Computers in dozens of countries suffered an attack on Friday that bogged down the United Kingdom’s health service and seized machines worldwide.
The attacks, which reportedly originated with a group that calls itself Shadow Brokers, infected computers with malicious code known as Wanna Decryptor that spreads via email, burrows through an opening in Microsoft Windows and takes files hostage in return for ransom.
The group may have obtained the malware last summer in a hack of the U.S. National Security Agency, which developed the code to infect computers in countries such as China, Russia and Iran. “Whoever it is it looks very much like they are taking advantage of the NSA’s tools,” Becky Pinkard, vice president at Digital Shadows, a cyber intelligence firm, told the Financial Times.
#WannaCry #ransomware used in widespread attacks all over the world via @Securelist https://t.co/zh012F9lCC pic.twitter.com/UzJVqUwbT6
— Kaspersky (@kaspersky) May 12, 2017
The malware struck computers in at 16 hospitals in the U.K., the National Health Service said in a statement, adding that it had no evidence the intruders had obtained medical records. Still, the attack crashed systems and cut off electronic access to patient records. “We’d like to reassure patients that if they need the NHS and it’s an emergency that they should visit A&E or access emergency services in the same way as they normally would and staff will ensure they get the care they need,” said Dr. Anne Rainsberry, incident director at the NHS.
St Bartholomew’s, a hospital in central London, said the attack forced it to cancel appointments and divert patients. “Everything’s getting delayed,” Asif Munaf, a gastroenterologist at Chesterfield hospital, told the Guardian. “Patients who were supposed to go home this afternoon won’t go home until Monday because they now won’t be seen and get a follow-up plan. It’s quite unfortunate for the patients.”
Shadow Brokers has demanded about $300 per computer in ransom (payable in Bitcoin) to remove the malware, which also infected computers in Russia, Ukraine, India, Taiwan, Portugal, Spain and Romania. Companies hit included Telefonica, the Spanish telecommunications giant, and MegaFon, one of Russia’s largest phone companies. Russia’s Interior Ministry said that its computers had also come under attack.
Despite the damage, law enforcement officials in Britain said they are treating the attack as a crime as opposed to an attack by a foreign power. Though Microsoft issued a patch in March that can secure machines against the malware, the Times reports that some organizations, including many hospitals, had yet to update their systems.