A massive attack is spreading globally by way of a vulnerability in Microsoft 's Server Message Block that was patched Vulnerability-related.PatchVulnerability in March . Ransomware is no longer just a nuisance . Now it 's quite literally a matter of life and death . A massive ransomware attack Attack.Ransom being labeled as `` WannaCry Attack.Ransom `` has been reported around the world and is responsible for shutting down hospitals in the United Kingdom and encrypting files at Spanish telecom firm Telefonica . The WannaCry attack Attack.Ransom is not a zero-day flaw , but rather is based on an exploit that Microsoft patched Vulnerability-related.PatchVulnerability with its MS17-010 advisory on March 14 in the SMB Server . However , Microsoft did not highlight Vulnerability-related.DiscoverVulnerability the SMB flaw until April 14 , when a hacker group known as the Shadow Brokers released Vulnerability-related.DiscoverVulnerability a set of exploits , allegedly stolen Attack.Databreach from the U.S.National Security Agency . SMB , or Server Message Block , is a critical protocol used by Windows to enable file and folder sharing . It 's also the protocol that today 's WannaCry attack Attack.Ransom is exploiting to rapidly spread from one host to the next around the world , literally at the speed of light . The attack is what is known as a worm , `` slithering '' from one host to the next on connected networks . Among the first large organizations to be impacted by WannaCry is The National Health Service in the UK , which has publicly confirmed that it was attacked Attack.Ransom by the Wan na Decryptor. `` This attack Attack.Ransom was not specifically targeted at the NHS and is affecting organisations from across a range of sectors , '' the NHS stated . `` At this stage we do not have any evidence that patient data has been accessed Attack.Databreach . '' Security firm Kaspersky Lab reported that by 2:30 p.m . ET May 12 it had already seen more than 45,000 WannaCry attacks Attack.Ransom in 74 countries . While the ransomware attack Attack.Ransom is making use of the SMB vulnerability to spread , the encryption of files is done by the Wanna Decryptor attack Attack.Ransom that seeks out all files on a victim 's network . Once the ransomware has completed encrypting files , victims are presented with a screen demanding a ransom Attack.Ransom . Initially , the ransom requested Attack.Ransom was reported to be $ 300 worth of Bitcoin , according to Kaspersky Lab . `` Many of your documents , photos , videos , databases and other files are no longer accessible because they have been encrypted , '' the ransom note states . `` Maybe you are busy looking for a way to recover your files , but do not waste your time . Nobody can recover your files without our decryption service . '' It 's not clear who the original source of the global WannaCry attacks Attack.Ransom is at this point , or even if it 's a single threat actor or multiple actors . What is clear is that despite the fact that a software patch has been available Vulnerability-related.PatchVulnerability since March for the SMB flaws , WannaCry is using tens of thousands of organizations that did n't patch Vulnerability-related.PatchVulnerability .

The ransomware attack Attack.Ransom targeting global hospitals , governments and telecoms using a leaked National Security Agency ( NSA ) exploit may be the result of a `` targeted attack gone horribly wrong '' , according to a team of well-regarded security researchers . Experts from Recorded Future , a threat intelligence company headquartered in the US , say analysis of the hackers ' bitcoin addresses – set up to receive money from infected computers – indicates the attackers were unprepared for such a widespread incident . `` A part of carefully planned large-scale ransomware attack Attack.Ransom requires a separate bitcoin address for each victim , guaranteeing the miscreant controlling the operation would later be able to identify the payment Attack.Ransom and decrypt the correct system , '' wrote security expert John Wetzel in a blog post . He said in the WannaCry ransomware campaign Attack.Ransom , however , only a `` handful '' of wallets were used . `` Such unusual behaviour suggests the current epidemic was never planned by criminals , and resulted from targeted attacks going horribly wrong , '' he added . At the time of writing , the criminals ' bitcoin wallets have received over $ 40,000 worth of bitcoin , a type of cryptocurrency . All funds remain untouched . The security firm said the inaction is likely due to `` intense scrutiny '' of police and investigators . `` Unintended or not , the scale and scope of damage in this attack is unprecedented . Criminals will utilise any method available in their pursuit of monetary gain . While the gain in this attack was limited , the damage was massive , and possibly avoidable , '' Wetzel noted . Recorded Future is just one of many firms probing the malware – which was exploiting the same Microsoft Windows vulnerability as a leaked NSA exploit called EternalBlue . The bug , patched Vulnerability-related.PatchVulnerability in March 2017 , targeted the SMB ( Server Message Block ) , experts found Vulnerability-related.DiscoverVulnerability . Microsoft has been outspoken on the topic of the NSA storing vulnerabilities for its software . `` Repeatedly , exploits in the hands of governments have leaked into the public domain and caused widespread damage , '' said the firm 's president , Brad Smith , on 14 May . `` We expect to see further attacks from variants of this malware , '' warned Recorded Future , adding : `` The best advice is to update your antivirus on endpoints , to ensure that all Windows systems are fully patched Vulnerability-related.PatchVulnerability , to configure firewalls to block access to SMB and RDP ports . '' On 15 May , as the UK working week was set to begin , fears mounted that a second round of infections could take place . According to Kaspersky Lab 's Costin Raiu , the malware was still in circulation , but appeared to be less widespread than previously predicted . `` Kaspersky Lab has noted about 500 new attempted WannaCry attacks Attack.Ransom across its customer base – by comparison , on 12 May ( Friday ) there were six times as many attempts during the first hour alone . This suggests the infection may be coming under control , '' Raiu said . Security experts , including MalwareTech and Matt Suiche , worked through the weekend ( 13-14 May ) to locate so-called `` kill-switches '' that could curb the spread of the ransomware . At the same , law enforcement around the world launched investigations into the incident .