Ransomware cyberattack: UK’s health system recovered from hacking, interior minister says
14th May 2017
Britain’s health system has recovered from a global “ransomware” attack that disrupted services in nearly 100 countries at an “unprecedented level”, the country’s interior minister says.
- Ransomware attack targets computer systems in 99 countries
- Russia was the hardest hit but officials say services are restored or contained
- Renault reportedly halts production at sites across France to prevent malware spreading
Interior Minister Amber Rudd said 97 per cent of the country’s health service trusts were now “working as normal”.
The extortion attack, which locked up computers and held users’ files for ransom, was believed to be the biggest of its kind ever recorded, disrupting services in countries including the US, Russia, Spain, Ukraine, India and Taiwan.
Europol, the European Union’s police agency, said the onslaught was at “an unprecedented level and will require a complex international investigation to identify the culprits”.
The worldwide effort to extort cash from computer users is so unprecedented that Microsoft quickly changed its policy, announcing security fixes available for free for the older Windows systems still used by millions of individuals and smaller businesses.
The ransomware appeared to exploit a vulnerability in Microsoft Windows that was purportedly identified by the US National Security Agency (NSA) for its own intelligence-gathering purposes and was later leaked to the internet.
How did the attack occur?
- Attack appeared to be caused by a self-replicating piece of software that takes advantage of vulnerabilities in older versions of Microsoft Windows, security experts say
- It spreads from computer to computer as it finds exposed targets.
- Ransom demands start at $US300 and increase after two hours, a security researcher at Kaspersky Lab says
- Security holes were disclosed several weeks ago by TheShadowBrokers, a mysterious group that has repeatedly published what it says are hacking tools used by the NSA
- Shortly after that disclosure, Microsoft announced it had already issued software “patches” for those holes
- But many companies and individuals have not installed the fixes yet or are using older versions of Windows that the company no longer supports and for which no patch was available
Speaking after chairing a meeting of the crisis response committee, or COBRA, Ms Rudd said 48 of 248 health service trusts in England had been impacted by Friday’s attack, but that all except six were now functioning normally.
“The response has in fact been very good,” she said.
“We think we have the right preparedness in place and also the right plans going forward over the next few days to ensure that we limit its impact going forward.”
Earlier, Ms Rudd said the British Government did not know who was behind the attack, which also hit some companies.
No patient data stolen in large hack, says minister
Two security firms — Kaspersky Lab and Avast — said they had identified the malicious software behind the attack, and both said it hit Russia the hardest.
The Russian Interior Ministry, which runs the country’s police, confirmed it was among those that fell victim to the “ransomware”, which typically flashes a message demanding payment to release the user’s data.
Spokesperson Irina Volk was quoted by the Interfax news agency Saturday as saying the problem had been “localised” and that no information was compromised.
A spokesperson for the Russian Health Ministry, Nikita Odintsov, said on Twitter that the cyberattacks on his ministry were “effectively repelled”.
The national railway system said that although it was attacked, rail network operations were unaffected.
The attack also forced French carmaker Renault to halt its production at sites in France in an effort to stop the malware from spreading.
Two Renault union members spoke on the condition they remain anonymous because of the sensitive situation.
The consequences for the company remained unclear. Renault officials were not immediately available for comment.
The attack froze computers at hospitals across Britain, with some cancelling all routine procedures. Patients were asked not to go to hospitals unless it was an emergency and even some key services like chemotherapy were cancelled.
Ms Rudd earlier stressed that no patient data had been stolen.
British media had reported last year that most public health organisations were using an outdated version of Microsoft Windows that was not equipped with security updates.
Krishna Chinthapalli, a doctor at Britain’s National Hospital for Neurology & Neurosurgery who wrote a paper on cybersecurity for the British Medical Journal, said many British hospitals use Windows XP software, introduced in 2001.
Security experts said the attack appeared to be caused by a self-replicating piece of software that enters companies and organisations when employees click on email attachments, then spreads quickly internally from computer to computer when employees share documents.
The security holes it exploits were disclosed several weeks ago by TheShadowBrokers, a mysterious group that has published what it said were hacking tools used by the NSA as part of its intelligence-gathering.
A spokesman for Prime Minister Malcolm Turnbull said there had been no confirmed reports of an impact on Australian organisations at this stage.
In the US, FedEx Corp reported that its Windows computers were “experiencing interference” from malware, but would not say if it had been hit by ransomware.
Elsewhere in Europe, the attack also hit companies including Spain’s Telefonica, a global broadband and telecommunications company.
Germany’s national railway said that departure and arrival display screens at its train stations were affected, but there was no impact on actual train services. Deutsche Bahn said it deployed extra staff to busy stations to provide customer information, and recommended that passengers check its website or app for information on their connections.
Other European organisations hit by the massive cyberattack included soccer clubs in Norway and Sweden, with IF Odd, a 132-year-old Norwegian soccer club, saying its online ticketing facility was down.