A large-scale cyber attack broke out around the world and hackers demanded ransom in Bitcoins!

This Friday, the largest ransomware cyberattack to date swept the world. According to Kaspersky statistics, in the past dozen hours, at least 45,000 Windows computers in 74 countries around the world were infected. The statistics from the antivirus software Avast are even more shocking: the virus has infected at least 57,000 computers worldwide and is still spreading rapidly.

Attacks occurred in important countries such as the United States, China, Japan, Russia, and the United Kingdom, with Russia being the most severely attacked. The attacks on the United Kingdom were mainly concentrated in the National Health Service (NHS), with at least 25 hospitals' computer systems paralyzed and ambulances unable to be dispatched, which is likely to delay patient treatment and cause life-threatening situations.

According to the Financial Times and the New York Times, the virus publisher used the Windows system hacking tool Eternal Blue, which was stolen from the US National Security Agency (NSA) last year , to upgrade a ransomware virus in February this year. Infected Windows users must pay Bitcoin as a ransom within 7 days, otherwise the computer data will be completely deleted and cannot be repaired.

According to foreign media reports, Bitcoin accounts connected to the ransomware have received a lot of money. As the ransom payment also highlights the fact that Bitcoin cannot be tracked by regulators, Bitcoin fell by $121 or 6.6% against the U.S. dollar on Friday, returning to around $1,710. Bitcoin had reached an all-time high of $1,800 on Thursday.

WannaCry ransomware: Pay USD value in Bitcoin as ransom

Windows users should be careful: this ransomware will lure you to click on seemingly normal emails, attachments or files to download and install the virus, which is called "phishing". After installation, the virus will lock the user's computer, change all files to encrypted format, modify the user's desktop background, and pop up a prompt box to inform you how to pay the "ransom".

The following is a screenshot of the virus attack, which contains information such as "What happened to my computer", "How do I repair my files", "How do I pay the ransom", etc. Users can try to repair a very small part of the data as evidence that the virus and the "antidote" are effective.

The virus requires users to pay the equivalent of $300 in Bitcoin within three days of being infected. After three days, the "ransom" will double. If the ransom is not paid within seven days, all computer data will be deleted . For those who cannot pay $300, there is a "humane" special repayment channel for six months. On the left side of the prompt box is a timer, and on the right side are methods for payment and verification of payment effectiveness.

The British NHS officially announced that the ransomware that attacked the system is called WannaCry or Wanna Decryptor. Spanish computer security company Panda Security said that the ransomware has been upgraded to infect all computers in the local area network, and is no longer a single point attack as before.

Microsoft has released a security patch, but users who do not update their systems are harmed

Microsoft said in a statement that the file name of this ransomware is Ransom:Win32.WannaCrypt. Microsoft has provided a system security upgrade patch on March 14 to prevent this virus attack. Users who are currently running Microsoft's free antivirus software and have updated their security packages are not at risk.

However, Microsoft's statement also indirectly confirmed that the attack was really related to the hacking tools of the National Security Agency of the United States, or at least the attack borrowed from the leaked NSA tools. Since last year, a group calling itself Shadow Brokers has published the NSA's hacking programming code for Windows file and printer sharing system vulnerabilities online, but the NSA has never directly admitted it.

CNBC analysis believes that since not every user - even including government agencies - has the habit of regularly upgrading the Windows system, this ransomware virus targeted this loophole, and the hospital system, which was the slowest in upgrading computer systems, was the first to be hit.

Many important commercial institutions around the world have been attacked and the UK has begun investigating

The cyberattack happened just before the UK's June 8 general election, but British Prime Minister May said there is evidence that this is a global cyberattack, not specifically targeting the UK or the UK's medical system. The UK National Cyber ​​Security Center and the National Crime Agency (NCA), the UK's version of the FBI, have begun investigating.

FedEx and the Russian Ministry of Internal Affairs have also stated that they have been attacked, and Spanish telecom giant Telefonica and power company Iberdrola are also said to have been affected. However, there has been no substantial damage such as loss of user data or leakage of commercial secrets.

MalwareTech, a cybersecurity research organization, told industry media The Intercept that such a large-scale cyber attack reminds people of the Conficker worm virus that swept the world in 2008, when at least 9 million computers in nearly 200 countries were infected.