Organisations across the globe have been hit with a massive, apparently co-ordinated ransomware attack causing major IT shutdowns in the UK and Europe.
NHS England confirmed on Friday afternoon that 16 hospitals across the UK were targeted with malware which forced computers to freeze up, with pop-ups demanding cash ransoms.
Accident and Emergency units were forced to divert ambulances and patient records were reportedly encrypted by the ransomware.
Earlier reports suggested cash ransoms of $300, so the amount criminals are asking for to release the files appears to be increasing, said Kapersky.
Spanish telecoms giant Telefonica – which owns the O2 network – reported being subject to a cyberattack as the suspected ransomware worm spread through infected computers. The Spanish newspaper El Mundo reports that 85 percent of the company’s computers were infected. Staff had been told to disconnect any VPNs and turn off their machines.
An NHS England statement said the malware behind the attack had been identified as a Wanna Decryptor variant and, they believe, did not access patient records nor specifically target the NHS but had affected a number of sectors and companies across the globe.
The Wanna Decryptor or WannaCry malware has been detected 36,000 times in the recent past, apparently prolific in Russia, Ukraine and Taiwan. And it has already infected targets in 11 countries.
Reports are that the attack is shutting down computer systems and phones and is continuing to spread.
“Earlier today, our products detected and successfully blocked a large number of ransomware attacks around the world,” security experts at Kapersky wrote in a blog post.
“In these attacks, data is encrypted with the extension “.WCRY” added to the filenames.
“Our analysis indicates the attack, dubbed “WannaCry”, is initiated through an SMBv2 remote code execution in Microsoft Windows. This exploit (codenamed “EternalBlue”) has been made available on the internet through the Shadowbrokers dump on April 14th, 2017 and patched by Microsoft on March 14.”
It said that “many organizations have not yet installed the patch”, suggesting the ransomware came through a known vulnerability.
East and North Hertfordshire NHS, one of the hospitals affected, said in a statement: “The Trust has experienced a major IT problem, believed to have been caused by a cyberattack.
“Immediately on discovery of the problem, the Trust acted to protect its IT systems by shutting them down. It also meant that the Trust’s telephone system is not able to accept incoming calls.”
The Trust also said they had postponed all non-urgent activity and was asking patients to delay coming to A&E at their Lister Hospital in Stevenage.
The National Cyber Security Centre, run out of spy centre GCHQ in London, is working with the police and NHS Digital to counter the scale of the attack.
Main image: Kapersky