A large-scale cyber attack was launched today, hitting at least 74 countries and seriously damaging the UK’s health care system.
The attack leveraged tools developed by the US National Security Agency, which allowed the damaging code to fall into the hands of a group calling itself the Shadow Brokers. The group has been leaking classified NSA hacking tools online for the last year.
Today’s attack seriously disrupted Britain’s health system and infected at least 74 other countries throughout the world. Hospitals throughout parts of England were forced to turn away patients and cancel appointments after their computer systems became infected with the “ransomware,” which seized data and restricted access to computers.
“We are experiencing a major IT disruption, and there are delays at all of our hospitals,” said the Barts Health group, which manages major London hospitals. Routine appointments had been canceled, and ambulances were being diverted to neighboring hospitals.
Rich Barger, director of threat research at U.S.-based security research company Splunk, said: “This is one of the largest global ransomware attacks the cyber community has ever seen.”
The malware used in today’s attack encrypts computer files and drops and executes a decryptor tool. Users see a screen demanding $600 in Bitcoin.
Kaspersky Lab, a Russian cybersecurity firm, said it had tracked at least 45,000 attacks throughout the day. Most of the attacks are concentrated in Russia but machines in 74 countries have been infected, including the UK, US, China, Russia, Spain, Italy and Taiwan.
Researchers at Kaspersky Lab said the attackers are using EternalBlue, the codename for the exploit made public by the hacking group Shadow Brokers.
EternalBlue is a remote code execution attack taking advantage of a SMBv1 vulnerability in Windows. Microsoft patched the vulnerability on March 14, one month before the exploit was publicly leaked. Spain’s Computer Emergency Response Team, Kaspersky Lab, and others are recommending organizations install MS17-010 immediately on all unpatched Windows machines.
The malware exploits a vulnerability widely believed by security researchers to have been developed by the National Security Agency.
— RT (@RT_com) May 12, 2017
Further Reading and Tips on Preparing for Cyber Threats: