Hospitals and other institutions were simultaneously struck by a cyberattack that locked their computer systems and demanded a ransom to restore access.
Right Now: Hospitals and other institutions across Europe, Asia and beyond were simultaneously struck on Friday by a cyberattack that locked their computer systems and demanded a ransom to restore access, leading to chaos in emergency rooms, in doctors’ offices and aboard ambulances.
■ Workers at British hospitals and a Spanish telecommunications firm were confronted with a message on their monitors that read, “Ooops, your files have been encrypted!” and demanded $300 in Bitcoin, an anonymous digital currency preferred by criminals.
■ Cybersecurity experts identified the malicious software as a variant of ransomware known as WannaCry.
■ Hospitals in Britain, several companies in Spain and 11 other countries have confirmed attacks to their systems.
■ At least 16 hospitals and other facilities in Britain were crippled by the attack, blocking doctors from gaining access to patient files and leading emergency rooms to divert patients.
■ Patient information does not appear to have been stolen or compromised, according to the National Health Service of Britain.
■ In a typical attack, hackers send their victims an email that includes a link to what appears to be an innocuous internet site, email attachment or URL. In this case, attackers appeared to have sent their victims encrypted.zip file attachments, intended to make it difficult for security technologies to detect.
■ Victims who click on that URL or attachment quickly find their computers infected. The program encrypts files, folders, drives and potentially entire networks on which the victim’s computer is connected. “Users and organizations are generally not aware they have been infected until they can no longer access their data or until they begin to see computer messages advising them of the attack and demands for a ransom payment in exchange for a decryption key, ” according to the F. B. I.
■ The messages that victims receive include directions for paying the attackers a ransom. Payment is typically demanded, as it was in the most recent string of attacks, in bitcoin.
■ The Spanish Ministry of Energy, Tourism and Digital Agenda said companies operating an unpatched Windows operating system were affected.
■ Microsoft in March recognized a potential flaw in its servers that allowed ransomware, and other malicious software, to spread on networks.
■ The flaw itself was initially unearthed last April in a dump of National Security Agency hacking tools by a hacking group that calls itself the Shadow Brokers. The N. S. A. called the software tools that exploited the Windows servers vulnerability “Eternal Blue.”
■ Reports last year found that some of Britain’s nationalized hospitals had spent nothing on cyberdefense and were running outdated software on their systems.
■ A hospital in Los Angeles was similarly attacked in February last year, paying a ransom in bitcoins equivalent to about $17,000 to hackers who used malware to hold its computer system hostage.
■ The scope of the attack: How many countries and institutions were affected?
■ Who is behind the attack? While the Shadow Broker hackers released one of the tools used in the attack, it is not clear who is behind Friday’s attacks. It is also not clear who the Shadow Broker hackers are. Initially, an insider at the N. S. A., or C. I. A., was suspected to have leaked the agency’s hacking tools, but the hackings continued after an N. S. A. contractor was arrested. Security experts have said that the timing of the hackers’ data dumps often align with Russian political interests. For instance, one of the latest Shadow Broker dumps occurred after the United States bombed Syria. Hackers cited the bombing as part of the impetus for their latest leak.
