The apparently random attack, called “WannaCry,” hit on Friday and spread like wildfire before a malware researcher identified as Marcus Hutchins was able to halt it temporarily a day later, when worker in many companies weren’t in the offices. That means an untold number of other infected systems could still be waiting to be discovered when people return to work on Monday and fire up their computers.
The malware spreads as a worm, all it takes is for one computer on a network to be infected for all of the computers on that network to be compromised. The malware includes an encryption package that automatically downloads itself to infected computers, locking up nearly all of the machines’ files and demanding payment of $300 to $600 for a key to unlock them.
While Microsoft had stopped supporting older versions of Windows, it said it is pushing out special automatic updates to those systems to block the worm. Even then, Microsoft’s updates can be loaded only if a computer is powered back on — something that won’t happen for the first time at potentially thousands of companies until Monday. Chinese state media reported Monday that more than 29,000 institutions across the country — including universities, railway stations, hospitals and gas stations — had been infected. It cited the Threat Intelligence Center of Qihoo 360, a Chinese internet security services company.
Japanese broadcaster NTV reported 600 companies in that country had been hit, and automaker Nissan and the Hitachi conglomerate said they were addressing the problem at their units that were affected. What to do if you’re infected.
You’ll immediately know whether you’re infected — you’ll be greeted by a popup screen saying “Ooops, your important files are encrypted.” The encrypted files will have the extension .WCRY added to their names. The international security firm Kaspersky has a complete list here.
Source : http://www.nbcnews.com/news/us-news/blockbuster-wannacry-malware-could-just-be-getting-started-experts-n759356