Hackers launch global cyberattack across over 100 countries using leaked NSA tool
Prime Minister confirms international cyberattack but says NHS patient data is safe.
UPDATE: As of 13 May 6.30am GMT, there have been more than 104,118 attacks across the globe according to Malware Tech Blog. The ransomware has encrypted data across nearly 100 countries now including US and South American nations. To track the affected countries and affected locations live follow this real time map.
A security researcher going by the handle malwaretechblog on Twitter was responsible for culling the flow of attacks across the globe. "All of the attacks should be dead by now (from this sample), the infection rate is also dropping to zero due to us killing the malware," MalwareTech told IBTimes UK.
The researcher explained that the possibility of fresh attacks would only arise if cybercriminals updated their malware or created a new sample of the ransomware. You can find out how the attacks were stopped here.
Original story: A large scale ransomware cyberattack which struck dozens of UK hospitals on Friday afternoon (12 May) was part of an international attack hitting at least 74 countries around the world.
The ransomware appeared on NHS computers shortly after midday, informing hospital staff that their files were encrypted and they could only be unlocked again if $300 (£230) worth of bitcoin was handed over. The NHS quickly told hospitals nationwide to shut down their computer networks and switch to pen and paper.
Hours earlier, a similar attack took place on the computer network of Telefonica, the Spanish telecommunications company. It is now understood that at least 74 countries have fallen victim to the global cyberattack.
Cyber security company Kaspersky said: "Currently, we have recorded more than 45,000 attacks of the WannaCry ransomware in 74 countries around the world, mostly in Russia. It's important to note that our visibility may be limited and incomplete and the range of targets and victims is likely much, much higher."
According to Malware Hunter Team, cited by the New York Times, hospitals and telecoms companies were among many other institutions affected across Europe, Russia, Asia and beyond. Attacks were reported in England and Scotland, as well as Turkey, Vietnam, the Philippines, Japan and Russia.
Wanna Decryptor
In every instance, it seems computers were hit with the same piece of ransomware, known as Wanna Decryptor, which claims to have encrypted the contents of the affected computer's hard drive. A message asking for a ransom payment of $300 worth of bitcoin is displayed, with the user unable to do anything else.
It is believed the ransomware – dubbed Wanna Decryptor – took advantage of a recently- patched Microsoft Windows vulnerability linked to the US National Security Agency (NSA). The bugs were leaked online in April by a mysterious hacking group called Shadow Brokers.
The NSA hacking exploit, called Eternal Blue, was linked to the global ransomware assault by malware researcher using the name "Kafeine." While this has been patched, those who failed to install the fixes were still vulnerable to attacks of this nature.
Prime Minister Theresa May said in a statement shortly after 7pm: "We are aware that a number of NHS organisations have reported that they have suffered from a ransomware attack. This is not targeted at the NHS, it's an international attack and a number of countries and organisations have been affected.
"The National Cyber Security Centre is working closely with NHS Digital to ensure that they support the organisations concerned and that they protect patient safety. And we are not aware of any evidence that patient data has been compromised. Of course, it is important that we have set up the National Cyber Security Centre and they are able to work with the NHS organisations concerned and to ensure that they are supported and patient safety is protected."
A statement published by NHS Digital said at least 16 NHS organisations had reported that they have been affected by a ransomware attack.
The statement added: "The investigation is at an early stage but we believe the malware variant is Wanna Decryptor. This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors. At this stage we do not have any evidence that patient data has been accessed.
"NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and ensure patient safety is protected. Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available."
© Copyright IBTimes 2024. All rights reserved.