And it just kept getting worse, this cyberattack — and ever more global in scale.
As has been widely reported, a massive attack hit everything from the United Kingdom’s National Health Service, European automakers and Chinese firms and any number of companies across other verticals, winnowing its way through disparate countries into Saturday. Interpol had estimated over the weekend that more than 100,000 organizations across 150 nations had been hit by the attack, as reported by AP.
Reuters and others reported that the ransomware infections that hit computers worldwide likely trace their genesis to the U.S. National Security Agency, and Friday’s tally comes to more than 126,000 cases of infection.
The malware that was sent had been hidden in any number of attachments in emails that had seemed legitimate, from files that spoofed invoices to job offers and other communications. The demands came in from $300 to $600 to give users back access to their machines.
Among those hit and halted: Renault stopped production at several sites in France and Romania. Nissan did the same in England. Hospitals shut down in Europe. More damage, said Reuters, could be incurred as workers returned to malicious code at work. In China, individual users utilizing their Windows operating systems were impacted. Similarly FedEx Corp., the shipping giant, said computers running Windows were compromised — and for the Windows impact, the fault may lie with variants of the “WannaCry” malware.
Hospitals in the U.K. encouraged people with non-emergency medical issues to stay away from the hospitals after a cyberattack impacted a large swath of the country’s National Health Service.
According to a report in Bloomberg, 16 NHS hospitals in the U.K. fell victim Friday (May 12) of a cyberattack, while several companies in Spain were hit with a ransomware attack. Bloomberg reported that it’s not clear if the attacks were planned to happen together as of yet.
“The NHS has experienced a major cyber-attack, we are working with law enforcement and our advice will follow shortly!” Action Fraud, the U.K.’s central cybercrime unit said on Twitter, reported Bloomberg. The National Cyber Security Center said: “We are aware of [the] cyber incident, and we are working with NHS Digital and the National Crime Agency to investigate.”
Bloomberg, citing the BBC, reported that hospitals located in London, North West England and Central England have been impacted. Mid-Essex Clinical Commissioning Group said in a tweet that it had “an IT issue affecting some NHS computer systems,” adding, “Please do not attend Accident and Emergency unless it’s an emergency!” noted Bloomberg.
While the hospitals were hit with ransomware, that isn’t what is causing the problem — rather, the NHS Trusts’ move to shut down the systems to prevent the ransomware from spreading is what’s causing the headaches, Brian Lord, a former deputy director of Government Communications Headquarters (GCHQ), the U.K.’s signals intelligence agency, who is now managing director of cybersecurity firm PGI Cyber, told Bloomberg.
Lord said the impact was made worse because most NHS Trusts have “a poor understanding of network configuration, meaning everything has to shut down.”
Meanwhile in Spain, the National Cryptologic Center said on its website that there was a “massive ransomware attack” against a large number of Spanish organizations, which affects Microsoft’s Windows operating system. El Mundo reported attackers want a ransom paid in bitcoin, Bloomberg stated.
And, in a blog post reported on by Reuters and authored by Microsoft President Brad Smith, the executive weighed in on the debate over just how much secrecy there should be over software flaws. The debate centers on governments keeping malware details secret in order to exploit them for espionage and cyber warfare — or whether those details should be shared with firms in the private sector. The attacks should serve as a “wake up call,” against keeping such data in the hands of governments at the expense, possibly, of civilian cyber safety.
As for stopping the attacks, the British National Cyber Security Center noted that things “could have been much worse” had one 22-year-old cybersecurity researcher not stepped in. There was a hidden web address in the code that makes up “WannaCry” and, after registering its domain name, the attacks were routed to his firm, Kryptos Logic, thus keeping the malware from proceeding.