A massive attack is spreading globally by way of a vulnerability in Microsoft 's Server Message Block that was patched Vulnerability-related.PatchVulnerability in March . Ransomware is no longer just a nuisance . Now it 's quite literally a matter of life and death . A massive ransomware attack Attack.Ransom being labeled as `` WannaCry Attack.Ransom `` has been reported around the world and is responsible for shutting down hospitals in the United Kingdom and encrypting files at Spanish telecom firm Telefonica . The WannaCry attack Attack.Ransom is not a zero-day flaw , but rather is based on an exploit that Microsoft patched Vulnerability-related.PatchVulnerability with its MS17-010 advisory on March 14 in the SMB Server . However , Microsoft did not highlight Vulnerability-related.DiscoverVulnerability the SMB flaw until April 14 , when a hacker group known as the Shadow Brokers released Vulnerability-related.DiscoverVulnerability a set of exploits , allegedly stolen Attack.Databreach from the U.S.National Security Agency . SMB , or Server Message Block , is a critical protocol used by Windows to enable file and folder sharing . It 's also the protocol that today 's WannaCry attack Attack.Ransom is exploiting to rapidly spread from one host to the next around the world , literally at the speed of light . The attack is what is known as a worm , `` slithering '' from one host to the next on connected networks . Among the first large organizations to be impacted by WannaCry is The National Health Service in the UK , which has publicly confirmed that it was attacked Attack.Ransom by the Wan na Decryptor. `` This attack Attack.Ransom was not specifically targeted at the NHS and is affecting organisations from across a range of sectors , '' the NHS stated . `` At this stage we do not have any evidence that patient data has been accessed Attack.Databreach . '' Security firm Kaspersky Lab reported that by 2:30 p.m . ET May 12 it had already seen more than 45,000 WannaCry attacks Attack.Ransom in 74 countries . While the ransomware attack Attack.Ransom is making use of the SMB vulnerability to spread , the encryption of files is done by the Wanna Decryptor attack Attack.Ransom that seeks out all files on a victim 's network . Once the ransomware has completed encrypting files , victims are presented with a screen demanding a ransom Attack.Ransom . Initially , the ransom requested Attack.Ransom was reported to be $ 300 worth of Bitcoin , according to Kaspersky Lab . `` Many of your documents , photos , videos , databases and other files are no longer accessible because they have been encrypted , '' the ransom note states . `` Maybe you are busy looking for a way to recover your files , but do not waste your time . Nobody can recover your files without our decryption service . '' It 's not clear who the original source of the global WannaCry attacks Attack.Ransom is at this point , or even if it 's a single threat actor or multiple actors . What is clear is that despite the fact that a software patch has been available Vulnerability-related.PatchVulnerability since March for the SMB flaws , WannaCry is using tens of thousands of organizations that did n't patch Vulnerability-related.PatchVulnerability .

Islamic State supporters are warning one another of malware targeting the militant group through the chat app Telegram . One member on a popular ISIS forum alerted users to plus_gram.apk , a trojanized RAT ( a remote access tool disguised as Attack.Phishing harmless software ) that allows an attacker to spy on and take full control of the target ’ s Android device . The ISIS supporter used malware analysis at NVISIO , a popular free platform to test Android software for malicious code . The warning was first spotted and described by @ switch_d , a veteran ISIS watcher . This attack Attack.Phishing arrives as a phishing link disguised as Attack.Phishing an invitation to a video chat , according to the warning , a tactic ISIS supporters have fallen victim to in the past . The responses to the warning include a thanks and common sense guidance to “ only accept files from brothers you know ” . This malware runs in multiple stages , Khalil Sehnaoui , a Middle East-based cybersecurity specialist and founder of Krypton Security , told CyberScoop . “ The exploit code is usually small and after successful exploitation it runs a dropper code which will in turn download new applications/malware in order to get more control of the system by escalating privileges ” .

Researchers at security vendor Check Point have warned of a ransomware attack Attack.Ransom targeting HR departments . This attack Attack.Ransom is currently targeted at German speaking companies and pretends to be Attack.Phishing a job application . Researchers say that the email comes with two attachments . A covering letter which is a standard PDF and an Excel file containing the GoldenEye variant of the Petya ransomware . According to the blog , when the user opens the Excel file : “ It contains a picture of a flower with the word “ Loading… ” underneath , and a text in German asking the victim to enable content so that the macros can run ” . Once enabled the macros begin encrypting the local user files before displaying the ransom note : “ YOUR_FILES_ARE_ENCRYPTED.TXT ” The computer is then rebooted and GoldenEye begins encrypting the entire hard disk . Eventually the user is presented with a message telling them they are infected with the GoldenEye ransomware . They are asked Attack.Ransom to download the Tor Browser and pay a ransom Attack.Ransom of at least 1.3 Bitcoin ( BTC ) . The surge in value for Bitcoin at the end of 2016 has driven the price up . As of today the price of a single Bitcoin is $ 1,148 meaning that unlocking the computer will cost the user almost $ 1,500 . Interestingly the researchers believe that the malware owner is trying to get around $ 1,000 per victim . This means that with the fluctuation in the price of BTC they will have to keep adjusting their ransom demands Attack.Ransom .