Cyber-extortion attack hits dozens of countries
Forces U.K. hospitals to close wards and emergency rooms
NEW YORK — Dozens of countries were hit with a huge cyber-extortion attack on Friday that locked up computers and held users’ files for ransom at a multitude of hospitals, companies and government agencies.
The attack appeared to exploit a vulnerability that was purportedly identified by the U.S. National Security Agency for its own intelligencegathering purposes and was later leaked to the Internet.
Britain’s national health service was hit hard, with hospitals forced to close wards and emergency rooms. Spain, Portugal and Russia were also struck. Several cybersecurity firms said they had identified the malicious software behind the attack in upward of 60 countries, with Russia apparently the hardest hit.
Public Safety Canada is aware of the global attack, but said it normally does not comment on whether it has received reports of incidents involving Canadian computers.
The Russian Interior Ministry confirmed it was among those that fell victim to the “ransomware” — software that locks up a computer and typically flashes a message demanding payment to release the user’s data.
Mikko Hypponen, chief research officer at Helsinki-based cybersecurity company F-Secure, called it “the biggest ransomware outbreak in history.”
Security experts said the attack appeared to be caused by a self-replicating piece of software that takes advantages of vulnerabilities in older versions of Microsoft Windows. It spreads from computer to computer as it finds exposed targets.
Its ransom demands start at $300 and increase after two hours to $400, $500 and then $600, said Kurt Baumgartner, a security researcher at Kaspersky Lab.
The security holes it exploits were disclosed several weeks ago by TheShadowBrokers, a mysterious group that has repeatedly published what it says are hacking tools used by the NSA as part of its intelligence-gathering.
Shortly after that disclosure, Microsoft announced that it had already issued software “patches” for those holes. But many companies and individuals haven’t installed the fixes yet or are using older versions of Windows that Microsoft no longer supports and didn’t fix.
Chris Wysopal of the software security firm Veracode said criminal organizations were probably behind the attack, given how quickly the malware spread.
“For so many organizations in the same day to be hit, this is unprecedented,” Wysopal said.
By one security firm’s count, the malware struck at least 74 countries, including the U.S., where its effects seemed muted. In addition to Russia, the biggest targets appeared to be Ukraine and India, nations where it is common to find older versions of Windows in use.
Experts said the malware enters companies and organizations when employees click on email attachments, then spreads quickly internally when employees share documents and other files.
Hospitals across Britain found themselves without access to their computers or phone systems. Many cancelled all routine procedures and asked patients not to come to the hospital unless it was an emergency. Doctors’ practices and pharmacies reported similar problems.
Patrick Ward, a 47-year-old sales director, said his heart operation, scheduled for Friday, was cancelled at St. Bartholomew’s Hospital in London.
British Prime Minister Theresa May said there was no evidence patient data had been compromised and added that the attack had not specifically targeted the National Health Service.
Spain took steps to protect critical infrastructure in response to the attack. The government said it was communicating with more than 100 energy, transportation, telecommunications and financial services providers about the attack.