PARIS - An aggressive wave of cyberattacks has hit companies and public institutions around the globe, causing international havoc and bringing many services to a standstill. The cyberextortion attempt appeared to use stolen software developed by a U.S. spy agency.
One of the first and worst attacks was aimed at Britain’s National Health Service. A wave of crippling ransomware hit dozens of hospitals across the country Friday, prompting the NHS to declare a “major incident.” Some hospitals diverted ambulances and canceled surgeries as a result of the attack, which blocked doctors’ access to patients’ files.
Ransomware is a type of computer malware, software that has a malevolent intent, that infects a target system, locks and encrypts all files, and then demands a cash payment from the victim in return for reversing the encryption.
A researcher at the Finnish cybersecurity company F-Secure said Friday’s apparently coordinated attacks were “the biggest ransomware outbreak in history,” The Associated Press reported. An analyst at another cybersecurity firm, Veracode, said the rapid spread of attacks pointed to the involvement of criminal organizations.
45,000 attacks in 74 countries
The international cybersecurity firm Kaspersky Labs, based in Russia, said it recorded 45,000 attacks in 74 countries. The worst hit by far was Russia, with serious problems also reported by computer networks in Taiwan, India and Ukraine.
The Russian Interior Ministry, which oversees police throughout the world’s largest country, at first denied it had been hacked, but later admitted about a thousand of its computers had been penetrated.
There was no immediate word on who carried out the cyberattacks, and it was not known whether any of the victims paid any ransom Friday.
The demands reportedly were for relatively trivial sums — the equivalent of $300, paid in bitcoin, a digital currency. But in past attacks, the payment demands multiplied to much larger sums in short order. Bitcoin payments can be difficult if not impossible to trace.
The ransomware used Friday was labeled with various names — WannaCryptOr, WannaCry or WCry — but all appeared to operate in a similar way. They gained entry to targeted computer systems by exploiting a vulnerability in Microsoft computer operating systems that was discovered and developed by the U.S. National Security Agency.
The security hole, known as “EternalBlue,” was stolen from U.S. government computers and disclosed on the internet earlier this year by a group known as TheShadowBrokers.
Microsoft fixed problem in March
Microsoft issued software patches to close the vulnerability in its operating systems two months ago, but many computer systems around the world have not yet been updated, or instead rely on older equipment that remains vulnerable to attack.
Security experts said the ransomware encountered Friday is a self-replicating piece of software that spreads from computer to computer as it finds systems that have not been shielded from intrusion. The malware enters large organizations’ computer networks, such as those at British hospitals, when an employee clicks on an innocent-appearing attachment to open the file, and thus releases the ransomware.
British Prime Minister Theresa May said it was clear that her nation’s problems were part of a wider international attack that had many victims.
China also was targeted by the unknown computer hackers, and the U.S. parcel delivery firm FedEx said its operations were hit. In Spain, telecommunications giant Telefónica was one of the early victims, and employees of MegaFon, one of the largest cellphone companies in Russia, said they also were hit.
NSA technique used
Computer experts said the ransomware did not to appear to be very sophisticated, but the way in which it spread, using the intrusion technique developed by NSA, clearly was. They noted the ransom demands that flashed onto users’ screens were in dozens of languages, indicating the attack had been well planned and coordinated.
Ransomware attacks and other computer intrusions, such as the hacking incident that unfolded in France last week on the eve of that country’s presidential election, are on the rise throughout the world.
Last year, a hospital in Los Angeles, California, said it paid a $17,000 ransom to regain control of its computers from hackers.