Update: Microsoft has issued a security patch to address the vulnerability exploited by the ransomware attack. The patch (MS17-010) addresses how Microsoft Server Message Block 1.0 (SMBv1) servers handle specific requests that allow remote code execution on compromised systesms.

Microsoft has rated the patch critical and has made it available for machines running Windows Vista, Windows 7, Windows 8.1, Windows RT, Windows 10 and Windows Server versions 2008, 2012 and 2016.

Telefonica, one of the largest telecommunications companies in Spain, was hit by a cyberattack Friday that left hundreds of the company’s computers inaccessible because of a ransomware outbreak.

According to the Spanish newspaper El Mundo, a malware variant is widespread throughout the company’s systems and the IT staff has urged employees to shut down their computers and network connections in order to limit the reach of the attack.

Read: NHS England Cyberattack: Hospitals Throughout UK Hit By Ransomware

An account from within Telefonica provided to Bleeping Computer said the company has already sent several internal memos telling employees to disconnect from the company’s Wi-Fi network. Audio warnings were also played over speakers inside the company headquarters in Madrid warning workers to shut down their machines.

The attack appears to be the work of a strain of ransomware known as “Wanna Decryptor,” otherwise known as WannaCry and WCry. First discovered in February of this year, the attack has been wreaking havoc on a number of computer systems recently.

In most ransomware attacks, the malicious program will encrypt the files on a machine or create an encrypted backup of files and delete the originals in order to prevent any sort of system restore. The ransoms often come with deadlines and if the fee is not paid by the time set, the files are deleted permanently.

In the case of Wanna Decryptor, the apparent malware variant affecting Telefonica, the attack encrypts files on one machine and spreads itself throughout a network. The ransomware demands $300 paid in bitcoin before it will decrypt the files it holds hostage.

Jakub Kroustek, the Team Lead for cybersecurity firm Avast’s Threat Lab, said there have been more than 36,000 detections of the Wanna Decryptor identified thus far. Most of the attacks have targeted Russia, Ukraine and Taiwan, although high-profile attacks have hit high-profile targets including National Health Service (NHS) hospitals throughout England.

Read: Cyberattacks: Phishing, Ransomware Attacks Rose In 2016, Symantec Reports

“The financial impact of the attack on Telefonica should be significant, and goes far beyond the ransom being demanded,” Kroustek said in a statement provided to International Business Times, noting that about 85 percent of the company’s computers have been infected and employees have been sent home.

“It should not take Telefonica long to remove the ransomware, but if Telefonica has not recently backed-up employee files, it could take a while before they are recovered, if they were encrypted by the ransomware,” Kroustek said.

While not much is known about the apparently widespread attack using Wanna Decryptor, it is believed the ransomware has primarily been spread through phishing email attacks. Kroustek drew parallels to the Wanna Decryptor attacks and recent exploits of Microsoft Office and Google Docs that have hit individuals and businesses.

“This attack once again proves that ransomware is a powerful weapon that can be used against consumers and businesses alike,” he said.

RELATED STORIES
United kingdom Ukraine Russia Malware