UK working to restore hospital systems after cyberattack
- by Nick Cohen
- in Industry
- — May 15, 2017
"Anyone who applied the patch that Microsoft released likely wasn't affected by this", Reiher said.
The ransomware, called "WannaCry", locks down all the files on an infected computer and demands the administrator pay to regain control of them.
Now, the company is offering free security fixes to everyone affected.
Businesses around the world scrambled on Saturday to prepare for a renewed cyberattack, convinced that a lull in a computer offensive that has stopped vehicle factories, hospitals, schools and other organizations in around 100 countries was only temporary.
Ransomware encrypted data on at least 75,000 computers in 99 countries on Friday.
"It's paused but it's going to happen again".
In Britain, the National Cyber Security Center said it is "working round the clock" with experts to restore vital health services. "Many of those will be businesses including large corporations". "This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors".
This particular malware emerged in February and has one goal: "to extort money in return for releasing the data it has encrypted", said Alan Woodward, a visiting professor of computing at the University of Surrey.
A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the NSA, Kaspersky said. The agency has not responded to requests for comment.
Researchers with Czech Republic-based security software maker Avast said they had observed more than 126,000 ransomware infections, with 60 percent of infected computers located in Russian Federation, followed by Ukraine and Taiwan.
Security experts said the attack appeared to be caused by a self-replicating piece of software that enters companies when employees click on email attachments, then spreads quickly internally from computer to computer when employees share documents.
They said an emergency security update had been issued by Microsoft and was being deployed.
In the U.S., FedEx Corp. reported that its Windows computers were "experiencing interference" from malware, but wouldn't say if it had been hit by ransomware.
Across Scotland, GPs spoke of "massive disruption" as the cyber attackers locked computers and demanded a payment worth £230 per machine to access files.
The UK could suffer another major cyber attack tomorrow, according to the security researcher who discovered a "kill switch" for the previous one.
"We expect this number to increase significantly over the course of the weekend", said Tom Robinson, lead investigator at Elliptic.
In a blog post, the USA tech giant recalled that it had published an update in March to address the weakness exploited in Friday's attacks.
"The expensive part is the clean up of the machine and restoring the encrypted data", he said.
Renault said on Saturday it had halted manufacturing at plants in Sandouville, France, and Romania to prevent the spread of ransomware in its systems. "We will continue to work with affected (organizations) to confirm this".
British Home Secretary Amber Rudd said Saturday that 45 public health organizations were hit, but she stressed that no patient data had been stolen.
Germany's national railway said Saturday that departure and arrival display screens at its stations were affected, but there was no impact on actual train services. The onslaught forced hospitals to cancel or delay treatments for thousands of patients, even some with serious aliments like cancer. Global shipper FedEx Corp said some of its Windows computers were also infected. "We are implementing remediation steps as quickly as possible", a statement said.
The assault is part of an attack that has affected organisations in about 100 countries, including the United States, India, China, Russia and Spain, disrupting power and telephone companies. Portugal Telecom and Telefonica Argentina both said they were also targeted.
Europol described the cyber-attack as "unprecedented" and said its cyber-crime team was working with affected countries to "mitigate the threat and assist victims".
'The recent attack is at an unprecedented level and will require a complex global investigation to identify the culprits, ' said Europol, Europe's police agency.
MalwareTech, who wants to remain anonymous, was hailed as an "accidental hero" after registering a domain name to track the spread of the virus, which actually ended up halting it.
G7 finance ministers meeting in Italy discussed the attacks and were expected to commit to stepping up worldwide cooperation against a growing threat to their economies.
"Appropriate economywide policy responses are needed", the ministers said in their draft statement.