World

What Is Ransomware? Computers Around the World Infected by Malware Demanding Money

RTX10ZB5
A global ransomware campaign struck computers in more than 70 nations, threatening to erase data unless users pay sums of money. Kacper Pempel/Reuters

Computer systems around the world have been infected with malware that blocks access to data and demands money.

Reports of attacks came Friday from at least 99 nations, including China, Russia, Spain, Italy, Taiwan, the U.K. and the U.S. Experts have described it as the first global attack using "ransomware"—a type of malware that restricts access to users' data unless a sum of money is paid in a certain amount of time. If the user fails to pay, the malware erases all data on the infected device.

Users report being asked to pay $300 in Bitcoin by May 15 or all data would be deleted by May 19, according to CNET. The U.K.'s National Healthcare System was reportedly one of the networks struck in Friday's ransomware campaign, with at least 39 hospitals and clinics targeted, BBC News reported. Europe and Latin America were reportedly the worst-hit regions by the attack.

Related: Americans top target by ransomware, Symantec says

"It’s one of the first times we’ve seen a large international global campaign,” Chris Camacho, chief strategy officer for cyberintelligence company Flashpoint, told The Washington Post.

"When people ask what keeps you up at night, it’s this," he told The New York Times.

To gain access to the systems, attackers used a security flaw that was described by the National Security Agency (NSA) in documents later stolen from the organization and leaked publicly by a group of hackers called The Shadow Brokers, The Intercept reported. The vulnerability, called ETERNALBLUE, was reportedly addressed by Microsoft via a patch released in March, but organizations have been slow to adapt, exposing them to dangerous malware.

Malware Tech, a bot-monitoring blog, reported over 74,000 infections by the ransomware program, known as WannaCry or WannaCry Decryptor. The worst-hit countries were Russia, Taiwan and Ukraine, cybersecurity firm Avast said in a statement on its website. The firm said the "attack once again proves that ransomware is a powerful weapon that can be used against consumers and businesses alike. Ransomware becomes particularly nasty when it infects institutions like hospitals, where it can put people’s lives in danger."

U.K.-based security architect Kevin Beaumont told CNN News that Friday's attack was turning into "the biggest cybersecurity incident" he had ever seen and that more infections would probably target the U.S. He recommended companies automatically apply the patch released in March to prevent a WannaCry infection, but said that would not help systems that had already been infected.

Editor's Pick