Trending: Expedia cuts 3,000 jobs, including 500 at new Seattle HQ — read the internal email to employees
Attackers are demanding $300 in Bitcoin as part of the ransomware attack. (Bigstock Photo)

A global cyberattack using ransomware, malicious code that locks down computers and files until users pay a ransom, that began Friday morning is now up to 75,000 attacks in 99 countries, according to cybersecurity company Avast.

The attack is mostly focused on Russia, Ukraine and Taiwan, but it also affected hospitals within the U.K.’s National Health Service, Spanish telecommunications company, Telefonica and many governments around the world.

The ransomware is known as WannaCry, and many outlets are reporting that it took advantage of a vulnerability in Windows that Microsoft patched earlier this year. A group called Shadow Brokers leaked stolen hacking tools used by an organization tied to the National Security Agency, and Avast contends that these tools were likely used in the ransomware attack.

The “Wana Decrypt0r 2.0” window gives instructions on how to unlock files on infected computers.

Windows users who haven’t updated their systems since the patch became available remain at risk in this attack.

When a victim is hit by the ransomware, file extensions are changed to read “.WNCRY”. A ransom note is dropped into a text file, and a window titled “Wana Decrypt0r 2.0” pops up. The messages include the ransom demand, $300 in bitcoin, and instructions for recovering files. Along the side of the window are threats including a timeline of when users’ files will be lost and a deadline for an increased ransom price.

Follow-up: Microsoft issues ‘highly unusual’ ransomware patch for XP and other old Windows versions

Like what you're reading? Subscribe to GeekWire's free newsletters to catch every headline


Job Listings on GeekWork

Find more jobs on GeekWork. Employers, post a job here.