Dozens of countries hit by huge cyberextortion attack – Hospitals across Britain lose access to their computers

This image provided by the Twitter page of @fendifille shows a computer at Greater Preston Clinical Commissioning Group as Britain's National Health Service is investigating "an issue with IT" Friday May 12, 2017. Several British hospitals say they are having major computer problems Hospitals in London, northwest England and other parts of the country are reporting problems with their computer systems as the result of an apparent cyberattack. (@fendifille via AP)

ANICK JESDANUN, JILL LAWLESS and ARITZ PARRA, Associated Press NEW YORK (AP) 05/13 — Dozens of countries were hit with a huge cyberextortion attack Friday that locked up computers and held users’ files for ransom at a multitude of hospitals, companies and government agencies.

It was believed to the biggest attack of its kind ever recorded.

The malicious software behind the onslaught appeared to exploit a vulnerability in Microsoft Windows that was supposedly identified by the National Security Agency for its own intelligence-gathering purposes and was later leaked to the internet.

Britain’s national health service fell victim, its hospitals forced to close wards and emergency rooms and turn away patients. Russia appeared to be the hardest hit, according to security experts, with the country’s Interior Ministry confirming it was struck.

All told, several cybersecurity firms said they had identified the malicious software, which so far has been responsible for tens of thousands of attacks, in more than 60 countries. That includes the United States, although its effects there didn’t appear to be widespread, at least initially.

The attack infected computers with what is known as “ransomware” — software that locks up the user’s data and flashes a message demanding payment to release it. In the U.S., FedEx reported that its Windows computers were “experiencing interference” from malware, but wouldn’t say if it had been hit by ransomware.

Mikko Hypponen, chief research officer at the Helsinki-based cybersecurity company F-Secure, called the attack “the biggest ransomware outbreak in history.”

Security experts said the attack appeared to be caused by a self-replicating piece of software that enters companies and organizations when employees click on email attachments, then spreads quickly internally from computer to computer when employees share documents and other files.

Its ransom demands start at $300 and increase after two hours to $400, $500 and then $600, said Kurt Baumgartner, a security researcher at Kaspersky Lab. Affected users can restore their files from backups, if they have them, or pay the ransom; otherwise they risk losing their data entirely.

Chris Wysopal of the software security firm Veracode said criminal organizations were probably behind the attack, given how quickly the malware spread.

“For so many organizations in the same day to be hit, this is unprecedented,” he said.

The security holes it exploits were disclosed several weeks ago by TheShadowBrokers, a mysterious group that has published what it says are hacking tools used by the NSA as part of its intelligence-gathering.

Shortly after that disclosure, Microsoft announced that it had already issued software “patches” for those holes. But many companies and individuals haven’t installed the fixes yet or are using older versions of Windows that Microsoft no longer supports and didn’t fix.

By Kaspersky Lab’s count, the malware struck at least 74 countries. In addition to Russia, the biggest targets appeared to be Ukraine and India, nations where it is common to find older, unpatched versions of Windows in use, according to the security firm.

Hospitals across Britain found themselves without access to their computers or phone systems. Many canceled all routine procedures and asked patients not to come to the hospital unless it was an emergency. Doctors’ practices and pharmacies reported similar problems.

Patrick Ward, a 47-year-old sales director, said his heart operation, scheduled for Friday, was canceled at St. Bartholomew’s Hospital in London.

Tom Griffiths, who was at the hospital for chemotherapy, said several cancer patients had to be sent home because their records or bloodwork couldn’t be accessed.

“Both staff and patients were frankly pretty appalled that somebody, whoever they are, for commercial gain or otherwise, would attack a health care organization,” he said. “It’s stressful enough for someone going through recovery or treatment for cancer.”

British Prime Minister Theresa May said there was no evidence patient data had been compromised and added that the attack had not specifically targeted the National Health Service.

“It’s an international attack and a number of countries and organizations have been affected,” she said.

Spain, meanwhile, took steps to protect critical infrastructure in response to the attack. Authorities said they were communicating with more than 100 energy, transportation, telecommunications and financial services providers about the attack.

Spain’s Telefonica, a global broadband and telecommunications company, was among the companies hit.

Ransomware attacks are on the rise around the world. In 2016, Hollywood Presbyterian Medical Center in California said it had paid a $17,000 ransom to regain control of its computers from hackers.

Krishna Chinthapalli, a doctor at Britain’s National Hospital for Neurology & Neurosurgery who wrote a paper on cybersecurity for the British Medical Journal, warned that British hospitals’ old operating systems and confidential patient information made them an ideal target for blackmailers.

He said many NHS hospitals in Britain use Windows XP software, introduced in 2001, and as government funding for the health service has been squeezed, “IT budgets are often one of the first ones to be reduced.”

“Looking at the trends, it was going to happen,” he said. “I did not expect an attack on this scale. That was a shock.

___

Lawless reported from London. Parra reported from Madrid.

https://www.apnews.com/e8402f2faf934f7ab5419d4961d3dafe/Dozens-of-countries-hit-by-huge-cyberextortion-attack

Copyright 2017 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Summary

 

Posted in: Crime & Criminals, Cybersecurity/Cybercrime, Data Security/Data Privacy, Extortion, Intelligence Agencies, International Policing, Interpol/Europol, National Security, Theft of Intellectual Property, Victims of Crime

Leave a Reply

Your email address will not be published. Required fields are marked *

16 − 13 =

Terms of Use for Posting Comments

Terms of Use

This site (the “Site”) is operated and maintained by Law Enforcement Education Foundation, Corporation (“Company”). Throughout the Site, the terms “we”, “us” and “our” refer to Company.  The words “user,” “you” and “your” as used herein refer to you.

Please read these terms and conditions of use (“Terms of Use”) carefully before contributing content. If you do not agree to these Terms of Use, please do not contribute content. Your use of the Site is subject to the Terms and Conditions found here .

By contributing content to the Site, you represent and warrant that you are at least eighteen (18) years old and that you have read and understand these Terms of Use and any amendments thereto and agree to be bound by them. If you are not at least eighteen (18) years old or you do not agree and accept these Terms of Use, you are prohibited from contributing content.

From time to time, we may permit users to submit content to the Site.  You hereby acknowledge and agree that by submitting remarks, comments, suggestions, ideas, graphics, feedback, edits, concepts, comments, photographs, illustrations and other materials (other than personal information and/or registration information) through the Site (individually and collectively, “Submissions”), you (i) grant us a nonexclusive, royalty-free, perpetual, transferable, irrevocable and fully sub-licensable right to use, reproduce, modify, adapt, translate, distribute, publish, create derivative works from and publicly display and perform such Submissions throughout the world in any media, now known or hereafter created, without attribution to you; (ii) grant us the right to pursue at law any person or entity that violates your and/or our rights in your Submissions; and (iii) forever waive any and all of your rights, including but not limited to moral rights, if any, in and to your Submissions, including, without limitation, any all rights or requirements of attribution or identification of you as the author of the Submission or any derivative thereof.  We reserve the right to remove any of your Submissions from the Site, in whole or in part, without notice to you, for any reason or no reason.

Submissions are made voluntarily. Any submissions which include personally identifiable information are subject to our Privacy Policy found here .  You may not upload or otherwise publish content on the Site that (i) is confidential to you or any third party; (ii) is untrue, inaccurate, false or other than an original work of your authorship; (iii) that relates to or impersonates any other person; (iv) violates the copyright, trademark, patent or other intellectual property rights of any person or entity; (v) contains any content, personally identifiable information or other information, or materials of any kind that relate or refer to any other person or entity other than the provider of the products, goods or services to which the Submission relates; or (vi) violates any law, or in any manner infringes or interferes with the rights of others, including but not limited to the use of names, information, or materials that (A) libel, defame, or invade the privacy of any third party, (B) are obscene or pornographic, (C) are harmful, threatening, offensive, abusive, harassing, vulgar, false or inaccurate, racially, sexually, ethnically or are otherwise objectionable or otherwise contrary to the laws of any place where such Submissions may be accessed; (D) constitute personal attacks on other individuals; (E) promote criminal, immoral or illegal activity; (F) promote or advertise any person, product or service or solicit funds; or (G) are deemed confidential by any contract or policy.

You are solely responsible for any Submissions you make and their accuracy. We take no responsibility and assume no liability for any Submissions posted by you or any third party.

Unless approved by us in writing in advance, you agree not to: (i) provide or create a link to the Site; or (ii) create any frames at any other sites pertaining to any of the content located on the Site.

We reserve the right, in our discretion, to update, change or replace any part of these Terms of Use for Posting Comments by posting updates and/or changes to our Site.  It is your responsibility to check this page periodically for changes.  Your continued use of, and/or access to the Site, following the posting of any changes to these Terms of Use for Posting Comments, constitutes your acceptance of those changes.