Ransomware based on leaked NSA tools spreads to dozens of countries

A ransomware attack seemingly based on leaked NSA hacking tools is spreading like wildfire among unpatched Windows systems worldwide. Early reports suggested it was targeted at the UK’s National Health Service, but it’s clear now that the attack is a global one, with thousands of computers apparently affected in Russia alone.

A Kaspersky lab analysis puts the number of infected computers at more than 45,000 as of early Friday afternoon, the vast majority of which are Russian (Ukraine, India, and Taiwan follow). The ransomware’s code makes it pretty clear that it’s taking advantage of an exploit called EternalBlue, published in April by the Shadow Brokers but patched preemptively by Microsoft in March.

If everyone just kept their boxes up to date we wouldn’t have the current viral conflagration, of course, but as usual that’s too much to ask.

A bitcoin wallet reportedly used by the ransomers shows numerous incoming transactions of between 0.15 and 0.3 BTC, worth around $250-$500 today, so at least a few of those infected have opted to pay rather than attempt to extricate their data safely or do a full wipe and rollback.

This story is developing and we will update this story as new information appears.