Here’s what you need to know about the attack and the virus:
Where it Started?
Researchers are still figuring out exactly what happened. But Cisco Talos says one way the ransom ware got into computer systems was through software in Ukraine.
A Ukrainian company called MeDoc sent out a compromised update to its tax software that contained the malware, infecting computers that were running it, said Williams, the security expert at Cisco Talos. But the company denied its software spread the infection, saying in a Facebook post that the update was sent out last week and was free of viruses.
How it Spreads?
Researchers say the virus is a worm that infects networks by moving from computer to computer.
It uses a hacking tool called EternalBlue, which takes advantage of a weakness in Microsoft Windows. Microsoft (MSFT, Tech30) released a patch for the flaw in March, but not all companies have used it.
How it Performs?
The virus infects computers and locks down their hard drives. It demands a $300 ransom in the anonymous digital currency Bitcoin.
The email account associated with the ransomware has been blocked, so even if victims pay, they won’t get their files back.
A Law enforcement and cyber security expert warns that victims should never pay ransoms for such attacks.
Who’s the Victim?
Top international businesses headquartered in Europe and the U.S. have come under the attack. They include Russian oil and gas giant Rosneft, Danish shipping firm Maersk, U.S.-based pharmaceutical company Merck and law firm DLA Piper. French retailer Auchan Group and the real estate division of BNP Paribas were also affected.
Ukrainian organizations took a particularly heavy blow. Banks, government offices, the postal service and Kiev’s metro system were experiencing problems, officials said.