"Worst-Ever Recorded" Ransomware Attack Strikes Over 57,000 Users Worldwide, Using NSA-Leaked Tools

Tyler Durden's picture

The ransomware has been identifed as WannaCry

* * *

Update 4: According to experts tracking and analyzing the worm and its spread, this could be one of the worst-ever recorded attacks of its kind. The security researcher who tweets and blogs as MalwareTech told The Intercept “I’ve never seen anything like this with ransomware," and "the last worm of this degree I can remember is Conficker.” Conficker was a notorious Windows worm first spotted in 2008; it went on to infect over nine million computers in nearly 200 countries. As The Intercept details,

Today’s WannaCry attack appears to use an NSA exploit codenamed ETERNALBLUE, a software weapon that would have allowed the spy agency’s hackers to break into any of millions of Windows computers by exploiting a flaw in how certain version of Windows implemented a network protocol commonly used to share files and to print. Even though Microsoft fixed the ETERNALBLUE vulnerability in a March software update, the safety provided there relied on computer users keeping their systems current with the most recent updates. Clearly, as has always been the case, many people (including in governments) are not installing updates. Before, there would have been some solace in knowing that only enemies of the NSA would have to fear having ETERNALBLUE used against them–but from the moment the agency lost control of its own exploit last summer, there’s been no such assurance.


Today shows exactly what’s at stake when government hackers can’t keep their virtual weapons locked up.


As security researcher Matthew Hickey, who tracked the leaked NSA tools last month, put it, “I am actually surprised that a weaponized malware of this nature didn’t spread sooner.”

Update 3: Microsoft  has issued a statement, confirming the status the vulnerability:

Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt.


In March, we provided a security update which provides additional protections against this potential attack.


Those who are running our free antivirus software and have Windows updates enabled, are protected. We are working with customers to provide additional assistance.

Update 2: Security firm Kaspersky Lab has recorded more than 45,000 attacks in 74 countries in the past 10 hours. Seventy-four countries around the globe have been affected, with the number of victims still growing, according to Kaspersky Lab. According to Avast, over 57,000 attacks have been detected worldwide, the company said, adding that it "quickly escalated into a massive spreading."

According to Avast, the ransomware has also targeted Russia, Ukraine and Taiwan. The virus is apparently the upgraded version of the ransomware that first appeared in February. Believed to be affecting only Windows operated computers, it changes the affected file extension names to ".WNCRY." It then drops ransom notes to a user in a text file, demanding $300 worth of bitcoins to be paid to unlock the infected files within a certain period of time.

While the victim's wallpaper is being changed, affected users also see a countdown timer to remind them of the limited time they have to pay the ransom. If they fail to pay, their data will be deleted, cybercriminals warn. According to the New York Times, citing security experts, the ransomware exploits a "vulnerability that was discovered and developed by the National Security Agency (NSA)." The hacking tool was leaked by a group calling itself the Shadow Brokers, the report said, adding, that it has been distributing the stolen NSA hacking tools online since last year.

Predictably, Edward Snowden - who has been warning about just such an eventuality - chimed in on Twitter, saying "Whoa: @NSAGov decision to build attack tools targeting US software now threatens the lives of hospital patients."

*  *  *

Update 1: In a shocking revelation, The FT reports that hackers responsible for the wave of cyber attacks that struck organisations across the globe used tools stolen from the US National Security Agency.

A hacking tool known as “eternal blue”, developed by US spies has been weaponised by the hackers to super-charge an existing form of ransomware known as WannaCry, three senior cyber security analysts said. Their reading of events was confirmed by western security officials who are still scrambling to contain the spread of the attack. The NSA’s eternal blue exploit allows the malware to spread through file-sharing protocols set up across organisations, many of which span the globe.

As Sam Coates summed up...

*  *  *

We earlier reported in the disturbing fact that hospitals across the United Kingdom had gone dark due to a massive cyber-attack...

Hospitals across the UK have been hit by what appears to be a major, nationwide cyber-attack, resulting in the loss of phonelines and computers, with many hospitals going "dark" and some diverting all but emergency patients elsewhere. At some hospitals patients are being told not to come to A&E with all non-urgent operations cancelled, the BBC reports.


The UK National Health Service said: “We’re aware that a number of trusts that have reported potential issues to the CareCERT team. We believe it to be ransomware.” It added that trusts and hospitals in London, Blackburn, Nottingham, Cumbria and Hertfordshire have been affected and are reporting IT failures, in some cases meaning there is no way of operating phones or computers.


At Lister Hospital in Stevenage, the telephone and computer system has been fully disabled in an attempt to fend off the attack.


NHS England says it is aware of the issue and is looking into it.

UK Prime Minister Theresa May confirms today's massive cyber hit on NHS is part of wider international attack and there is no evidence patient data has been compromised.

The situation has got significantly worse as The BBC reports the ransomware attack has gone global.


Screenshots of a well known program that locks computers and demands a payment in Bitcoin have been shared online by parties claiming to be affected.

It is not yet clear whether the attacks are all connected. One cyber-security researcher tweeted that he had detected 36,000 instances of the ransomware, called WannaCry and variants of that name.

"This is huge," he said.

There have been reports of infections in the UK, US, China, Russia, Spain, Italy, Vietnam, Taiwan and others.

The BBB details a number of Spanish firms were among the apparent victims elsewhere in Europe.

Telecoms giant Telefonica said in a statement that it was aware of a "cybersecurity incident" but that clients and services had not been affected.


Power firm Iberdrola and utility provider Gas Natural were also reported to have suffered from the outbreak.


There were reports that staff at the firms were told to turn off their computers.

In Italy, one user shared images appearing to show a university computer lab with machines locked by the same program.

Bitcoin wallets seemingly associated with the ransomware were reported to have already started filling up with cash.

"This is a major cyber attack, impacting organisations across Europe at a scale I've never seen before," said security architect Kevin Beaumont.

According to security firm Check Point, the version of the ransomware that appeared today is a new variant.

"Even so, it's spreading fast," said Aatish Pattni, head of threat prevention for northern Europe.

Several experts monitoring the situation have linked the attacks to vulnerabilities released by a group known as The Shadow Brokers, which recently claimed to have dumped hacking tools stolen from the NSA.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
espirit's picture


Let them shut the whole motherfucker down.


That’ll sure teach us a lesson… lol.


Nekoti's picture

'Us' is what keeps them awake at night.

imbrbing's picture

Then bitcoin is worthless :)

No internet, no bitbucket(coin)

Raffie's picture

Used to be Lemonade stands to make money, now it's ransomware.

peddling-fiction's picture

Lemonade stands were outlawed.

Timmy was arrested and shamed.

There are consequences.

Automatic Choke's picture

When I was a kid, we lived in a neighborhood wrapped around a golf course.   In the southern california summer, we'd setup a lemonade stand where the golfers crossed the street a block from our house....they crossed between holes midway through the 2nd 9.  It was wonderful - they were out in a quiet residential neighborhood, no stores for a mile or more, baking in the hot sun, and here is a snot-nosed kid selling ice cold lemonade at a buck a glass (and this was in the mid 60s).   A trapped customer base.

I drove past there a couple years ago when I was out there on business...a sort of nostalgia thing.   There was now a tunnel underneath the road for the golfers to walk through, and 8 foot high chain link fence separating the golf course from the street & sidewalk.   Curses!


Jim in MN's picture

Reminds one of the Ancien Regime right before the Bastille......

peddling-fiction's picture

Let them eat delicious chocolate cake.

swmnguy's picture

That made me laugh out loud.  

The most beautiful piece of chocolate cake that you've ever seen.  Not just delicious.  A visual indulgence, as well.

Winston Churchill's picture

No permit required, untintended consequences.

Badsamm's picture

Hello World War III, am I the false flag you were looking for?

ATM's picture

They got bills to pay.

ATM's picture

They got bills to pay.

GreatUncle's picture

Lol everyone who gets this is going to be pissed not at the hackers but those who created an insecure operating system that exposed them to blackmail.


WillyGroper's picture

Wikileaks viagra is bound to be a gas.

Buck Johnson's picture

We are going to pay dearly in producing tools that got out into the realworld. 


sgt_doom's picture

There have been at least two airliner crashes, probably more, which could be attributed to that Stuxnet code somehow getting into their cockpit computers and interfering with alarms sounding because it occupied the memory space reserved for interrupt vectors which would have invoked such alarms to warn the pilots of impending disaster!

sgt_doom's picture

So a jackhole named Gen. Clapper was testifying against Gen. Flynn, as if Gen. Flynn had done something monumental, but it was Gen. Clapper who, when he was at the Pentagon some years back, wrote the paper and pushed for the complete privatization of the US intelligence community (and it gags me to use that term)!

So, they privatize NSA, CIA, etc., and offshore the jobs and the technology and the predictable happens.

Who was head of the CIA and NSA during their largest leaks in history?

Who was head of the DIA when their intrepid and fearless analyst, Julie Sirrs, returned with damning information on the Taliban and al Qaeda and word from the Northern Alliance leader, Ahmad Shah Massoud (who would be assassinated by al Qaeda suicide bombers posing as journalists on 9/09/01, two days prior to the attacks on 9/11) of an impending attack on US soil, who confiscated said informtion and forced Ms. Sirrs out of the DIA --- it damn well wasn't Gen. Flynn, that's for damn sure?

Time to hold ALL these jackholes, like Clapper, and Hayden, and Panetta, and the others, accountable for either their incompetence --- or culpability!

swmnguy's picture

Well, they did get the ability to say, with legal approval and a straight face, "The CIA doesn't torture."  And, "The NSA doesn't spy on US Citizens."  Because they don't.  The CIA hires Dynecorp and the like to torture, and Edward Snowden was working for Booz-Allen-Hamilton.

So they've got that going for them, which must be nice.

sgt_doom's picture

I believe it is time to revist Sibel Edmonds and the FBI, CIA and State:



HRClinton's picture

You could say, that these CIA cyber tools are "spreading free enterprise everywhere".

What's more American than that? 


Victory_Garden's picture






Christophe2's picture

Part of the psy-op might be actually to get the general public to know more about bitcoins and to believe (very foolishly) that you could actually pull a stunt like this without leaving any trails behind.

The subconscious message to the sheeple is the following: don't hesitate to use bitcoins, they are beyond the NSA's control (LOL).  I don't doubt the TV's analysts will mention the 'danger' of people using bitcoins to buy drugs off of the dark web (when the CIA/NSA are the top of the drug trade, and clearly wish for us all to quit cash).

Great Deceivah's picture

Funny to see a bunch of US companies getting hit.. this is what happens when you replace American Workers with H1B visa Pakistani and Indian scum.

meditate_vigorously's picture

Some of those "updates" contain CIA backdoors, so you can't really win, and I suspect this to be a psyop, not sure for who.

Yog Soggoth's picture

Eh, I was warned years ago that the windows program was built to be flawed by a three letter guy. So just like any group of people there are the good and the bad, and not necessarily in that order sometimes. That still is not an excuse for the Tylers' waiting for push arrow nightmare every frigging day! Waiting for ligit add this or that, STOP IT TYLERS!!! Hire a computer guy to figure out this stuff.

Vic Odd's picture

Time to get long cybersecurity stocks

AGuy's picture

"Fuck you CIA."

Maybe its double FU. as WannaCry is just a PyschOps tool to get bitcoin banned. Would that be something.

1. Fake a release of CyberHacking tools.
2. Create new Worm based upon tool, and demands payment in BTC.
3. Politicians worldwide rally to ban BTC to prevent CyberCriminals using BTC for payment.

ZH Snob's picture

those damaged by this should enjoin in a class-action lawsuit on the CIA, the NSA and maybe even Microsoft for creating this mess.

spqrusa's picture

This is just another Windoz feature...

dasein211's picture

This is going to happen in spades. All the Guvvy tools of the FBI/CIA/NSA are going to be used by the Hackerz now.

centerline's picture

Damn Amish again.

BigFatUglyBubble's picture

I saw Jebediah behind the barn with a cellphone sneaking a cig.  This must be his doing.

E.F. Mutton's picture

My old analog combination safe that holds my guns and gold still opens.  Imagine that.

Implied Violins's picture

Yup. And my lake still holds water as well.

Dickweed Wang's picture

LMFAO!!!  Yep . . . to get in mine you have to actually turn a dial with numbers on it and then use a key.  Go figure . . . .

People that put too much faith in high tech are bound too get burned eventually.  A good example of this is a story I recently read that said many universities are actually destroying their original hard copy books and texts once they are scanned and digitized into their databases because they don't want to devote the space (and expense) to store them anymore.  Idiots . . . .

techpriest's picture

If they are going through the trouble, at least they could reprint the books onto archive-quality material, and then store them in some sort of vault.

Personally, when I get to where I want to get, I want to develop some millenium-scale archive material, write down the great works of this era (Mises, CS Lewis, etc.), and put them in a time capsule. The idiot SJWs are going to burn down our society, but we need the right ideas so the survivors can rebuild.

peddling-fiction's picture

Save a copy of Wikipedia as evidence as well.

swmnguy's picture

No Shit!  My last year of college would have been 1985.  The small state school I went to converted their card catalogue to a computer system that year, and stopped maintaining their card catologue system.  It was a total shitshow.  They lost so many books and documents, in a small library as college libraries go, it was unbelieveable.  Not to mention a card catologue was much more intuitive to browse.  You got to sort what might and might not be relevant, not the dope fiend who wrote up the search mechanism.  Intuitive, non-linear data searching like that can be incredibly rewarding.

It was freaking impossible to do research for papers that year.  That wasn't really the reason for my horrific grades or departure from school sans diploma, but it didn't help.

I can only imagine what will happen when you can't get back in the stacks to look at actual books.  Completely in the hands of programmers at that point.  They're not the right kind of thinkers for that task.

medium giraffe's picture

Right on the back of WH comments yesterday concerning acts of war and the need for a new cyber strategy.

I'm sure it's just a coincidence.

booboo's picture

"We have only one option Mr President, nuke ourselves"

Jim in MN's picture

"We have to nuke....our Snapchat."

kliguy38's picture

This is just a test.......this is just a test

MANvsMACHINE's picture

I will have to search the bottom of the lake for my bitcoin.

Badsamm's picture

I wish they would go after the bank holding my car loan

buzzkillb's picture

I saw that in a movie, that was based on a book.

Catahoula's picture

Live by tech, you pay for it sooner or later

Iron head's picture

Good, I want the whole system to crash!