Hackers unleashed a cyber attack by using cyberweapons stolen from the US National Security Agency to strike organisations across the globe on Friday.
The affected organisations include UK’s National Health Service to European telecoms company Telefónica and FedEx of the US.
The attack has been declared a major incident, and has spread to Scotland, where crisis meetings were also being held last night.
A computer hacking group known as Shadow Brokers was at least partly responsible for the cyber attack.
It is claimed the group, which has links to Russia, stole US National Security Agency cyber tools designed to access Microsoft Windows systems, then dumped the technology on a publicly-accessible website where online criminals could access it – possibly in retaliation for America’s attack on Syria.
A tool known as Eternal Blue developed by US spies was used by the hackers to supercharge an existing form of criminal malware, three senior cyber security analysts said, leading to one of the fastest-spreading and potentially damaging cyber attacks seen to date.
Their analysis was confirmed by western security officials who were scrambling to contain an attack that initially hit hospitals and doctors’ practices across the UK.
The same or similar virus was used in a large-scale attack in Spain that hit Telefónica, the country’s main telecoms provider.
As the attack spread, FedEx, the US delivery services company, said it was “experiencing interference with some of our Windows-based systems caused by malware.”
The Russian interior ministry confirmed that 1,000 of its computers had been affected, about 0.1 per cent of the total, but said its servers were not harmed.
Russia’s central bank said on Saturday it had detected “massive” cyber attacks on domestic banks, which successfully thwarted them, the RIA news agency reported.
French carmaker Renault also said it had been hit by the ransomware attack.
Cyber extortionists tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.
The ransomware encrypted data on the computers, demanding payments of $300 to $600 to restore access.
Security researchers said they observed some victims paying via the digital currency bitcoin, though they did not know what percent had given in to the extortionists.
Researchers with security software maker Avast said they had observed 57,000 infections in 99 countries, with Russia, Ukraine and Taiwan the top targets.
Some experts said the threat had receded for now, in part because a British-based researcher, who declined to give his name, registered a domain that he noticed the malware was trying to connect to, limiting the worm’s spread.
“We are on a downward slope, the infections are extremely few, because the malware is not able to connect to the registered domain,” said Vikram Thakur, principal research manager at Symantec.
“The numbers are extremely low and coming down fast.” But the attackers may yet tweak the code and restart the cycle. The British-based researcher who may have foiled the ransomware’s spread told Reuters he had not seen any such tweaks yet, “but they will.”
Finance chiefs from the Group of Seven rich countries will commit on Saturday to join forces to fight the growing threat of international cyber attacks, according to a draft statement of a meeting they are holding in Italy.
In Britain, a major incident has been declared after up to 45 hospitals were affected by the cyber attack.
Operations have been cancelled, patients moved and ambulances diverted as authorities try to deal with the situation. Now, there are fears some NHS files may not have been backed up.
St Barts Health NHS Trust, which runs The Royal London, St Bartholomew’s, Whipps Cross and Newham hospitals in London, said it had implemented its major incident plan to cope with disruption.
But British Prime Minister Theresa May said there was no evidence that patient records have been compromised in the massive attack.
She added the hit was “not targeted” at the health service but was part of a wider assault on organisations across a number of countries.
Questions over NHS & Important Information Vulnerability:
Microsoft had provided free software to protect computers in March, raising questions about why the NHS was still vulnerable. Last night the technology giant said it was pushing out automatic Windows updates to defend clients from WannaCry.
Cyber experts said the health service appeared susceptible to attack because many trusts were using obsolete systems, while others have failed to apply recent security updates which would have protected them.
This week it was suggested that 90 per cent of NHS trusts in the UK were using Windows XP – a 16-year-old operating system. Security experts said that computers using operating software introduced before 2007 were particularly vulnerable, leaving many NHS systems at risk.
US offers Help to Tackle Cyber Attack Crisis:
The US Department of Homeland Security has said it is aware of reports of the ransomware. It says it is sharing information with domestic and foreign partners and was ready to lend technical support.
The global cyber attack renewed concerns about whether the NSA and other countries’ intelligence services too often hoard software vulnerabilities for offensive purposes, rather than quickly alerting technology companies to such flaws.