By Robert McMillan in San Francisco and Jenny Gross and Denise Roland in London
A massive cyberattack scrambled computer systems in dozens of
countries on Friday, in an assault computer-security experts said
relied on a software vulnerability that the U.S. National Security
Agency had allegedly exploited earlier.
U.S. delivery giant FedEx Corp. was among those caught in the
cyberattack. England's National Health Service said 16 hospitals
and clinics were forced to cancel appointments and divert
ambulances as a result of the cyberattack. Brazil's social security
agency shut down its systems after being hit, and the foreign
ministry said it turned off its servers as a preventive measure.
Russian antivirus vendor Kaspersky Lab ZAO said the malware
appeared in 74 countries and hit Russia hardest.
The malware believed to be behind the attacks encrypts data on
infected computers and essentially holds it for ransom, demanding
money from users in return for their files. Known as WannaCry or
Wanna Decryptor, the so-called ransomware program homes in on
vulnerabilities in Microsoft Windows systems.
The attack appears to exploit a vulnerability in Windows for
which Microsoft issued a patch on March 14. Several cybersecurity
specialists said the same vulnerability was targeted in software
released in April by a hacking group calling itself "Shadow
Brokers," which said it had stolen the attack code from the
NSA.
The NSA has declined to comment on the authenticity of the
Shadow Brokers documents. Spokespersons for the CIA and the Office
of the Director of National Intelligence declined to comment on
Friday's cyberattack.
A Microsoft spokeswoman said in addition to the March patch, the
company added new protections to its free antivirus software on
Friday to shield users from the malicious software. Anyone running
Microsoft's antivirus software with Windows updates enabled is
protected, and the company is providing assistance to customers,
the spokeswoman said.
Antivirus vendor Avast Software s.r.o. said the malware was
hitting computers in the U.S., Russia, Ukraine and Taiwan. The
Prague-based firm said it had detected more than 57,000 samples of
the malware on Friday.
The spread of WannaCry represents "one of the highest peaks for
a single ransomware strain" that Avast has recorded this year, said
Jakub Kroustek, the leader of Avast's virus team.
FedEx said it was "experiencing interference with some of our
Windows-based systems caused by malware" and taking steps to fix
the problem. It declined to say how widespread the problem was and
whether deliveries were affected on the eve of Mother's Day
weekend.
In Britain, the NHS said it thought Wanna Decryptor was behind
the attack and indicated there was so far no evidence patient data
had been accessed. The British government's National Cyber Security
Center said on its Twitter account that it was working with the NHS
and the National Crime Agency to investigate.
In Spain, the attack caused widespread disruption among
companies whose computer systems were infected, according to Luis
Corrons, technical director at Spanish antivirus vendor Panda
Security S.L. Some firms disconnected themselves from the internet
on Friday until they could apply the appropriate software patches,
he said.
The Russian Ministry of Interior said on Friday the virus had
affected around 1,000 of its PCs using the Windows operating
system, or less than 1% of such computers in the ministry. The
ministry said its servers weren't exposed, as they used other
operating systems.
"At the moment, the virus is localized, technical work is being
carried out to destroy it and update the antivirus protection,"
ministry spokeswoman Irina Volk said.
A North Atlantic Treaty Organization official said the alliance
was closely following the ransomware attacks "unfolding on such
unprecedented scale and synchronization." The official said while
there was no impact on the alliance's computers in Brussels or
elsewhere in Europe, experts would remain on standby throughout the
weekend.
U.S. authorities have said cyberattacks via ransomware are a
growing problem, having previously hit entire computer networks at
universities, businesses and hospitals. Last year, Hollywood
Presbyterian Medical Center in Los Angeles paid $17,000 to unlock
files after an attack crippled a large portion of its computer
systems.
In England, NHS clinics in London, the county of Essex and
elsewhere issued messages asking patients not to seek medical care
unless it was an emergency.
A primary-care doctor in Welwyn Garden City in southeastern
England said his practice was unable to make urgent referrals to
the local hospital.
"I had a patient this morning who may have been having
mini-strokes and needed to be seen within 24 hours," he said. "I
emailed urgent referrals but couldn't get through...We had to go to
a different hospital entirely."
Another of his patients needed an ultrasound scan for a possible
pregnancy complication, he said, but computer disruptions had left
him unable to make an appointment. His practice has also been
unable to access patients' blood test results for most of the day,
he said, because that system is also linked to the local
hospital.
Ransomware attacks, though seemingly sophisticated, typically
start off simply: A hacker tricks someone into opening a seemingly
legitimate or innocuous file that contains malicious software. The
ruse is known as phishing.
"The majority of ransomware is from phishing attacks, whether
that's a receptionist or a doctor on a smartphone," said Emily
Orton, founder of British cybersecurity company Darktrace.
Typically users must click on a malicious attachment to install
ransomware. The software now circulating comes with a nasty twist,
Panda Security's Mr. Corrons said: It is also a worm that
replicates itself throughout networks.
"If one computer is infected, not only is it going to encrypt
all the files to which it has access. It is also going to infect
each and every computer on the network that hasn't patched this
vulnerability," he said.
The attack came weeks before a general election in the U.K., set
for June 8. British Prime Minister Theresa May said the attack
wasn't targeted at the NHS and the government wasn't aware of any
evidence that patient data was compromised.
"It's an international attack and a number of countries and
organizations have been affected," Mrs. May said.
Jonathan Ashworth, lawmaker for the Labour Party, said the
incident underscored the need for the U.K. government to focus
efforts on cybersecurity.
"The safety of the public must be the priority and the NHS
should be given every resource to bring the situation under control
as soon as possible," Mr. Ashworth said.
Stu Woo
and Paul Ziobro contributed to this article.
Write to Robert McMillan at Robert.Mcmillan@wsj.com, Jenny Gross
at jenny.gross@wsj.com and Denise Roland at
Denise.Roland@wsj.com
(END) Dow Jones Newswires
May 12, 2017 19:16 ET (23:16 GMT)
Copyright (c) 2017 Dow Jones & Company, Inc.
FedEx (NYSE:FDX)
Historical Stock Chart
From Feb 2024 to Mar 2024
FedEx (NYSE:FDX)
Historical Stock Chart
From Mar 2023 to Mar 2024