Experts struggle to fix NHS cyber-hack

Regolare Commento Stampare

Cyber security experts rushed to restore systems on Saturday after an unprecedented global wave of cyberattacks that struck targets ranging from Russia's banks to British hospitals and a French carmaker's factories.

Cyber extortionists tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.

Health workers reported being locked out of their systems and seeing messages demanding ransom payments to regain access.

All told, several cybersecurity firms said they had identified the malicious software responsible for tens of thousands of attacks in more than 60 countries, including the United States, though its effects in the US did not appear to be widespread, at least in the initial hours.

Asian countries reported no major breaches on Saturday, but officials in the region were scrambling to check and the full extent of the damage may not be known for some time. Why is it certain regions are affected more than others?

The UK's National Health Service fell victim, its hospitals forced to close wards and emergency rooms and turn away patients.

"Infection of a single computer can end up compromising the entire corporate network", Spain's National Cryptologic Center says. "We are implementing remediation steps as quickly as possible", it said in a statement.

Only a small number of US -headquartered organizations were hit because the hackers appear to have begun the campaign by targeting organizations in Europe, said Thakur.

Here's a look at how malware and ransomware work and what people can do if they fall victim to attacks.

He later warned: "So long as the domain isn't revoked, this particular strain will no longer cause harm, but patch your systems ASAP as they will try again".

The malware is alleged to have been leaked or stolen from the National Security Agency, as the Bleeping Computer site reports.

Russia's Interior Ministry released a statement acknowledging a ransomware attack on its computers, adding that less than 1% of computers were affected, and that the virus is now "localized".

Telecommunications company Telefonica was among many targets in Spain.

State agencies and major companies around the world were left reeling by the attacks which blocked access to files and demanded ransom money, forcing them to shut down their computer systems.

Microsoft has released software patches for the security holes, although not everyone has installed those updates.

Mikko Hypponen, chief research officer at the Helsinki-based cybersecurity company F-Secure, called the attack "the biggest ransomware outbreak in history".

The security holes it exploits were disclosed several weeks ago by TheShadowBrokers, a mysterious group that has published what it says are hacking tools used by the NSA as part of its intelligence-gathering.

In December it was reported almost all NHS trusts were using an obsolete version of Windows that Microsoft had stopped providing security updates for in April 2014.

Finance chiefs from the Group of Seven rich countries will commit on Saturday to join forces to fight the growing threat of global cyber attacks, according to a draft statement of a meeting they are holding in Italy.

WannaCry is not just a ransomware program, it's also a worm.

French carmaker Renault has also been affected.

"Once it gets in and starts moving across the infrastructure, there is no way to stop it", said Adam Meyers, a researcher with cyber security firm CrowdStrike.

But those attacks - blamed on Russian Federation, which has repeatedly denied them - followed a different modus operandi involving penetrating the accounts of individuals and political organizations and then releasing hacked material online.

The ransomware's progress has been halted by the accidental discovery late Friday of a "kill switch" hidden within the code by a security researcher, said cybersecurity consultant David Kennedy, formerly of the US National Security Agency. The update I've got this morning is that we're very much into recovery phase now, with a lot of work going on to get systems back up running.