On Friday we alerted you to a global ransomware campaign a few hours after it started. That campaign has now infected over 10,000 organizations and 200,000 individuals in 150 countries. This includes the UK National Health System which saw ambulances divert from affected hospitals.
On Friday a researcher accidentally stopped the ransomware from spreading by registering a domain that served as a kill switch for the ransomware.
A few hours ago new variants of the WannaCry ransomware started emerging. One of the variants was also stopped today by registering a kill switch domain, the same way the ransomware was stopped on Friday. A second variant is not encrypting infected machines due to an error in programming, but it is spreading.
We expect new variants to emerge all week that continue to exploit the vulnerability in SMB that WannaCry has been using. It is critical that Windows users protect themselves immediately against this threat.