The effects were felt around the globe, disrupting computers that run factories, banks, government agencies and transport systems in nations as diverse as Russia, Ukraine, Brazil, Spain, India and the U.S. Britain's National Health Service was hit hard, while Russia's Interior Ministry and companies including Spain's Telefonica, FedEx Corp.in the U.S. and French carmaker Renault all reported disruptions.
A mysterious, Russian-linked group called TheShadowBrokers last month claimed to have stolen the hacking tool, which may then have been acquired by another cyber gang and unleashed in Friday's onslaught.
Lawless reported from London. Instead, they can use them for intelligence gathering or law enforcement. Microsoft could and should focus even more aggressively on anti-exploit technologies that are built into the Windows operating system. Smith noted that the company released a security update to patch the flaw exploited by the WannaCry virus back in March. The directive was in response to the WannaCry ransomware that took down computer systems across the world locking up critical data and demanding bitcoins as ransom for its release.
Bossert said he expected the number of people affected would rise as more workers logged into their work computers today.
The WannaCry ransomware appears to only attack unpatched computers running Windows 10. But some experts have argued this attack could have been vastly mitigated if the NSA told Microsoft sooner. Short of paying, options for these individuals and companies are usually limited to recovering data files from a backup, if available, or living without them. He said the software attacking a vulnerability had been incorporated with other software and delivered in a way to cause "infection, encryption and locking". They just happen to hit the motherlode.
A cybersecurity researcher in Asia who declined to be named said that while most banks globally had escaped damage, not all had installed patches in time.
"One thing that is very important to note is our sinkholing only stops this sample and there is nothing stopping them removing the domain check and trying again, so it's incredibly important that any unpatched systems are patched as quickly as possible", he warned.
"Right now, just about every IT department has been working all weekend rolling this out", said Dan Wire, spokesman at Fireeye Security. "No matter how this was disclosed or when it was disclosed, some percentage of businesses would not have applied". Those facilities are not unique.
But there will be other vulnerabilities to come, and not all of them will have fixes for older systems.
"Whenever there is a new patch, there is a risk in applying the patch and a risk in not applying the patch", Grobman said.
Microsoft does not pay much attention to the security and privacy of Windows versions which have exited support for them.
British media had reported a year ago that most public health organizations were using an outdated version of Microsoft Windows that was not equipped with security updates. "The WannaCry ransomware does not look like something that will affect the ATMs in anyway unlike personal/corporate endpoints", said Saket Modi, CEO and co-founder, Lucideus. While this particular ransomware was inadvertently stopped, hackers could modify the code and try again.
Security firm Digital Shadows said on Sunday that transactions totalling $32,000 had taken place through Bitcoin addresses used by the ransomware.
Kaspersky Lab, a Russian cybersecurity firm, said it had recorded at least 45,000 attacks in as many as 74 countries, including the US, where its effects seemed muted. "Since this WannaCry attack has been so effective thus far, it is quite likely that this is the first of many ransomware attacks that leverage exploits to effectively spread their payloads throughout the Internet".