My apologies.. It should be “ransomware”. Most hit are Europe,Russia and some Asian countries. America was saved partly because stop switch found by a blogger accidentally as given in the link which gave some extra time for patching the systems.

Does anyone know how it gets in? Do you have to open a suspicious link in an email?
Does it get in if Java script is turned off?

I just heard about it on the news. It affected Fed Ex in the U.S.

@LuckyGuy It attacked networks in my understanding, not personal computers. A large portion of the hospitals in the UK were affected.

I read it gets in by getting someone to click on a .zip file attached to an email.

I also read that it was hitting older Windows OS, and that Microsoft has released patches for them (so everybody update!) ... Okay, here’s an article that seems to give a reasonable overview of the attack.

I heard something about this on the morning news. It’s mostly affecting people in Russia and China. But, of course, electronic malice can spread with astounding speed.

A few years ago, my computer became infected by CryptoLocker. What a nightmare!

It was actually spread through a few methods. First being your common one from people clicking stuff. But here is the really bad thing. It was using a exploit in SMB which basically means it could spread through a network with absolutely no user interaction. That is how it was taking down entire institutions.

And if you are concerned running Windows update will patch the vuln.

And I want to add a few things..

CNN and others have made the dude that stopped this as some lucky fool (they have started fixing this). He is actually a top notch security guy.

Thing two. This was stopped by the payload checking if a domain name existed. If it did not exist it would fuck your computer. If it did exist it would not fuck your computer. I don’t really get the logic of taking this approach.

https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html

For more info.

And here is the domain the malware was going to connect to and the guy bought.

www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com

The guy is a hero!
You can be sure the next generation payload will not have this flaw. It will likely vary the domain name.