Hospitals Gain Control After Ransom Hack, More Attacks May Come

Most U.K. health facilities whose computer systems were crippled in a global cyber-attack are back to normal operation, Home Secretary Amber Rudd said, accordingt o Bloomberg. Experts warned that hackers would probably launch a new round of attacks with many computers still vulnerable.

About 97 percent of facilities and doctors affected are able to work normally, Rudd said after a government meeting. At the height of the attack, 48 organizations in the National Health Service were affected, and hospitals in London, North West England and Central England urged people with non-emergency conditions to stay away as technicians tried to stop the spread of the malicious software. “There will be lessons to learn from what appears to be the biggest criminal cyber-attack in history,“ Rudd said in response to a letter from Jonathan Ashworth, the shadow secretary of state for health.

The malware, using a technique purportedly stolen from the U.S. National Security Agency, also affected Russia’s Ministry of Interior, Germany’s Deutsche Bahn rail system, automakers Nissan and Renault, logistics giant FedEx, and other company and hospital computer systems in countries from Eastern Europe to the U.S. and Asia. More than 75,000 computers in 99 countries were compromised, with a heavy concentration of infections in Russia and Ukraine, according to Dutch security company Avast Software BV.

The initial attack was stifled when a security researcher disabled a key mechanism used by the worm to spread, but experts said the hackers were likely to mount a second attack because so many users of personal computers with Microsoft operating systems couldn’t or didn’t download a security patch released in March that Microsoft had labeled “critical.“ Microsoft said in a blog post that it was taking the “highly unusual“ step of providing the patch for older versions of Windows it was otherwise no longer supporting, including Windows XP and Windows Server 2003.

Victims have paid about $30,000 in ransom so far, with the total expected to rise substantially next week, said Tom Robinson, CEO and co-founder of Elliptic, a ransomware consultant that works with banks and companies in the U.K., U.S. and Europe. He said he calculated the total based on payments tracked to Bitcoin addresses specified in the ransom demands.

A spokesman for Spain’s Telefonica said the hack affected some employees at its headquarters, but the phone company is attacked frequently and the impact of incident wasn’t major. FedEx said it was “experiencing interference.“ Renault halted production at some factories to stop the virus from spreading, while Nissan’s U.K. car plant in Sunderland was affected without causing any major impact on business. In Germany, Deutsche Bahn faced “technical disruptions“ on electronic displays at train stations, but travel was unaffected, the company said in a statement on its website. Russia’s Interior Ministry, with oversight of the police forces, said about “1,000 computers were infected,“ which it described as less than 1 percent of the total, according to its website.