It says the attack hit multiple sites simultaneously. A worker said that the ransomware came through on the computers around 2pm.
This doesn't sound like a spread by phishing or attachment.
How could such an attach be co-ordinated?
I can think of two possibilities:
1) The attack has been spreading over days or weeks with a trigger date for activation.
2) The ransomware has been distributed through the desktop update system.
3) The internal networks are open enough that something worm-y can rapidly spread through bugs in common services (file shares or something like that), once it has infected one internal machine through some other channel.
This doesn't sound like a spread by phishing or attachment.
How could such an attach be co-ordinated?
I can think of two possibilities:
1) The attack has been spreading over days or weeks with a trigger date for activation. 2) The ransomware has been distributed through the desktop update system.
Any other ideas?