Expand / Collapse search

Cyberattackers demand ransom

Published  May 15, 2017 8:58am EDT
Business
FOX 5 New York

Image 1 of 7

This image provided by the Twitter page of @fendifille shows a computer at Greater Preston CCG in the United Kingdom, May 12, 2017. (@fendifille via AP)

NEW YORK - Experts are still trying to figure out who's behind a global "ransomware" software cyberattack that shut down hundreds of thousands of computers around the world by exploiting a software vulnerability.

Cyberattacks that hit more than 70 countries across Europe and Asia Friday, impacting the public health system in Britain, apparently involved a leaked hacking tool from the National Security Agency here in the United States.

The attack used ransomware, which is malware that encrypts data and locks a user from their data until they pay a ransom. The tool, which was leaked by a group known as Shadow Brokers, had been stolen from the NSA as part of a wide swath of tools illegally released in 2016.

Microsoft said that it had rolled out a patch more than a month ago to fix the issue, but certain targets, including the hospitals in Britain, had not yet updated their systems. The malware was sent via email with a file attached to it. From there, it subsequently spread.

A spokesman for NHS Digital, which oversees cybersecurity in Britain, told the New York Times that the attack was still "ongoing" and that that the organization was "made aware of it this afternoon."

The attack hit Britain's health service, forcing affected hospitals to close wards and emergency rooms. Hospitals in areas across Britain found themselves without access to their computers or phone systems. Many canceled all routine procedures and asked patients not to come to the hospitals unless it was an emergency. Some chemotherapy patients were even sent home because their records could not be accessed.

Related attacks were reported in Spain, Portugal, and Russia. Two security firms — Kaspersky Lab and Avast — said they had identified the malware behind the attack in upward of 70 countries, although both said the attack has hit Russia hardest.

The Russian Interior Ministry has confirmed it was hit by the "ransomware" attack, which encrypts data on infected computers and demands payment, usually via the digital currency bitcoin, to release it. Britain's health service was also hit hard Friday as the attack froze computers at hospitals across the country, shutting down wards, closing emergency rooms and bringing medical treatments to a screeching halt.

In a statement, the U.S. Department of Homeland Security said it is aware of the ransomware attack.

"Individual users are often the first line of defense against this and other threats, and we encourage all Americans to update your operating systems and implement vigorous cybersecurity practices at home, work, and school," DHS said in the statement. "We are actively sharing information related to this event and stand ready to lend technical support and assistance as needed to our partners, both in the United States and internationally. DHS has a cadre of cybersecurity professionals that can provide expertise and support to critical infrastructure entities."

The department said it is working with partner agencies to ensure federal government networks are protected against the threat.

The Associated Press and Fox News contributed to this report