Leaked NSA tools used in global cyber attack, analysts say

Posted May 13, 2017

United Kingdom publication The Guardian reported that as many as 16 National Health Service trusts, some of which oversee several hospitals, were affected in the attack and that hospital staff were unable to access patient records.

Authorities in the countries said the attack was conducted using "ransomware" - malicious software that infects machines, locks them up by encrypting data and demands a ransom to restore access.

Multiple outlets are reporting a wave of ransomware attacks affecting the UK's National Health Service (NHS) as well as other firms throughout Europe. "A number of countries and organizations have been affected".

The NHS has stated that it does not believe that the ransomware attack was specifically targeted at the NHS.

According to Ryan Kalember, senior Vice President of cyber security strategy at the cybersecurity firm Proofpoint, a "ransomware worm" using the essentially unaltered NSA code is spreading across corporate networks in at least 74 countries, with European and Asian countries among the hardest hit.

A worldwide ransomware campaign using a stolen NSA hacking tool is now underway, consisting of more than 45,000 attacks in 74 countries, including the crippling of Britain's main healthcare system, Spain's Telefonica and Russia's MegaFon, according to global media reports and Kaspersky Lab.

The hackers behind the "ransomware" attack were demanding $300 worth of the online currency Bitcoin to release files from encryption, the Mirror and Telegraph reported.

More news: PA judge rules "probable cause" to charge 2015 Amtrak train derailment engineer

"At this stage we do not have any evidence that patient data has been accessed", the system says.

It said its hospitals had shut down all computer systems as a protective measure and canceled all non-urgent activity.

An IT worker at the public health care system tells The Guardian newspaper that it's the biggest problem they've seen in their six years working for the service.

An alleged hacker unconnected to the incident told Sky News the attack could spread to almost every country in the world.

A huge extortion cyberattack hit dozens of nations Friday, holding computer data for ransom at hospitals, telecommunications firms and other companies.

Ransomware attacks typically remotely encrypt files on a computer and hold them until the owners, or users of the files, pay a fee.

Hospitals and doctors' surgeries in parts of England were forced to turn away patients and cancel appointments.

More news: IPhone 7 lineup accounts for 11% of world's smartphone market in Q1

Theresa May said the Government is not aware of any evidence that patient records have been compromised in the massive cyber attack on the NHS.

"Without further technical investigation - it's impossible to say who is behind the attack, but it can be virtually anyone - from a small group of Black Hats seeking profit, to a state-sponsored hacking group", the statement continued.

"We are aware of a cyber incident, and we are working with NHS Digital and the National Crime Agency to investigate", it said in a statement.

Some Russian media also have reported cyberattacks on the Interior Ministry and the Investigative Committee.

Also, the hack happened four weeks before a British parliamentary election in which national security and the management of the state-run National Health Service (NHS) are important campaign themes. "They said they started the system again".

Krishna Chinthapalli, a doctor at Britain's National Hospital for Neurology & Neurosurgery who wrote a paper on cybersecurity for the British Medical Journal, warned that British hospitals' old operating systems and store of confidential patient information made them an ideal target for blackmailers. The cyberattack, he said, could cause a major backlog in referrals.

"It's an worldwide attack and a number of countries and organizations have been affected", she said. Over 70 per cent of the computer systems affected in the Wanna Cry attack were located in Russia, Kaspersky noted. A statement from the Trust said it had affected "some services" and asked for people to consider whether they needed to go to the emergency departments, suggesting calling 111 for healthcare advice.

More news: Analysts At Jefferies & Co Indicated Kohl's Corporation (NYSE:KSS) As Buy