It was very widespread and scattergun, and some NHS systems got caught up in it:
NHS cyberattack is 'biggest ransomware outbreak in history'
The NHS cyberattack that hit hospitals across the UK is said to have been part of the biggest ransomware outbreak in history, according to Mikko Hypponen from F-Secure.
Commenting on the news, Hypponen said the Wanna Decryptor attack was unprecedented, while cyber security expert Varun Badwhar said it gave a glimpse of what a "cyber-apocalypse" would look like.
"We've never seen something spread this quickly in a 24-hour period across this many countries and continents," explained Badwhar. "So it's definitely one of those things we've always heard about that could happen and now we're seeing it play out."
The NHS hack is said to be “creeping” across the UK with reports of the ransomware attack hitting a range of other organisations in as many as 99 countries. In a statement, NHS Digital confirmed a number of NHS organisations had been affected by a ransomware attack. “The investigation is at an early stage but we believe the malware variant is Wanna Decryptor,” a spokesperson said.
http://www.wired.co.uk/article/nhs-cyberattack-ransomware-security
A lot of damage has already been done, but there is one glimmer of sunshine:
'Accidental hero' finds kill switch to stop spread of ransomware cyber-attack
An “accidental hero” has halted the global spread of the WannaCry ransomware, reportedly by spending a few dollars on registering a domain name hidden in the malware.
The ransomware has wreaked havoc on organizations including FedEx and Telefonica, as well as the UK’s National Health Service (NHS), where operations were cancelled, x-rays, test results and patient records became unavailable and phones did not work.
However, a UK cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and activated a “kill switch” in the malicious software.
The switch was hardcoded into the malware in case the creator wanted to stop it spreading. This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading.
https://www.theguardian.com/technology/2017/may/13/accidental-hero-finds-kill-switch-to-stop-spread-of-ransomware-cyber-attack
Huss simply paid a tenner to buy the domain and made it visible online (pointing to an online honeypot), and the spread stopped.
This doesn't help those already infected, though, nor does it mean that a future outbreak of a variant can be avoided while there are so many unpatched systems out there and people insist on clicking on links in emails they shouldn't.
= new reply since forum marked as read
