said. "I had a bit of a look into that and then I found a sample of the malware behind it, and saw that it was connecting out to a specific domain, which was not registered. So I picked it up not knowing what it did at the time."
The fake domain name was a "kill switch" in the malware. When the domain really showed up on the Internet, the virus stopped replicating. "The intent was to just monitor the spread and see if we could do anything about it later on. But we actually stopped the spread just by registering the domain," he said. "This is not over. The attackers will realize how we stopped it, they’ll change the code and then they’ll start again. Enable windows update, update and then reboot."
At the writing of this article it is estimated that 1/2 million pounds ($750,000) have already been paid in ransom.
In the aftermath, Europol said:
An unprecedented global "ransomware" attack has hit at least 100,000 organizations in 150 countries, Europe’s police agency said Sunday — and predicted that more damage may be seen Monday as people return to work and switch on their computers.