13 May, 2017
The security holes it exploits were disclosed several weeks ago by The Shadow Brokers, a mysterious group that has published what it says are hacking tools used by the National Security Agency as part of its intelligence-gathering. Russia's interior and emergencies ministries, as well as the country's biggest bank, Sberbank, confirmed they had been targeted. Russia's interior ministry is reported as saying it had "localised the virus" following an "attack on personal computers using Windows operating system".
The US Department of Homeland Security said late on Friday that it was aware of reports of the ransomware, was sharing information with domestic and foreign partners and was ready to lend technical support.
Cybersecurity firm Avast identified more than 75,000 ransomware attacks in 99 countries.
The Government and NHS bosses have been facing increasingly urgent questions about whether they could have prevented the crippling cyber attack that caused chaos across the NHS network yesterday.
The researcher, who tweets under the name MalwareTech, registered the domain being used by the ransomware and managed to activate the switch. Computers already affected will not be helped by the solution. "The numbers are extremely low and coming down fast", he said, while cautioning that any change in the original code could lead the worm to flare up again.
The malware is also known as Wana DecryptOr, WannaCryptor or WCRY and uses a file extension.wcry.
Ms Rudd said the United Kingdom was a world leader in cyber security, adding: "So far, all we have seen is patients inconvenienced, some hospitals, some doctors making changes to their daily life".
"The WannaCry ransomware may be exploiting a vulnerability in Server Message Block 1.0 (SMBv1)", the USCRT said.
"I'm watching how far this propagates and when governments get involved", he said.
The National Cyber Security Centre has launched a major operation in response to the attack, which it said targeted "thousands of organisations and individuals". "We are implementing remediation steps as quickly as possible", it said.
"This is not targeted at the NHS, it's an global attack and a number of countries and organisations have been affected", May said, referring to the country's National Health Service.
Germany's national railway says departure and arrival display screens at its stations were affected Friday night, but there was no impact on train services.
Demands were made for payment within three day or the price would be doubled.
British media had reported previous year that most public health organizations were using an outdated version of Microsoft Windows that was not equipped with security updates.
"Unlike most other attacks, this malware is spreading primarily by direct infection from machine to machine on local networks, rather than purely by email", Lance Cottrell, chief scientist at the USA technology group Ntrepid.
"The key question" to consider is how an attack such as Friday's could originate "from a noncritical system such as email" and then spread to other systems, said Awais Rashid, a professor of software engineering at Lancaster University.
Hospitals in areas across Britain found themselves without access to their computers or phone systems.
"Ransomware becomes particularly nasty when it infects institutions like hospitals, where it can put people's lives in danger", said Kroustek, the Avast analyst.
The National Health Service (NHS) said 16 organisations had been affected by the attack.
Earlier, a number of hospitals across England were forced to divert emergency patients after being hit by a suspected cyber attack.
A number of Spanish firms - including telecoms giant Telefonica, power firm Iberdrola and utility provider Gas Natural - were also affected by the the malware attack.
When the ransomware takes over a computer, the attackers are pretty explicit in their demands, Segura said.