'Ransomware' attack strikes worldwide targets
May 13, 2017
The "ransomware" cyberattack that disrupted several hospitals across the UK on Friday was revealed to be part of a large-scale global attack, with reports suggesting that there were some 50,000 more similar incidents in dozens of countries.
Another high-profile target to be hit with the malicious malware was Russia's interior ministry, which reported that roughly 1,000 of its computers had been infected. Interior ministry spokeswoman Irina Volk said in a statement that the ministry's servers had not been impacted by the malware.
Cybersecurity company Kaspersky Lab published on Twitter an image with countries targeted by the attack, with Russia, Ukraine and India among the hardest hit.
The US Department of Homeland Security said that it has shared information with domestic and international partners. However, it did not confirm whether government computers had been affected by the malware.
Both Britain's National Cyber Security Center and Spain's National Center for the Protection of Critical Infrastructure said they were working with companies hit by or potentially targeted by the attack.
The Spanish telecommunications giant Telefonica, which owns the German mobile network providers O2 and E-Plus, was also hit by the attack. A spokesperson for the firm said that attack had only targeted computers on its internal network and had not affected customers.
Britain's National Health Service (NHS), however, experienced major delays, with a number of hospitals and surgeries even turning away patients and forcing ambulances to divert to neighboring hospitals. The Health Service Journal reported that X-ray imaging systems, pathology test results and patient administration systems were all affected.
Read more: How our household devices get hacked and join zombie bot networks in DDoS attacks
NHS Digital, the health service's IT division, said it could not yet determine whether patient records had been accessed or compromised.
In Germany, rail operator Deutsche Bahn said destination boards at several train stations had been infected but that transportation had not been impacted.
Systems held for ransom
Ransomware is a malicious software that locks up a machine by encrypting its files and data. Users have to pay a ransom fee within a set period of time.
The particular malware that spread on Friday was identified as a type referred to as "Wanna Cry" or "Wanna Decryptor."
The malware is believed to exploit vulnerabilities exposed in documents leaked from the US National Security Agency.
NHS staff posted pictures on social media of their computer screens displaying the message, "Oops, your files have been encrypted!" and image demanding a payment of $300 (275 euros) in the virtual currency bitcoin to recover the files.
Payment is demanded in three days or the price is doubled. After seven days it threatens to delete all files.
Worldwide reach
Read more: Android smartphones hit by 'largest account breach to date'
Jakub Kroustek of the Czech Republic-based cyber security software company Avast, wrote in a company blog post that he had logged 57,000 detections of the malware. "According to our data, the ransomware is mainly being targeted to Russia, Ukraine and Taiwan, but the ransomware has successfully infected major institutions, like hospitals across England and Spanish telecommunications company, Telefonica," he said.
While reports worldwide of ransomware attacks have been rising, hospitals have been especially vulnerable. In 2016, the Hollywood Presbyterian Medical Center in California revealed that it had been forced to pay hackers a $17,000 ransom to regain access to its IT systems.
Several hospitals in Germany also came under attack by ransomware last year, although most of them reportedly had their file systems backed up.
Britain's NHS, meanwhile, has for years faced major budget issues and is running an enormous IT system, many aspects of which are outdated, making it an ideal target for hackers and blackmailers.
cw/dm/kl (Reuters, AP, dpa)