Avast reports that data confirms over 213,000 detections of WanaCrypt0r 2.0 in 112 countries. “We have observed a massive peak in WanaCrypt0r 2.0 (aka WCry) ransomware attacks, with more than 57,000 detections, so far today. According to our data, the ransomware is mainly being targeted to Russia, Ukraine and Taiwan, but the ransomware has successfully infected major institutions, like hospitals across England and Spanish telecommunications company, Telefonica.”
The ransomware changes the affected file extension names to “.WNCRY”, so an infected file will look something like: original_name_of_file.jpg.WNCRY, for example. The encrypted files are also marked by the “WANACRY!” string at the beginning of the file.