Log in, look out: Cyber chaos spreads with workweek's start

A large cyberattack crippled computer systems at hospitals across England on Friday, with appointments canceled, phone lines down and patients turned away.

More than 200,000 people around the world have been affected by the malware, Jake Cigainero reports for NPR's Newscast.

Microsoft issued a fix for the vulnerability that hackers capitalized upon Friday before the Shadow Brokers leak occurred, which experts have said suggests that the NSA may have tipped the company off about the impending leak.

The security researcher, known by the pseudonym MalwareTech, had taken a week off work, but said he made a decision to investigate the ransomware after hearing about the global cyber-attack and spent the last 24 hours working on it.

The MalwareTech researcher agreed that the threat hasn't disappeared.

The head of Turkey's Information and Communication Technologies Authority or BTK says the nation was among those affected by the ransomware attack. The malware apparently only worked so long as the domain was unclaimed.

The researcher wrote a blog post detailing the creation of a new domain as a "sinkhole" for the ransomware.

"B$3 ecause WannaCrypt used a single hardcoded domain, my registartion [sic] of it caused all infections globally to believe they were inside a sandbox and exit.thus we initially unintentionally prevented the spread and and further ransoming of computers infected with this malware".

"This sinkholed domain has prevented further infections occurring and has already resulted in preventing over 100,000 potential infections".

On social media, students complained about not being able to access their work, and people in various cities said they hadn't been able to take their driving tests over the weekend because some local traffic police systems were down. It combined a known and highly risky security hole in Microsoft Windows, tardy users who didn't apply Microsoft's March software fix, and a software design that allowed the malware to spread quickly once inside university, business and government networks. Microsoft swiftly released software "patches" to fix those holes, but many users still haven't installed updates or still use older versions of Windows.

That prediction seemed to be borne out Sunday.

A security researcher who goes by the name MalwareTech has activated a sort of kill-switch in WannaCry that stops it from spreading.

Though the ransomware continued to spread at a more subdued pace on Monday, many companies and government agencies were still struggling to recover from the first attack.

Germany's national railway said Saturday departure and arrival display screens at its train stations were affected, but there was no impact on actual train services.

French carmaker Renault's assembly plant in Slovenia halted production after it was targeted.

United Kingdom politicians are harnessing the attacks to criticize the U.K.'s Conservative Party of Prime Minister Theresa May, which made cuts to the NHS system, Willem Marx reports for NPR's Newscast unit.

The NSA and other spy agencies look for software vulnerabilities and then build tools to target and exploit them.

CrowdStrike's vice president of intelligence Adam Meyers told Forbes that the initial spread of WannaCry was coming through spam, in which fake invoices, job offers and other lures are being sent out to random email addresses.

"It was essentially an indiscriminate attack across the world", Europol director Rob Wainwright said. The average ransom request is $500, IBM found.

Bambenek and other researchers have called for the US government to be more forthcoming with its hacking methods.

In Russia, where a wide array of systems came under attack, officials said services had been restored or the virus contained.

"Today, it happened to 10,000 computers", Eisen said.