By Robert McMillan in San Francisco and Jenny Gross and Denise Roland in London
A massive cyberattack disrupted computer systems in dozens of
countries on Friday, with computer-security experts saying unknown
hackers targeted a software vulnerability that had allegedly been
exploited earlier by the U.S. National Security Agency.
U.S. delivery giant FedEx Corp. was among the companies caught
in the cyberattack. The global delivery company said it was
"experiencing interference with some of our Windows-based systems
caused by malware" and taking steps to fix the problem. It declined
to say how widespread the problem was and if deliveries were
affected.
England's National Health Service said 16 hospitals and clinics
were forced to cancel appointments and divert ambulances as a
result of the cyberattack. Russian antivirus vendor Kaspersky Lab
ZAO said the malware appeared in 74 countries and hit Russia
hardest.
The malware believed to be behind the attacks encrypts data on
infected computers and essentially holds it for ransom. Known as
WannaCry or Wanna Decryptor, the so-called ransomware program homes
in on vulnerabilities in Microsoft Windows systems.
A Microsoft spokeswoman said Friday the company was "aware of
the reports" and "looking into the situation."
The attack appears to exploit a vulnerability in Windows for
which Microsoft issued a patch on March 14. Several cybersecurity
specialists said the same vulnerability was targeted in code
released in April by a hacking group calling itself "Shadow
Brokers," which said it had stolen the attack code from the
NSA.
The NSA has declined to comment on the authenticity of the
Shadow Brokers documents.
Antivirus vendor Avast Software s.r.o. said the malware was
hitting computers in the U.S., Russia, Ukraine and Taiwan. The
Prague-based firm said it had detected more than 57,000 samples of
the malware on Friday.
The spread of WannaCry represents "one of the highest peaks for
a single ransomware strain" that Avast has recorded this year, said
Jakub Kroustek, the leader of Avast's virus team.
In Britain, the NHS said it thought Wanna Decryptor was behind
the attack and indicated there was so far no evidence patient data
had been accessed. The British government's National Cyber Security
Center said on its Twitter account that it was working with the NHS
and the National Crime Agency to investigate.
In Spain, the attack caused widespread disruption among
companies whose computer systems were infected, according to Luis
Corrons, technical director at Spanish antivirus vendor Panda
Security S.L. Some firms disconnected themselves from the internet
on Friday until they could apply the appropriate software patches,
he said.
U.S. authorities have said cyberattacks via ransomware are a
growing problem, having previously hit entire computer networks at
universities, businesses and hospitals. Last year, Hollywood
Presbyterian Medical Center in Los Angeles paid $17,000 to unlock
files after an attack crippled a large portion of its computer
systems.
In England, NHS clinics in London, the county of Essex and
elsewhere issued messages asking patients not to seek medical care
unless it was an emergency.
A primary-care doctor in Welwyn Garden City in southeastern
England said his practice was unable to make urgent referrals to
the local hospital, which was the first to fall victim to the
attack.
"I had a patient this morning who may have been having
mini-strokes and needed to be seen within 24 hours," he said. "I
emailed urgent referrals but couldn't get through...We had to go to
a different hospital entirely."
Another of his patients needed an ultrasound scan for a possible
pregnancy complication, he said, but computer disruptions had left
him unable to make an appointment. His practice has also been
unable to access patients' blood test results for most of the day,
he said, because that system is also linked to the local
hospital.
Ransomware attacks, though seemingly sophisticated, typically
start off simply: A hacker tricks someone into opening a seemingly
legitimate or innocuous file that contains malicious software. The
ruse is known as phishing.
"The majority of ransomware is from phishing attacks, whether
that's a receptionist or a doctor on a smartphone," said Emily
Orton, founder of British cybersecurity company Darktrace.
Typically users must click on a malicious attachment to install
ransomware. The software now circulating comes with a nasty twist,
Panda Security's Mr. Corrons said: It is also a worm that
replicates itself throughout networks.
"If one computer is infected, not only is it going to encrypt
all the files to which it has access. It is also going to infect
each and every computer on the network that hasn't patched this
vulnerability," he said.
The attack came weeks before a general election in the U.K., set
for June 8. British Prime Minister Theresa May said the attack
wasn't targeted at the NHS and the government wasn't aware of any
evidence that patient data was compromised.
"It's an international attack and a number of countries and
organizations have been affected," Mrs. May said.
Jonathan Ashworth, lawmaker for the Labour Party, said the
incident underscored the need for the U.K. government to focus
efforts on cybersecurity.
"The safety of the public must be the priority and the NHS
should be given every resource to bring the situation under control
as soon as possible," Mr. Ashworth said.
Stu Woo
and Phil Ziobro contributed to this article.
Write to Robert McMillan at Robert.Mcmillan@wsj.com, Jenny Gross
at jenny.gross@wsj.com and Denise Roland at
Denise.Roland@wsj.com
(END) Dow Jones Newswires
May 12, 2017 16:33 ET (20:33 GMT)
Copyright (c) 2017 Dow Jones & Company, Inc.
FedEx (NYSE:FDX)
Historical Stock Chart
From Mar 2024 to Apr 2024
FedEx (NYSE:FDX)
Historical Stock Chart
From Apr 2023 to Apr 2024