Global cyber attack with nearly 100 countries hit
Russian cybersecurity company claims that nearly 100 countries and at least 50,000 computers have been hit in cyber attack; UK prime minister acknowledged that Friday's malware attack, which caused a shutdown of 16 major UK hospitals, was part of a larger cyber attack.
Russian multinational cybersecurity and anti-virus provider Kaspersky Lab claimed Friday that tens of thousands of computers in nearly 100 countries have been hit in the cyber attack earlier this week in hospitals in the UK. According to the New York Times, the attack was carried out through hacking software leaked to the Web by a group that calls itself Shadow Brokers, which last year distributed hacking tools stolen from the US National Security Agency (NSA).
Cyber extortionists tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.
The ransomware encrypted data on the computers, demanding payments of $300 to $600 to restore access. Security researchers said they observed some victims paying via the digital currency bitcoin, though they did not know what percent had given in to the extortionists.
Asian countries reported no major breaches on Saturday, but officials in the region were scrambling to check and the full extent of the damage may not be known for some time.
China's official Xinhua news agency said some secondary schools and universities had been affected, without specifying how many or identifying them.
The malware company MalwareHunterTeam, which tracks ransom attacks, said most of the computers affected in the attack were in Russia, and it appears that in most of the affected countries, most of the computers attacked were blocked by ransom software.
Microsoft released a security update last March following leaked hackers, but the hackers took advantage of the fact that vulnerable institutions, especially hospitals, had not yet installed the update on their systems.
Microsoft put out a statement following the attack, saying that costumers who are running free antivirus software and have Windows updates enabled are protected from ransomware.
British Prime Minister Theresa May issued a statement Friday, saying that the cyberattack that has crippled some UK hospitals is part of a wider international attack.
"This was not targeted at the NHS, it's an international attack and a number of countries and organisations have been affected," May said.
"We're aware that a number of NHS (National Health Service) organisations have reported that they've suffered from a ransomware attack," May said. "We're not aware of any evidence that patient data has been compromised."
May stressed that there is no evidence that patient data has been compromised.
Hospitals across the country have been hit by a "ransomware" attack that froze computers, shutting wards, closing emergency rooms and bringing treatment to a halt. The infected computer screens demand payment for the data to be released.
Similar widespread attacks have been reported in Spain and other countries.
Spain, which announced earlier Friday that several Spanish companies were hit by a cyber attack, has activated a special protocol to protect critical infrastructure in response to the "massive infection" of personal and corporate computers targeted in ransomware cyberattacks. Spain's Telefonica was among the companies hit.
The National Center for the Protection of Critical Infrastructure in Spain said Friday it was communicating with more than 100 providers of energy, transportation, telecommunications and financial services about the attack even if basic services had not suffered any disruption.
The Spanish Ministry of Energy, Tourism and Digital Agenda says the attack Friday affected the Windows operating system of employees' computers in several companies. It said the attacks were carried out with a version of WannaCry ransomware that encrypted files and prompted a demand for money transfers to free up the system.
A top Russian mobile operator says it has come under cyberattacks that appeared similar to those that have crippled some UK hospitals.
Pyotr Lidov, a spokesman for Megafon, said Friday's attacks froze computers in company's offices across Russia. He said that mobile communications haven't been affected. Lidov said that the attack involved demands of payment of $300 worth to free up the system.
He added that the company managed to restore the work of its call center but closed most of its offices for the day. Some Russian media also have reported cyberattacks on the Interior Ministry and the Investigative Committee. The committee, the nation's top investigative agency, has rejected the claim.
Romania's intelligence service says it has intercepted an attempted cyberattack on a government institution which it said likely came from cybercriminal group APT28 also known as Fancy Bear.
Cyberint, subordinated to the Romanian Intelligence Service, said Friday it thwarted a cyberattack to a government institution, without
saying when it occurred, following notification from NATO and the Romanian foreign intelligence agency. The Foreign Ministry did not confirm whether it was the institution in question.
The statement said "due to the efficient cooperation between the institutions, the attack was prevented as were damages, as the targets were identified as well as the methodology of the attack," adding that "Romania is no exception."
Meanwhile in Britain, NHS Digital, which oversees hospital cybersecurity, said the attack used the Wanna Decryptor variant of malware, which holds affected computers hostage while the attackers demand a ransom.
NHS Digital says the attack "was not specifically targeted at the NHS and is affecting organizations from across a range of sectors."
The attack is causing canceled procedures and appointments at hospitals across England. NHS Digital says 16 NHS organizations report being hit.
A spokesman for the European Union's police agency, Europol, says Britain and Spain have asked for its support as they investigate the ransomware cyberattacks in those countries.
The spokesman, Jan Op Gen Oorth, declined to give further details Friday so as not to jeopardize the ongoing investigations.
In a tweet, Europol Director Rob Wainwright said the cyberattack on British health care institutions "follows trend from US of ransomware attacks on health care trusts."
