London, United Kingdom | AFP | An international cyber attack on Friday struck countries including the UK and Spain, British Prime Minister Theresa May said, as security experts warned it could affect many other countries.
The UK’s state-run National Health Service declared a “major incident” after the attack, which forced some hospitals to divert ambulances and scrap operations, while in Spain several major companies including telecom giant Telefonica were hit with employees told to shut down workstations immediately through megaphone announcements.
In the United States the package delivery giant Fedex acknowledged it was “experiencing interference with some of our Windows-based systems caused by malware”.
“We are aware that a number of NHS organisations have reported that they have suffered from a ransomware attack. This is not targeted at the NHS, it’s an international attack and a number of countries and organisations have been affected,” May said.
At least 16 organisations within the NHS, some of them responsible for several hospitals each, reported being targeted.
Forcepoint Security Labs said that “a major malicious email campaign” consisting of nearly five million emails per hour was spreading the new ransomware.
The group said in a statement that the attack had “global scope”, affecting organisations in Australia, Belgium, France, Germany, Italy and Mexico.
Pictures posted on social media showed screens of NHS computers with images demanding payment of $300 (275 euros) worth of the online currency Bitcoin, saying: “Ooops, your files have been encrypted!”
It demands payment in three days or the price is doubled, and if none is received in seven days the files will be deleted, according to the screen message.
– Spooks on the case –
NHS Incident Director Anne Rainsberry urged the British public to “use the NHS wisely while we deal with this major incident which is still ongoing”.
Britain’s National Cyber Security Centre and its National Crime Agency, meanwhile, said they were looking into the UK incidents, apparently caused by a piece of malware called Wanna Decryptor.
Kubo Macak, a cyber warfare expert at Exeter University, said that if the “investigation shows that the cyber attack was directed by an outside state, it would amount to a violation of the UK’s sovereignty”.
Jakub Kroustek of Avast said on Twitter the security firm had detected “36,000 detections of #WannaCry (aka #WanaCypt0r aka #WCry) #ransomware so far. Russia, Ukraine, and Taiwan leading. This is huge.”
The sort of ransom demands seen on the NHS screens are not without precedent at medical facilities. In February 2016 a Los Angeles hospital, the Hollywood Presbyterian Medical Center, paid $17,000 in bitcoins to hackers who took control of its computers for more than a week.
NHS digital said in a statement the attacks did not specifically target British health services and the malware is “affecting organisations from across a range of sectors”.
Several individual health service trusts in England reported severe problems.
– Ambulances diverted –
A spokesman for Barts Health NHS Trust in London said it was experiencing “major IT disruption” and delays at all four of its hospitals.
“We have activated our major incident plan to make sure we can maintain the safety and welfare of patients,” the spokesman said.
“Ambulances are being diverted to neighbouring hospitals.”
Two employees at St Bartholomew’s Hospital, which is part of Barts Health, told AFP that all the computers in the hospital had been turned off.
“We have been told that we need to shut down all the computers and even our Wi-Fi on our phones. No computers are currently working,” they said, speaking on condition of anonymity as they were not authorised to speak to press.
Caroline Brennan, 41, went to the hospital to see her brother, who had open heart surgery.
“They told us there was a problem. They said the system was down and that they cannot transfer anyone till the computer system was back up so he is still in the theatre.
“They told us to come back in 30 to 40 minutes. They said they started the system again.”