Leaked NSA tools used in global cyber attack, analysts say

Spain's government said on Friday a large number of companies, including telecommunications giant Telefonica, had been attacked by cyber criminals who infected computers with ransomware.

- "A few hours ago, Spain's Computer Emergency Response Team CCN-CERT, posted an alert on their site about a massive ransomware attack affecting several Spanish organizations".

British Prime Minister Theresa May said there was no evidence that patient data had been compromised in the attack, and that it had not specifically targeted the National Health Service.

Earlier, Kaspersky researcher Costin Raiu cited 45,000 attacks in 74 countries, saying that the malware, a self-replicating "worm", was spreading quickly.

"We are experiencing a major IT disruption and there are delays at all of our hospitals", it said.

The computer viruses that lock the files are called ransomware.

The report said the cyber centre provided hands-on support for sophisticated attacks.

The attack gained attention from media largely after it impacted National Health Service operations in England.

At least 16 organisations within the NHS, some of them responsible for several hospitals each, reported being targeted.

Here are things to know about the ransomware attack.

Geographical target distribution of the WannaCry ransomware attack for the first few hours of the attack on May 12, 2017, according to Kapersky security firm.

Britain's National Cyber Security Centre and its National Crime Agency were looking into the United Kingdom incidents, which disrupted care at National Health Service facilities. The demand would double after three days, or data would be destroyed.

Kaspersky said the malware was released in April by a hacking group called Shadow Brokers which claimed to have discovered the flaw from the NSA.

The attack by the ransomware, dubbed "WannaCry", is initiated through an SMBv2 remote code execution in Microsoft Windows. Once Wana Decryptor has infected the first machine, it'll attempt to spread to other machines on the same local network.

"The ransomware can spread without anyone opening an email or clicking on a link".

Some of the first reports emerged from England, where hospitals across the country were hit by ransomware attacks, in which hackers infect computers with malicious software and demand ransoms to restore access, according to the National Health Service (NHS). While experts have identified the importance of the problem, it isn't clear that there is any plausible solution without radical changes to the ways we build technologies, and shape incentives for businesses and users to keep these technologies secure. In February 2016, a Los Angeles hospital, the Hollywood Presbyterian Medical Center, paid $17,000 in Bitcoin to hackers who took control of its computers for more than a week.

"Ransomware becomes particularly nasty when it infects institutions like hospitals, where it can put people's lives in danger", said Kroustek, the Avast analyst. "We have activated our major incident plan to make sure we can maintain the safety and welfare of patients", Reuters quoted the Barts Health group. Routine appointments had been cancelled and ambulances were being diverted to neighbouring hospitals.

When hospital employees signed in they found out that their files had been turned into gibberish - encrypted to be unreadable.

"They told us there was a problem. They said the system was down and that they can not transfer anyone till the computer system was back up", Brennan said.

  • Arturo Norris