But unlike other ransomware, Wana Decryptor has been built to spread quickly. It does so by incorporating a hacking tool that security researchers suspect came from the NSA and was leaked online last month.
The hacking tool, dubbed EternalBlue, can make it easy to hijack unpatched older Windows machines. Once Wana Decryptor has infected the first machine, it’ll attempt to spread to other machines on the same local network. Then it will scan the internet for vulnerable machines.
“It creates a snowball-like effect,” Segura said. “A few machines will be infected, then it’ll try to contact more.”
Security firm Avast said it had detected more than 75,000 attacks in 99 countries, with Russia, Ukraine and Taiwan among the hardest-hit countries. The U.K.’s National Health Service was one of the biggest organizations hit by the ransomware.
The ransomware was designed to work in numerous languages, including English, Chinese and Spanish, with ransom notes in each.
Segura advised victims not to pay the ransom because it encourages the hackers. Instead, he says they should wait for next few days as security researchers study the ransomware’s coding and try to come up with free ways to solve the infection.
On Friday, Microsoft said users will be protected from the ransomware if they’re running the company’s free antivirus software or have installed the latest patches.
Sign up for CIO Asia eNewsletters.