Security experts expressed alarm Friday over a fast-moving wave of cyberattacks around the world that appeared to exploit a flaw exposed in documents leaked from the US National Security Agency.
The attacks came in the form of ransomware, a technique used by hackers that locks a user’s files unless they pay the attackers in bitcoin.
The scope of the attacks was not immediately clear, amid varying estimates from security researchers. But the malware was linked to attacks on hospitals in Britain as well as the Spanish telecom giant Telefonica and was also spreading in other countries.
The malware’s name is WCry, but analysts were also using variants such as WannaCry, WanaCrypt0r, WannaCrypt, or Wana Decrypt0r.
Microsoft released a security patch earlier this year for the flaw, but many systems have yet to be updated, researchers said.
Researcher Costin Raiu of the Russian-based security firm Kaspersky said in a tweet, “So far, we have recorded more than 45,000 attacks of the #WannaCry ransomware in 74 countries around the world. Number still growing fast.”
Jakub Kroustek of Avast said on Twitter the security firm had detected “36,000 detections of #WannaCry (aka #WanaCypt0r aka #WCry) #ransomware so far. Russia, Ukraine, and Taiwan leading. This is huge.”
Kaspersky said the malware was released in April by a hacking group called Shadow Brokers which claimed to have discovered the flaw from the NSA.
In the United States the package delivery giant Fedex acknowledged it was hit by malware after one researcher cited the company as a target.
“Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware,” the company said in a statement.
“We are implementing remediation steps as quickly as possible.”