This one worked because of a "perfect storm" of conditions, including a known and highly unsafe security hole in Microsoft Windows, tardy users who didn't apply Microsoft's March software fix, and malware created to spread quickly once inside university, business or government networks.
Information technology experts warned about a potential second wave of Wanna Decryptor (WannaCry) ransomware attacks, which hit 200,000 computer users in over 150 countries.
Microsoft says government hoarding of hacking tools is partly to blame for the cyberattacks that crippled computer systems around the world on Friday.
The most disruptive attacks were reported in the United Kingdom, where hospitals and clinics were forced to turn away patients after losing access to computers.The ransomware is a type of malicious software that infects a computer and restricts users' access to it until a ransom is paid to unlock it.
Experts said it appeared that the ransomware had made just over $32,000, although they expected that number to pop when people went back into the office Monday. For companies, it's a combination of reasons, from ignorance to security just not being a priority. One of the leaked exploits was known as EternalBlue. That program spread much more quickly than expected, soon choking and crashing machines across the internet. "Computers with current operating systems, such as Mac, won't be affected".
So criminals turned to targeted attacks instead to stay below the radar.
Consumers who have up-to-date software are protected from this ransomware.
The attack is unique, according to Wainwright, because it combines ransomware with a worm function, meaning once one machine is infected, the entire internal network is scanned and other vulnerable machines are infected.
Since security professionals typically focus on building walls to block hackers from entering, security tends to be less rigorous inside the network.
Edward Snowden, the whistleblower who exposed the broad scope of NSA surveillance in 2013, tweeted, "If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened".
Major global companies said they also came under attack. But they could still linger as low-grade infections that flare up from time to time.
This article first appeared on MyBroadband and is republished with permission.
Security officials in Britain urged organizations to protect themselves by installing the security fixes, running antivirus software and backing up data elsewhere.
Chinese media reported that more than 29,000 institutions in the country had been hit, with universities and other educational entities the hardest hit, along with railway services and retailers.
WannaCry locks up computers, encrypts their data, and demands large Bitcoin payments, which begin at $300 and rise to $600 before the software destroys files hours later.
The damage might have been temporarily contained.
He says if a new variant without a so-called kill switch pops up, then organizations will be on their own to prevent it from taking over their computers. Other experts found his claim credible.
"Hopefully people are learning how important it is to apply these patches", said Darien Huss, a senior security research engineer for cybersecurity firm Proofpoint, who helped stem the reach of the weekend attack. "Talk about a wake-up call", Hypponen said.
Two researchers in their 20's had halted the ransomeware attack on Saturday after discovering and activating the software's "kill switch".