Hospitals, major companies and government offices have been hit by a massive wave of cyberattacks across the globe that seize control of computers until the victims pay a ransom.
A ransomware cyber-attack that may have originated from the theft of “cyber weapons” linked to the US government has hobbled hospitals in England and spread to countries across the world.
Security researchers have recorded more than 45,000 attacks in 100 countries, including the UK, Russia, Ukraine, India, China, Italy, and Egypt. In Spain, major companies including telecommunications firm Telefónica were infected.
Here’s what we know so far about Friday’s cyber-attack that has affected countries and organizations across the globe:
A global ransomware attack has hit the UK’s National Health Service hardest, forcing hospitals to cancel operations and divert ambulances and rendering documents such as patient records and x-rays unavailable. The National Cyber Security Centre says teams are “working round the clock” to bring systems back online. NHS Digital and prime minister Theresa May say there is no evidence patient data has been accessed.
Thousands of patients across England and Scotland are stuck in limbo, with parents of newborns unable to take them home. The service will doubtless face a weekend of delays and non-emergency patients have been urged to use health facilities frugally.
A security expert has been hailed an “accidental hero” for his role in halting the spread of the WanaCrypt0r 2.0 bug. The man behind the @MalwareTechBlog Twitter account is reported to have simply paid a few dollars to register a domain name that, once active, performs the role of a “kill switch” that deactivates the malware in its current form.
Tens of thousands of attacks were registered in 99 countries. Russia, Ukraine, India and Taiwan initially appeared to be most hard hit, though details are yet to emerge. Russia said 1,000 computers at its interior ministry were affected.
The malicious software asks for a $300 (£233) ransom per machine to be paid in cryptocurrency Bitcoin to unlock computers. Some payments are reported to have been made.
The bug appears to originate from a malware dump made by a group called Shadow Brokers, which claim to have stolen a cache of “cyber weapons” from the National Security Agency (NSA).
In Spain, megaphone announcements told employees at telecom giant Telefónica to close their workstations immediately while the attack spread.
Scotland reported that 11 health boards and its ambulance service attacked.
Whistleblower Edward Snowden blamed the NSA, saying: “If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened.”
FedEx also announced it was affected and said it was “implementing remediation steps as quickly as possible”.