NHS cyber attack: Russia Interior ministry hacked in worldwide crisis

Posted May 13, 2017

The Russian Interior Ministry has confirmed it was hit by the "ransomware" attack, which encrypts data on infected computers and demands payment, usually via the digital currency bitcoin, to release it. Britain's health service was also hit hard Friday as the attack froze computers at hospitals across the country, shutting down wards, closing emergency rooms and bringing medical treatments to a screeching halt.

Security experts said the ransomware used in the attacks leveraged a hacking tool found in a leak of documents in April by a group known as Shadow Brokers. But there's no evidence so far that patient data has been accessed, NHS Digital said. Still, the news prompted security teams at large financial services firms and businesses around the world to review their plans for defending against ransomware attacks, according to executives with private cyber security firms.

Reports indicate that as many as 40 offices connected to NHS were impacted, though according to The Guardian, the United Kingdom hasn't yet moved to confirm this figure.

A statement from NHS Digital said: "A number of NHS organisations have reported to NHS Digital that they have been affected by a "ransomware" attack".

A Telefonica spokesman told Reuters that a window appeared on its computers also demanding a bitcoin payment in order to regain control.

The attack is said to have impaired the hospital and health service network's ability to communicate, while patient records and other resources were unavailable as well.

The malicious software has infected more than 75,000 computers in 99 countries worldwide on Friday, majority concentrated in Russia, Ukraine and Taiwan, according to Dutch cybersecurity company Avast Software BV. In the case of ransomware, the malware attempts to extort the user for money.

"Once it gets in and starts moving across the infrastructure, there is no way to stop it", said Adam Meyers, a researcher with cyber security firm CrowdStrike.

That exploit was one of many hacking tools stolen from the NSA and later published online by a group that called itself the Shadow Brokers, according to Avast.

Former intelligence contractor Edward Snowden, who in 2013 leaked documents to journalists revealing the existence of broad US surveillance programs, said on Twitter the NSA had built attack tools targeting USA software that "now threatens the lives of hospital patients".

Volk added that ministry experts are now working to recover the system and do necessary security updates. "Today we see the cost". Microsoft rolled out a patch for the vulnerability last March, but hackers took advantage of the fact that vulnerable targets - particularly hospitals - had yet to update their systems.

China's official Xinhua news agency said some secondary schools and universities had been affected, without specifying how many or identifying them.

Hospitals across England have canceled appointments and turned away patients after suffering an apparent cyberattack.

"Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware".

The Spanish government said several companies had been targeted in ransomware cyberattack that affected the Windows operating system of employees' computers.

Telefonica announced the attack had been limited to its internal network and clients or services had not been affected.

On Friday, Russia's interior and emergencies ministries, as well as its biggest bank, Sberbank, said they were targeted.

Several cyber security firms said WannaCry exploits a vulnerability in Microsoft and that Microsoft patched this in March.

Consumers who have up-to-date software are protected from this ransomware.

The news is also likely to embolden extortionists when selecting targets, Chris Camacho, chief strategy officer with cyber intelligence firm Flashpoint, said.

Finding the perpetrators will rely on the hope that the hackers made a technical mistake while preparing the attack, Kolochenko said. It said the attack did not specifically target the NHS.