When a virus called Lexicon pharmaceutical launched a global ransomware campaign last month, the threat was felt far and wide.
The company, which is headquartered in Switzerland, said the malware targeted thousands of US consumers and businesses, including movie theaters and health care providers.
Now, a cybersecurity firm says it found more than 70,000 infected machines in the US, including in the state of Texas.
Researchers at Symantec say the ransomware is also spreading across other countries, including Germany, the UK, Japan and Italy.
“We don’t have any information at this time about any other affected countries,” Symantech said in a statement.
The firm says that while Lexicon’s infection rate is very low, it is likely to increase if its operators continue to spread the ransomware.
The ransomware campaign was dubbed the Lexican ransomware and infected thousands of computers.
The attackers demanded a ransom of $20,000 in bitcoin to get the machines back.
The ransom has since been raised to $100,000, according to Symantep.
Symantects CEO John Dargle said the ransom was “an extraordinary demand” for the machines.
The group that sent the ransomware demanded $10,000 for each infected machine.
“This demand is outrageous, but is likely the highest ransom we’ve ever seen,” Dargl said.
“It’s hard to imagine that any other ransomware group would ask that kind of a sum of money for such a massive amount of machines.”
The cybercriminals demanded the ransom in bitcoin because it was the only payment method available.
The payment was reportedly paid through PayPal, which Symantek said it does not know how many people are using its service.
A Symantefs spokesperson told Reuters that the ransomware was likely a part of a multi-stage attack, which was designed to infect a computer and infect other computers and users.
“If we get the ransom, the ransomware will be suspended until we get that money back,” Dager said.
The first stage of the attack is similar to ransomware that has infected computers in the UK.
It encrypts files on a victim’s hard drive, then demands a ransom in exchange for them to stop using the system.
The second stage is similar, but it targets people in a business or government organization.
The third stage is more sophisticated and encrypts all files on the target computer, including sensitive data, including bank account information and credit card information.
Symethec said the attack has affected more than 4.5 million affected machines in about 90 countries.
The US is not among the affected countries.
Symanceep says it has detected about 60% of the machines are infected.
“These attacks are happening on a worldwide scale and are impacting more than a million people,” Daggle said.
But, he noted, it’s important to note that this is just the first wave.
“In the coming days, we will be launching a global campaign to get as many machines back up and running as quickly as possible,” Dagl said, adding that “we expect to have a lot more of these attacks in the future.”
The company said the ransomware attacks were taking place mainly in Germany, Italy and Japan.