Since early Friday morning, reports have been coming in about a massive ransomware attack sweeping through Windows PCs in Europe. The National Health Service in England has had numerous hospitals and doctor’s offices hit, and a number of private companies have reported a similar attack.
According to reports from some companies, systems in the US are starting to see the attack, and IT departments are urging employees to shut down any “non-essential” systems to avoid infection.
The virus is a form of ransomware known as “WannaCry.” It uses an exploit in Windows to spread from computer to computer, which explains the rapid worldwide spread. The vulnerability it exploits, known as “EternalBlue,” was patched by Microsoft in March, but the update has clearly not been universally adopted by users.
The exploit initially hit Russia, Taiwan and Spain the hardest, according to security companies. Since then, it appears to be spreading around the globe at speed. The hack on the NHS in England is the most high-profile of the successful attacks, but research firm Kaspersky has recorded 45,000 incidents, and counting.
Companies in the US have started seeing the attack appear on some machines. FedEx issued a statement, saying that “like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware. We are implementing remediation steps as quickly as possible.” Reports suggest that it originated in FedEx’s system in the UK, and workers in the US were told to shut down any non-critical systems.
The exploit itself was first widely known when it was leaked as part of a trove of NSA documents. The exploit became widely known at that point, and Microsoft issued a patch. The problem is that many individual users and organizations don’t update Windows regularly, which creates a window of opportunity where hackers know of a vulnerability, and some users remain unprotected.