Cyberattack Hits England's National Health Service With Ransom Demands


Asign outside one of London's National Health Service hospitals on Friday Aug. 14, 2009.

The most disruptive attacks were reported in Britain, where hospitals and clinics were forced to turn away patients after losing access to computers on Friday. Some security expects calculate that ransomware may bring in as much as $1bn/year in revenue for the attackers.

A spokesperson for the agency said experts are working to recover the system.

Shadow Brokers said at the time that they obtained it from a secret trove of NSA tools and files that are part of the spy agency's hacking program. Researchers say it is spreading through a Microsoft Windows exploit called "EternalBlue", which Microsoft released a patch for in March.

Ransomware is a debilitating form of malware that breaks into a system and locks users out by encrypting all of their files.

"We'd ask patients to use A&E wisely; the NHS nationally is investigating the full extent of the attack".

By then, it was already too late.

"We are experiencing a major IT disruption and there are delays at all of our hospitals", said the Barts Health group, which manages major London hospitals.

Britain's health's secretary, Jeremy Hunt, was briefed by cyber security experts, while Prime Minister Theresa May's office said she was monitoring the situation.

The scope of the attacks was not immediately clear, but some analysts reported that dozens of countries had been affected, with the malware linked to attacks on hospitals in Britain as well as the Spanish telecom giant Telefonica and the U.S. delivery firm FedEx. Spain's Telefónica and Russia's MegaFon were among the targets.

Notts TV understands that radiography and other diagnostic systems at the Queen's Medical Centre and City Hospitals are not affected.

England's National Health Service is scrambling to respond to a large cyberattack that crippled its ability to treat patients Friday, after computer users in the public health system were hit with a pop-up message demanding a ransom for access to their machines. Officials later updated that number to at least 25.

NHS Digital said in a statement: "The investigation is at an early stage but we believe the malware variant is Wanna Decryptor". "We are implementing remediation steps as quickly as possible", it said in a statement. It has become an increasingly prevalent problem.

Pharmacist Chris Magquire wrote on Twitter that even a general practice facility had to shut down computers and begin writing with pen and paper.

"At this stage, we do not have any evidence that patient data has been accessed".

The emergencies ministry told Russian news agencies it had repelled the cyber attacks while Sberbank said its cyber security systems had prevented viruses from entering its systems.

Shadowbrokers is a hacking group blamed for a hack last summer of the U.S. National Security Agency (NSA), which exposed that secretive agency's hacking tools, including several Zero Day exploits.

"We are aware that a number of NHS organisations have reported that they have suffered from a ransomware attack".

Services in London, the central city of Nottingham, and the counties of Hertfordshire and Cumbria were affected, according to the BBC.

A British medical student who visited two hospitals in London on Friday found widespread computer issues.

They said: "In light of the cyber-attacks today on the information technology systems in both NHS and NHS Scotland, the HSE's Leadership convened a special meeting this evening in order to consider the situation".

The infections have disabled more than a dozen hospitals in the United Kingdom, Spain's largest telecom company and universities in Italy as well as some FedEx computers.

Later, Portugal reported a similar attack. "I did not expect an attack on this scale". Lord, who described an attack of this type as "inevitable", said the impact was exacerbated because most NHS Trusts had "a poor understanding of network configuration meaning everything has to shut down". If the hackers were to receive a payout from every computer affected by the virus, it'd account for almost $14 million.