UK working to restore hospital systems after cyberattack

UK working to restore hospital systems after cyberattack

UK working to restore hospital systems after cyberattack

The hackers, who have not come forward to claim responsibility or otherwise been identified, took advantage of a worm, or self-spreading malware, by exploiting a piece of NSA spy code known as "Eternal Blue" that was released last month by a hackers group known as the Shadow Brokers, according to researchers with several private cyber security firms. Researchers observed some victims paying via the digital currency bitcoin, though no one knows how much may have been transferred to extortionists because of the largely anonymous nature of such transactions.

He said Russian Federation and India were hit particularly hard, in large part because the older Windows XP operating software was still widely used in the countries.

CERT Chief Information Security Engineer Roshan Chandragupta said they were attempting to figure out how the attack was being spread.

The most disruptive attacks were reported in Britain, where hospitals and clinics were forced to turn away patients after losing access to computers on Friday. Omer Fatih Sayan said the country's cyber security centre is continuing operations against the malicious software. The ransomware was created to repeatedly contact an unregistered domain in its code.

"Thus by registering it we inadvertently stopped any subsequent infections", he told CNNTech.

"One thing that is very important to note is our sinkholing only stops this sample and there is nothing stopping them removing the domain check and trying again, so it's incredibly important that any unpatched systems are patched as quickly as possible", he warned.

It remained unclear how many organizations had already lost control of their data to the malicious software - and researchers warned that copycat attacks could follow.

In a statement Saturday, Europol's European Cybercrime Centre, known as EC3, said the attack "is at an unprecedented level and will require a complex global investigation to identify the culprits".

U.S. Treasury Secretary Steven Mnuchin, at a meeting of world leaders in Italy, said the attack was a reminder of the importance of cybersecurity.

Microsoft released fixes for the vulnerability in March, but computers that didn't run the update were subject to the ransom attack.

Hospitals in areas across Britain found themselves without access to their computers or phone systems.

The worldwide effort to extort cash from computer users spread so widely that Microsoft quickly changed its policy, making security fixes available for free for the older Windows systems still used by millions of individuals and smaller businesses.

But the patches won't do any good for machines that have already been hit.

"The NCSC has been working in collaboration with a number of organisations in the cyber security community, including MalwareTech and 2SEC4, to understand and mitigate the current Wannacry ransomware threat". "Most folks that have paid up appear to have paid the initial $300 in the first few hours".

Most NHS computers are expected to be operational by Monday, the minister added.

WannaCry has already caused massive disruption around the globe.

A message informing visitors of a cyberattack is displayed on the National Health Service website in London.

NHS Digital, which oversees cybersecurity in Britain, said the attack did not specifically target the NHS and "is affecting organizations from across a range of sectors".

According to media reports in the U.S., the ransomware attack was first reported from Sweden, the United Kingdom, and France, with a number of antivirus and security software companies raising red flags over the issue since then.

"It's also safe to keep a backup of data", he said.

Elsewhere in Europe, the attack hit Spain's Telefonica, a global broadband and telecommunications company, and knocked ticketing offline for Norway's IF Odd, a 132-year-old soccer club.

Governments and private security firms on Saturday that they expect hackers to tweak the malicious code used in Friday's attack, restoring the ability to self-replicate.

He urged Windows users to update their systems and reboot. Portugal Telecom and Telefonica Argentina both said they were also targeted.

Ms Rudd said: "Of the 48 that have been impacted, a lot of them are back to normal course of business". The British-based researcher who may have foiled the ransomware's spread told Reuters he had not seen any such tweaks yet, "but they will".

The tool, which was leaked by a group known as Shadow Brokers, had been stolen from the N.S.A.as part of a wide swath of tools illegally released in 2016.

Related news