Several computers at a university in Italy were also randomly targeted in the cyber attack
A global cyber attack using hacking tools
widely believed to have been developed by the US National Security
Agency and leaked online by a group called the Shadow Brokers has
caused chaos around the world.
British
hospitals, the Russian government, German railways and big companies
like FedEx were among those affected on Friday when they were crippled
by the 'ransomware' that rapidly spread across the globe and infected
tens of thousands of computers in 74 countries.
Security
experts say the malicious software behind the onslaught appeared to
exploit a vulnerability in Microsoft Windows that was identified by the
US National Security Agency for its own intelligence-gathering
purposes.
The NSA documents were stolen and then released to the world last month by a mysterious group known as the Shadow Brokers.
The
hackers, who have not come forward to claim responsibility, likely made
it a 'worm', or self spread malware, by exploiting a piece of NSA code
known as Eternal Blue, according to several security experts.
The
Shadow Brokers released Eternal Blue last month as part of a trove of
hacking tools that they said belonged to the US spy agency. It has
stoked fears that the spy agency's powerful cyber weapons had been
stolen and repurposed by hackers with nefarious goals.
The
malicious software was blocking access to computers and demanding
payments of as much as $600 to restore access and scrambling data. It is
thought to have impacted at least 57,000 computers, including machines
in the Russian government.
The NHS has
been hit by a major cyber attack hitting computers, phones and
emergency bleepers in hospitals and GP surgeries - and pop-ups like this
one have appeared demanding a ransom
The
technological meltdown began earlier on Friday afternoon in Britain
when more than 40 NHS organisations including hospitals and GP surgeries
were hit by the virus.
But with the
virus spreading at a rate of five million emails per hour, tens of
thousands of victims have now been reported in more than 74 countries
including the US, Australia, Belgium, France, Germany, Italy and Mexico.
Russia
is thought to have been among the worst hit by the ransomware amid
reports that 1,000 computers in the country's Interior Ministry were
affected, but sources say no information was leaked.
Ministry
spokeswoman Irina Volk told Russian news agencies it had 'recorded a
virus attack on the ministry's personal computers controlled by a
Windows operating system.'
RANSOMWARE: THE CYBER ATTACK THAT CRIPPLED THE WORLD
What is ransomware?
Ransomware is a type of malicious software that criminals use to attack computer systems.
Hackers often demand the victim to pay ransom money to access their files or remove harmful programs.
The
aggressive attacks dupe users into clicking on a fake link – whether
it's in an email or on a fake website, causing an infection to corrupt
the computer.
In some instances,
adverts for pornographic website will repeatedly appear on your screen,
while in others, a pop-up will state that a piece of your data will be
destroyed if you don't pay.
In the case of the NHS attack, the ransomware used was called Wanna Decryptor or 'WannaCry' Virus.
What is the WannaCry virus?
The WannaCry virus targets Microsoft's widely used Windows operating system.
The virus encrypts certain files on the computer and then blackmails the user for money in exchange for the access to the files.
It leaves the user with only two files: Instructions on what to do next and the Wanna Decryptor program itself.
When
opened the software tells users that their files have been encrypted
and gives them a few days to pay up or their files will be deleted.
It can quickly spread through an entire network of computers in a business or hospital, encrypting files on every PC.
How to protect yourself from ransomware
Thankfully, there are ways to avoid ransomware attacks, and Norton Antivirus has compiled a list of prevention methods:
1. Use reputable antivirus software and a firewall
2. Back up your computer often
3. Set up a popup blocker
4. Be cautious about clicking links inside emails or on suspicious websites
5. If you do receive a ransom note, disconnect from the Internet
6. Alert authorities
Leading international shipper FedEx Corp
was among the companies whose Microsoft Corp Windows systems were
affected. They said they were 'implementing remediation steps'.
The
German rail system was also experiencing issues due to the ransomware.
Photos surfaced on social media appeared to show ticketing computers at
train stations having been affected by the cyber attack.
In
Spain, the Telefonica mobile phone network, power firm Iberdrola and
utility provider Gas Natural all suffered from the virus.
Some
big firms in Spain took pre-emptive steps to thwart ransomware attacks
following a warning from the National Cryptology Centre of 'a massive
ransomware attack'.
Iberdrola and Gas
Natural, along with Vodafone's unit in Spain, asked staff to turn off
computers or cut off internet access in case they had been compromised.
Security
teams at large financial services firms and businesses were reviewing
plans for defending like Telefonica get hit is going to get
everybody worried.against cyber attacks, according to executives with
private cyber security firms.Chris
Wysopal, chief technology officer with cyber security firm Veracode,
said: 'Seeing a large telco
'Now ransomware is affecting larger companies with more sophisticated security operations.'
The German rail system was also
experiencing issues due to the ransomware. Photos surfaced on social
media showing ticket machines at train stations having been affected. dailymail
Computer expert Lauri Love, who is facing
extradition to the US over the alleged theft of data from government
computers, said the attack is being powered by a 'top of the range cyber
weapon' used by spies in the US.
'It
appears the cyber attack affected so many computers in the UK in the
NHS and in Spain by taking advantage of a very nasty vulnerability in
Microsoft Windows, which was dumped by hacking group Shadow Brokers who
obtained it from the NSA in America.'
WHO HAS BEEN AFFECTED BY CYBER ATTACK?
The UK's National Health Service: British hospitals and clinics were forced to send patients away and cancel appointments.
Russia:
The country was believed to be among the worst hit when computers in
the interior ministry were hit. Megafon - Russia's second largest phone
network - had also been affected.
German railway stations: Photos surfaced on social media appeared to show ticketing computers at train stations having been affected by the cyber attack.
Spanish companies: Telecoms giant Telefonica, power firm Iberdrola and utility provider Gas Natural all suffered from the virus.
FedEx: The shipping company confirmed they were affected and were implementing remediation steps.
In December last year it
was revealed about 90 per cent of NHS Trusts were still running Windows
XP, two and a half years after Microsoft stopped supporting the system.
Citrix,
an American software company, sent a Freedom of Information request to
63 NHS Trusts, 42 of which responded. It revealed that 24 Trusts were
unsure when they would even upgrade, The Inquirer reported.
Windows
XP was released more than 15 years ago and is now particularly
vulnerable to viruses. Microsoft stopped providing virus warnings for
the ageing Windows XP in 2015.
A number of UK hospitals continue to run
the outdated software, including East Sussex, Sheffield's Children's
hospital and Guy's and St Thomas' NHS Trust.
Hours
after news of the cyber attacks broke, a Microsoft spokesman revealed
that customers who were running the company's free antivirus software
and who had enabled Windows updates were 'protected' from the attack.
It raises questions about why NHS computers using the operating system were not shielded from the ransomware.
The
spokesman said: 'Today our engineers added detection and protection
against new malicious software known as Ransom:Win32.WannaCrypt.
'In March, we provided a security update which provides additional protections against this potential attack.
'Those who are running our free antivirus software and have Windows updates enabled, are protected.
'We are working with customers to provide additional assistance.'
One
message circulated online claims the hackers demand 300 US dollars
(£230) in the virtual currency bitcoins to relinquish control of their
IT systems.
The pop-up contains a
countdown clock with a deadline of next Friday. At least 10 payments of
around USD$ 300 have been made to Bitcoin accounts that the hackers have
asked to be paid on Friday.
But,
although all Bitcoin transactions are public, we cannot see who made the
payments so cannot know if they have been made by anyone in the NHS.
'Non
urgent' appointments and operations were postponed across the UK and
some hospitals diverted ambulances to neighbouring ones to ensure
patient safety.
Computer systems were
switched off or immobilised and key services including the bleeper
system for doctors were also believed to be down.
In
the minutes after the attack one doctor in the UK tweeted: 'Massive NHS
hack cyber attack today. Hospital in shut down. Thanks for delaying
emergency patient care & endangering lives. A******s'.
NHS
Digital, which is responsible for the health service's cyber security,
says computer systems are believed to have been hit by a ransomware
cyber attack using malware called 'Wanna Decryptor'. Three hospitals in
America were hit in the same way last year.
Ransomware: How do hackers take your data hostage?
The National Cyber Security Centre is investigating and is working with Britain's FBI - the National Crime Agency.
GP
surgeries hit in the attack say their phones went down and patients
should avoid calling unless 'absolutely necessary' and doctors were back
to using pen and paper in some areas.
Explaining
the fallout, one doctor said in a message shared on Twitter: 'So our
hospital is down. We got a message saying your computers are now under
their control and pay a certain amount of money. And now everything is
gone.'
A screenshot obtained by the
Health Service Journal (HSJ) purported to show the pop-up that appeared
on at least one of the computers affected.
It said: 'Your important files are
encrypted. Maybe you are busy looking for a way to recover your files,
but do not waste your time.
'Nobody can recover your files without our decryption service.'
It goes on to demand payment, otherwise the files will be deleted. It gives a deadline of next Friday afternoon, May 19, to pay.
The
HSJ said services affected were thought include archiving systems for
X-rays, pathology test results, phone and bleep systems, and patient
admin systems.
Blackpool Victoria Hospital is one of many across the country hit - operations have been cancelled and ambulances diverted.
dailymail
Barts NHS Trust in east
London said they are treating it as a 'major incident' to ensure they
can 'maintain the safety and welfare of patients'.
A spokesman said: 'We are experiencing a major IT disruption and there are delays at all of our hospitals.
'Ambulances
are being diverted to neighbouring hospitals. The problem is also
affecting the switchboard at Newham hospital but direct line phones are
working. All our staff are working hard to minimise the impact and we
will post regular updates on the website'.
Fylde
and Wyre NHS Trust and Blackpool Hospitals in Lancashire, East and
North Hertfordshire NHS Trust and Derbyshire Community Health Services
NHS Trust have admitted having problems. Colchester University Hospitals
Trust is also a victim as is neighbouring Chelmsford in Essex.
York
Teaching Hospital NHS Foundation Trust which runs York and Scarborough
hospitals has confirmed its computers have been affected by the
widespread attack.
They have urged people to be patient and avoid calling GP surgeries and hospitals unless 'absolutely necessary'.
NHS
Merseyside said: 'Following a suspected national cyber attack we are
taking all precautionary measures possible to protect our local NHS
systems and services'. dailymail
Post a Comment Blogger Facebook Disqus