Extortionists Mount Global Hacking Attack Seeking Ransom

Extortionist hackers, who may be using leaked computer exploits from the U.S. National Security Agency, infiltrated computers in dozens of countries in a fast-spreading attack that forced British hospitals to turn away patients and breached systems at Spain’s Telefonica and organizations from Russia to Taiwan, according to Bloomberg.

The ransomware used in Friday’s cyber-attacks encrypts files and demands that victims pay $300 in bitcoin for them to be decrypted, the latest in a vexing style of security breaches that, at the very least, forces organizations to revert to backup systems to keep critical systems running. The malicious software has infected more than 75,000 computers in 99 countries worldwide on Friday, most of them concentrated in Russia, Ukraine and Taiwan, according to Dutch cybersecurity company Avast.

The attackers were exploiting a vulnerability in Microsoft software that was patched in March, according to cybersecurity researchers. Attack code targeting that vulnerability was released publicly by Shadow Brokers, a group that has been leaking stolen hacking tools purportedly from the NSA. That connection has given critics of U.S. hacking ammunition for their argument that governments finding flaws in commercial technologies and keeping them secret for the purpose of exploiting them can carry a public risk.

While the victim tally is likely to grow, the ransomware, called WanaCrypt0r, only affects computers that haven’t applied Microsoft’s two-month-old fix, a reminder that individuals and organizations that don’t routinely update their machines are vulnerable. Hospitals are notoriously slow in applying security fixes, in part because of how disruptive it is to take patient-facing equipment and databases offline. That has made them a reliable target of ransomware and identity-theft attacks, and why they routinely fall victim even to random mass attacks.

In the U.K., hospitals urged people with non-emergency conditions to stay away after the cyber-attack affected large parts of the country’s National Health Service. Forty-five NHS organizations were hit, while a large number of Spanish companies were also attacked using ransomware. Hospitals in London, North West England and Central England have all been affected, according to the BBC. Mid-Essex Clinical Commissioning Group, which runs hospitals and ambulances in an area east of London, said on Twitter that it had “an IT issue affecting some NHS computer systems,“ adding “Please do not attend Accident And Emergency unless it’s an emergency!“

The impact on services is not due to the ransomware itself, but due to NHS Trusts shutting systems to prevent it from spreading, said Brian Lord, a former deputy director of Government Communications Headquarters, the U.K.’s signals intelligence agency, who is now managing director of cybersecurity firm PGI Cyber. Lord, who described an attack of this type as "inevitable," said the impact was exacerbated because most NHS Trusts had "a poor understanding of network configuration meaning everything has to shut down.

Spain’s National Cryptologic Center, which is part of the country’s intelligence agency, said on its website that there had been a “massive ransomware attack“ against a big number of Spanish organizations affecting Microsoft’s Windows operating system. El Mundo reported that the attackers sought a ransom in bitcoin.