Computers in thousands of locations have been locked by a programme that demands $300 (£230) in Bitcoin.
In April hackers known as The Shadow Brokers claimed to have stolen the tools and released them online.
Microsoft released a patch for the vulnerability in March, but many systems may not have been updated.
There have been reports of infections in 99 countries … Cyber-security firm Avast said it had seen 75,000 cases of the ransomware — known as WannaCry and variants of that name — around the world. …
Meanwhile wallets for the digital cryptocurrency Bitcoin that were seemingly associated with the ransomware were reported to have started filling up with cash. …
Some experts say the attack may be have been built to exploit a weakness in Microsoft systems that was identified by the NSA and given the name EternalBlue. However they subsequently made the tools freely available, releasing a password for the encryption on 8 April. The hackers said they had published the password as a “protest” about US President Donald Trump.
If you have a Windows computer, I hope you have auto update on: enable windows update, update and then reboot. Consider backing up now.
At the time, some cyber-security experts said some of the malware was real, but old. A patch for the vulnerability was released by Microsoft in March, but many systems may not have had the update installed. …
Your computer can be infected without you doing anything at all:
Some security researchers have pointed out that the infections seem to be deployed via a worm – a program that spreads by itself between computers.
Unlike many other malicious programs, this one has the ability to move around a network by itself. Most others rely on humans to spread by tricking them into clicking on an attachment harbouring the attack code.
By contrast, once WannaCry is inside an organisation it will hunt down vulnerable machines and infect them too. This perhaps explains why its impact is so public – because large numbers of machines at each victim organisation are being compromised.
The most disruptive attacks were reported in Britain, where hospitals and clinics were forced to turn away patients after losing access to computers.
hat-tip Charles, Matthew