LONDON — Hackers exploiting data stolen from the United States government conducted extensive cyberattacks on Friday that hit dozens of countries, severely disrupting Britain’s
public health system and wreaking havoc on tens of thousands of
computers elsewhere, including Russia’s ministry for internal security.
Hospitals
in Britain appeared to be the most severely affected by the attacks,
which aimed to blackmail computer users by seizing their data. The
attacks blocked doctors’ access to patient files and forced emergency
rooms to divert people seeking urgent care.
Corporate
computer systems in many other countries — including FedEx of the
United States, one of the world’s leading international shippers — were
among those affected.
Kaspersky Lab, a Russian cybersecurity firm, said
it had recorded at least 45,000 attacks in as many as 74 countries. The
worst hit by far was Russia, followed by Ukraine, India and Taiwan, the
company said. Users in Latin America and Africa were also struck.
Continue reading the main story
ADVERTISEMENT
Continue reading the main story
It
was not immediately clear who was behind the attacks, but the acts
deeply alarmed cybersecurity experts and underscored the enormous
vulnerabilities to internet invasions faced by disjointed networks of
computer systems around the world.
“When
people ask what keeps you up at night, it’s this,” said Chris Camacho,
the chief strategy officer at Flashpoint, a New York security firm
tracking the attacks.
Russia’s
powerful Interior Ministry, after denying reports that its computers
had been targeted, confirmed in a statement that “around 1,000 computers
were infected,” which it described as less than 1 percent of the total.
The ministry, which oversees Russia’s police forces, said technicians
had stopped the attack and were updating the department’s “antivirus
defense systems.”
The
attacks were reminiscent of the hack that took down dozens of websites
last October, including Twitter, Spotify and PayPal, via devices
connected to the internet, including printers and baby monitors.
The hacking tool used on Friday was ransomware,
a kind of malware that encrypts data, locks out the user and demands a
ransom to release it. Security experts say the tool exploited a
vulnerability in Microsoft systems that was discovered and developed by
the National Security Agency of the United States.
The ransomware, known as WannaCry, was leaked by a group calling itself the Shadow Brokers,
which has been dumping stolen N.S.A. hacking tools online since last
year. Microsoft rolled out a patch for the vulnerability in March, but
hackers apparently took advantage of the fact that vulnerable targets —
particularly hospitals — had yet to update their systems or had ignored
advisories from Microsoft to do so.
The
malware was circulated by email. Targets were sent an encrypted,
compressed file that, once loaded, allowed the ransomware to infiltrate
its targets.
Reuters
reported that employees of Britain’s National Health Service had been
warned about the ransomware threat earlier on Friday.
But
by then it was already too late. As the disruptions rippled through at
least 36 hospitals, doctors’ offices and ambulance companies across
Britain on Friday, the health service declared the attack a “major
incident,” a warning that local health services could be overwhelmed.
Britain’s
health secretary, Jeremy Hunt, was briefed by cybersecurity experts,
while Prime Minister Theresa May’s office said she was monitoring the
situation.
Mrs. May said later on television that “we’re not aware of any evidence that patient data has been compromised.”
Among
the many other affected institutions were hospitals and
telecommunications companies across Europe and Asia and beyond,
according to MalwareHunterTeam, a security firm that tracks ransomware
attacks.
But
the extent of the ransomware attacks could be much broader, as the
MalwareHunterTeam said it tracks only attacks that have been reported by
the victims. Spain’s Telefónica and Russia’s MegaFon were among the
largest of the businesses targeted.
Other countries where attacks were reported included Japan, the Philippines, Turkey and Vietnam.
The computers all appeared to be hit with the same ransomware and similar messages demanding about $300 to unlock their data.
Mr.
Camacho noted that security detection technology could not easily catch
the ransomware attacks, because the attackers encrypted the malicious
file in email attachments. When employees at victim organizations
clicked on the attachments, they inadvertently downloaded the ransomware
onto their systems.
Security experts advised companies to immediately update their systems with the Microsoft patch.
Until
organizations use the Microsoft patch, Mr. Camacho said, they could
continue to be hit — not just by ransomware, but by all kinds of
malicious tools that can manipulate, steal or delete their data. “There
is going to be a lot more of these attacks,” he said. “We’ll see
copycats, and not just for ransomware, but other attacks.”
The
attack on Britain’s National Health Service appeared to be the most
brazen because it had life-or-death implications for hospitals and
ambulance services.
Tom
Donnelly, a spokesman for N.H.S. Digital, the arm of the health service
that handles cybersecurity, said in a telephone interview that 16
organizations, including “hospitals and other kinds of clinician
services,” had been hit. Officials later updated that number to at least
36.
The service’s digital arm said in a statement that the attack involved Wanna Decryptor, a new variant of the WannaCry ransomware.
The user is asked to pay a ransom to unlock the computer — an increasingly prevalent problem. Last year, a Los Angeles hospital paid $17,000 after such an attack; in January, hackers targeted the electronic key system at a hotel in Austria, locking dozens of guests out of their rooms.
On
social media, several images circulated on Friday showing computer
screens bearing a message that the user could not enter without first
paying a $300 ransom in Bitcoin. Many doctors reported that they could
not retrieve their patients’ files.
The
National Cyber Security Center, an arm of the GCHQ, the British
electronic surveillance agency, said it was investigating the attack. It
was unclear whether any of the targeted users paid the ransom.
Also
affected were N.H.S. institutions in Scotland, where Health Secretary
Shona Robison said officials were “taking immediate steps to minimize
the impact of the attack across N.H.S. Scotland and restrict any
disruption.”
According
to the BBC, hospitals in London and Nottingham, the town of Blackburn
and the counties of Cumbria and Hertfordshire were affected. In the
northwestern seaside town of Blackpool, doctors resorted to pen and
paper, with phone and computer systems having shut down, according to
the local newspaper, The Blackpool Gazette.
A bit to the south, in the seaside town of Southport, images on Twitter showed ambulances backed up outside the town’s hospital.
In Stevenage, a town in Hertfordshire, north of London, the health
service postponed all non-urgent activity and asked people not to come
to the accident and emergency ward at the Lister Hospital.
Less was known about the scope of the attacks in Spain and Portugal, which affected companies like Telefónica.
Spain’s national cryptology center said it was dealing with “a massive ransomware attack” affecting Windows systems used by various organizations, without naming them.
Later
on Friday, Portugal reported a similar attack. Carlos Cabreiro, the
director of a police unit that fights cybercrime, told the newspaper
Público that the country was facing “computer attacks on a large scale
against different Portuguese companies, especially communication
operators.”
Spain’s
Industry Ministry said in a separate statement that the attack had not
affected networks or customers using services offered by the companies
targeted. Telefónica also indicated that the attack had targeted its
internal network rather than its millions of customers. On Twitter,
Chema Alonso, Telefónica’s chief data officer, called initial news reports “exaggerated.”
Several
employees of MegaFon, one of the largest cellphone operators in Russia,
said its systems had been attacked on Friday by malware like that used
against the N.H.S., the news website Meduza.io reported.
Posts
No comments:
Post a Comment