Countries around the world braced Monday for the spread of a massive ransomware cyberattack crippling thousands of computers at banks, hospitals and government institutions.
Here’s what we know so far:
WHAT’S THE LATEST?
Computers booting up to start the workweek might continue the spread of “WannaCry,” a ransomware attack where hackers lock down a computer and threaten to delete all its data unless a ransom is paid.
Organizations are scrambling to apply the latest security patch to their computers to prevent the spread of the attack. The ransomware attack has affected more than 200,000 victims in 150 countries, said Rob Wainwright, head of law enforcement agency Europol.
HOW DID THIS HAPPEN?
“WannaCry” first surfaced at 3:24 a.m. ET on Friday, according to Talos, a security research wing of networking giant Cisco.
The ransomware took advantage of a flaw in Microsoft’s Windows operating system. Microsoft had issued a patch on March 14, but many computers hadn’t run the update. Because many of the computers impacted run older Windows systems like XP, Microsoft issued a rare patch for XP, which it had stopped updating more than three years ago.
HOW DID MICROSOFT RESPOND?
In a blog post published Sunday, Microsoft president Brad Smith criticized world leaders for stockpiling vulnerabilities to computer systems.
“We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world,” wrote Smith. “Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage.”
Smith is urging world leaders need to consider following the “same rules applied to weapons in the physical world” for Internet vulnerabilities.
IS IT OVER?
Some organizations around the world will likely wake up to computers infected by the ransomware, causing it to potentially spread even further.
Meanwhile, new versions of the ransomware have reportedly surfaced, including one without the kill switch exploited by a 22-year-old computer security researcher to shut the attack down.
HOW DO I PROTECT MYSELF FROM RANSOMWARE?
Patch your computers. They should have the latest software update. If not, update right away. Patched computers carry a much lower risk of being infected by malware or ransomware than those without an update.
How to protect yourself against ransomware
Other tips: consider installing security software if you don’t have it already, back up your computer to the cloud or external hard drive.