Effects of ‘preventable’ hacking still rippling across the globe
Officials in nearly 100 countries raced Saturday to contain one of the biggest cybersecurity attacks in recent history, as British doctors were forced to cancel operations, Chinese students were blocked from accessing their graduation theses and passengers at train stations in Germany were greeted by hacked arrival and departure screens.
Companies and organizations around the world potentially faced substantial costs after hackers threatened to keep computers disabled unless victims paid $300 or more in ransom, the latest and most brazen in a type of cyberattack known as “ransomware.”
The malware hit Britain’s beloved but creaky National Health Service particularly hard, causing widespread disruptions and interrupting medical procedures across hospitals in England and Scotland.
The government said 48 of the NHS’s 248 organizations were affected, but by Saturday evening all but six were back to normal.
When asked if the British government paid any ransom, a Downing Street spokesman said Saturday it had not. Amber Rudd, Britain’s home secretary, also advised against others paying ransom.
In Germany, people posted pictures on social media of scheduling screens at train stations displaying the ransomware message. Deutsche Bahn, Germany’s national railway service, tweeted that its train service had not been compromised and it was working full speed to solve the problems. According to DPA news agency, Deutsche Bahn’s video surveillance technology also was hit.
Other targets in Europe included Telefónica, the Spanish telecom giant; the French carmaker Renault; and a local authority in Sweden, which said about 70 computers were infected.
It was still unclear Saturday who was behind the sophisticated attack.
“We’re not able to tell you who is behind that attack. That work is still ongoing,” Rudd told the BBC.
She said it has affected “up to 100 countries” and it wasn’t specifically targeted at Britain’s NHS.
The attack was notable because it took advantage of a security flaw in Microsoft software found by the National Security Agency for its surveillance tool kit. Files detailing the capability were leaked online last month, though Microsoft, alerted by the NSA to the vulnerability, had sent updates to computers to patch the hole.
Still, countless systems were left vulnerable, either because system administrators failed to apply the patch or because they used outdated software.
It was a jarring reminder of a stubborn reality facing security experts: Companies and other organizations collectively spent US$73 billion on cybersecurity measures in 2016, according to the research firm IDC. Yet systems around the world were crippled by human error — failure to do routine software updates and employees unknowingly clicking on email attachments that contained the malware.
“This was a completely preventable attack — to the extent that organizations have comprehensive patching systems in place,” said Paul Lipman, chief executive of the cybersecurity firm BullGuard. “However, life is never that simple.”
On Friday, Microsoft released additional security updates to Windows and guidelines for consumers and businesses to protect themselves.
It’s possible the malware didn’t spread further because of the enterprising work of a 22-year-old British cybersecurity researcher.
The researcher, whose Twitter handle is @MalwareTechBlog, realized the hackers designed a “kill switch,” which involved a domain name that enabled them to stop the attack from spreading if the victims paid the ransoms. The researcher bought the domain name of the kill switch, and when the site went live, the attack stopped spreading.