A string of ransomware attacks has compromised multiple organizations worldwide, including a number of hospitals in the United Kingdom, Spanish telecommunications company Telefonica S.A. and others.

The U.K.’s National Health Service has confirmed that up to 25 NHS organizations have been compromised by the ransomware, which is holding important files hostage and demanding that authorities pay the attackers the equivalent of $300 in bitcoin in order to regain access to their systems.

In a statement, NHS Digital said that while the investigation is still in its early stages, authorities believe that the ransomware used is Wanna Decryptor. This malware encrypts files using AES and RSA encryption, which are very difficult to break without the decryption key. NHS Digital said that it does not have any evidence that patient data has been compromised, but the organization did not reveal which systems have been affected.

Several doctors in the U.K. have told the BBC that the attack has made their jobs almost impossible, as they cannot access important patient information. “Our entire patient record is accessed through the computer, blood results, history, medicines,” said Chris Mimnagh, a doctor at a medical center in Liverpool.

Image: Wanna Decryptor ransomware via Avast Software

Spanish telecom Telefonica has also confirmed that it has been hit by the ransomware attack, but the company has not revealed the extent of the damage. Telefonica said in a statement only that the attack has “affected the PCs of some employees of the company’s internal corporate network.”

According to the BBC, other organizations reportedly affected by the ransomware include power and natural gas companies in Spain, as well as a university in Italy.

‘This is huge’

Jakub Kroustek, a malware researcher at antivirus provider Avast Software Inc., reported that so far there have been more than 57,000 detections of Wanna Decryptor and its variants today. Although the most high-profile organizations affected by the attack have been in the U.K. and Spain, Kroustek said that Russia, Ukraine and Taiwan are in the lead for the most detections so far.

“This is huge,” Kroustek said in a tweet.

Kroustek explained in a blog post that Wanna Decryptor, also called WanaCry and variants on that name, could be using an exploit related to the Equation Group, an organization allegedly linked to the U.S. National Security Agency.

“A hacker group called ShadowBrokers has stolen Equation Group’s hacking tools and has publicly released them,” Kroustek said. “As confirmed by security researcher, Kafeine, the exploit, known as ETERNALBLUE or MS17-010, was probably used by the cybercriminals behind WanaCrypt0r and is a Windows SMB [Server Message Block, a network file sharing protocol] vulnerability.”

Authorities do not know who orchestrated today’s attack, but the BBC reported that the bitcoin wallet associated with the ransomware has already started receiving payments.

Photo: Biffo/Pixabay