UPDATED 14:18 EDT / MAY 12 2017

INFRA

‘This is huge’: Massive ransomware attack sweeps across UK, Europe and beyond

A string of ransomware attacks has compromised multiple organizations worldwide, including a number of hospitals in the United Kingdom, Spanish telecommunications company Telefonica S.A. and others.

The U.K.’s National Health Service has confirmed that up to 25 NHS organizations have been compromised by the ransomware, which is holding important files hostage and demanding that authorities pay the attackers the equivalent of $300 in bitcoin in order to regain access to their systems.

In a statement, NHS Digital said that while the investigation is still in its early stages, authorities believe that the ransomware used is Wanna Decryptor. This malware encrypts files using AES and RSA encryption, which are very difficult to break without the decryption key. NHS Digital said that it does not have any evidence that patient data has been compromised, but the organization did not reveal which systems have been affected.

Several doctors in the U.K. have told the BBC that the attack has made their jobs almost impossible, as they cannot access important patient information. “Our entire patient record is accessed through the computer, blood results, history, medicines,” said Chris Mimnagh, a doctor at a medical center in Liverpool.

wanna-decryptor-ransomware

Image: Wanna Decryptor ransomware via Avast Software

Spanish telecom Telefonica has also confirmed that it has been hit by the ransomware attack, but the company has not revealed the extent of the damage. Telefonica said in a statement only that the attack has “affected the PCs of some employees of the company’s internal corporate network.”

According to the BBC, other organizations reportedly affected by the ransomware include power and natural gas companies in Spain, as well as a university in Italy.

‘This is huge’

Jakub Kroustek, a malware researcher at antivirus provider Avast Software Inc., reported that so far there have been more than 57,000 detections of Wanna Decryptor and its variants today. Although the most high-profile organizations affected by the attack have been in the U.K. and Spain, Kroustek said that Russia, Ukraine and Taiwan are in the lead for the most detections so far.

“This is huge,” Kroustek said in a tweet.

Kroustek explained in a blog post that Wanna Decryptor, also called WanaCry and variants on that name, could be using an exploit related to the Equation Group, an organization allegedly linked to the U.S. National Security Agency.

“A hacker group called ShadowBrokers has stolen Equation Group’s hacking tools and has publicly released them,” Kroustek said. “As confirmed by security researcher, Kafeine, the exploit, known as ETERNALBLUE or MS17-010, was probably used by the cybercriminals behind WanaCrypt0r and is a Windows SMB [Server Message Block, a network file sharing protocol] vulnerability.”

Authorities do not know who orchestrated today’s attack, but the BBC reported that the bitcoin wallet associated with the ransomware has already started receiving payments.

Photo: Biffo/Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU