An increase in activity of the malware was noticed starting from 8am CET (07:00 GMT) Friday, security software company Avast reported, adding that it “quickly escalated into a massive spreading.”
In a matter of hours, over 57,000 attacks have been detected worldwide, the company said.
— Jakub Kroustek (@JakubKroustek) May 12, 2017
Seventy-four countries around the globe have been affected, with the number of victims still growing, according to the Russian multinational cybersecurity and anti-virus provider, the Kaspersky Lab.
So far, we have recorded more than 45,000 attacks of the #WannaCry ransomware in 74 countries around the world. Number still growing fast.
— Costin Raiu (@craiu) May 12, 2017
The ransomware, known as WanaCrypt0r 2.0, is believed to have infected National Health Service (NHS) hospitals in the UK and Spain’s biggest national telecommunications firm, Telefonica.
— RT UK (@RTUKnews) May 12, 2017
According to Avast, the ransomware has also targeted Russia, Ukraine and Taiwan.
The virus is apparently the upgraded version of the ransomware that first appeared in February. Believed to be affecting only Windows operated computers, it changes the affected file extension names to “.WNCRY.”
It then drops ransom notes to a user in a text file, demanding $300 worth of bitcoins to be paid to unlock the infected files within a certain period of time.
While the victim’s wallpaper is being changed, affected users also see a countdown timer to remind them of the limited time they have to pay the ransom.
According to the New York Times, citing security experts, the ransomware exploits a “vulnerability that was discovered and developed by the National Security Agency (NSA).” The hacking tool was leaked by a group calling itself the Shadow Brokers, the report said, adding, that it has been distributing the stolen NSA hacking tools online since last year.